SlideShare una empresa de Scribd logo

Dealing with the Internet of Insecure Things

Arosha Bandara
Arosha Bandara

We are in an age of the ‘Internet of Everything’ where boundaries between citizens, governments, media, and societal organisations are becoming increasingly fuzzy as interconnected digital devices enable the collection and exchange of vast amounts of information across the globe. The availability of data gathered by these devices, coupled with advances in channels of digitally mediated communication, has created a host of new systems that are embedded into a range of human activities, including agriculture, energy, transportation, healthcare, policing, and education – creating the potential for a ‘smarter planet’. However, these cyber-physical, socio-technical systems also open the door to new threats from a range of sources, from attackers with malicious intent to opportunists exploiting vulnerabilities in systems to cause deliberate or accidental harm. This talk provides an overview of the challenges created by this ‘Internet of Insecure Things’ and argues for adopting human-centric engineering approaches for addressing these challenges.

Educación
1 de 30
Descargar para leer sin conexión
Dealing with the Internet of Insecure Things Arosha K. Bandara – The Open University arosha.bandara@open.ac.uk / @arosha
Dealing with the Internet of Insecure Things Overview 3 Security Internet of Things IoT Security & Privacy Human-centric Engineering Future Directions
Background: Internet of Things 4 aka Cyber Physical Systems: co-engineered interacting networks of physical and computational components … Food & Agriculture Transport Policing Health & Wellbeing + … Heterogeneous IoT Cloud IoT Intranet Hybrid IoT
Background: Internet of Things 5 operate at different scales, from individuals to cities and nations … Large-scale
Background: Internet of Things 6 Data Actions Learn Adapt Analyse Interact driven by data collected from the world … Data-driven
Background: Internet of Things 7 Data Actions Learn Adapt Analyse Interact depend on software to weave together different technologies … Software-intensive Data-driven
Dealing with the Internet of Insecure Things Overview 10 Security Internet of Things IoT Security & Privacy Human-centric Engineering Future Directions
Background: Security 11
Background: Security 12 Risk Countermeasures Security goals/ requirements Policies Assets Threats Vulnerabilities Attacks Problem Space Solution Space Undiscovered vulnerabilities Unexpected attacks Variable risk Violated/changing policies Unknown threats Variable assets or asset values Failure (hidden bug/cascading failure) Failed/changing goals/reqs Conflict with other goals/reqs
Dealing with the Internet of Insecure Things Research Challenge 13 Engineering adaptive systems that continue to satisfy their security and privacy requirements and that are forensics ready. Autonomous, Reactive, Automated, Dynamic, Runtime Cyber-physical, Socio-technicalSystematic Goals, Assets, Threats, Context Validation & Verification, Argumentation, Proof Design-time
Dealing with the Internet of Insecure Things Overview 15 Security Internet of Things IoT Security & Privacy Human-centric Engineering Future Directions
Internet of Insecure Things 16 Coding Practices Software Updates Configuration
Internet of Insecure Things ●New attack surfaces through the physical environment ●For example, acoustic attacks can target gyroscopic sensors in autonomous vehicles to cause shutdowns. New Challenges: Physical Channel Attacks 17 Sound Wave @ Resonant Frequency of Gyroscope Attacker Drone
Dealing with the Internet of Insecure Things Opportunities: Collaborative Cyber-Physical Security 21 Component 1 Component 2 Component 3 Component 4 Operational Environment E Component 1 Component 2 Component 4 Secure Operational Environment Mediator Requirements analysis1 Feature Selection Features-driven Mediator Synthesis 2 3 Security control Selected features Requirements R Capabilities Objective 1 2 3 Selecting and configuring components Making components collaborate Identify adequate security control Technique Mediator synthesis Feature modelling + Constraint programming Goal modelling1 2 3 Bennaceur, A.; Tun, T.T.; Bandara, A. K.; et al. (2017). Feature-driven Mediator Synthesis: Supporting Collaborative Security in the Internet of Things. ACM Transactions on Cyber-Physical Systems
Dealing with the Internet of Insecure Things Overview 23 Security Internet of Things IoT Security & Privacy Human-centric Engineering Future Directions
People in the Machine 24 IoT systems involve many different types of people … IoT Systems Users Software Engineers Policy Makers / Regulators Administrators + others
People in the Machine 25 Engineer - Stakeholder Smart Systems Users Software Engineers Policy Makers / Regulators Administrators + others
Gathering Requirements Smart System Exemplars 26Bennaceur, Amel; Mccormick, Ciaran; et al (2016). Feed me, Feed me: An Exemplar for Engineering Adaptive Software. In: 11th International Symposium on Software Engineering for Adaptive and Self-Managing Systems, May 2016. Requirements
Gathering Requirements Contravision Technique 27Mancini, Clara; Rogers, Yvonne; et al (2010). Contravision: Exploring users' reactions to futuristic technology. In: Proceedings of the 28th International Conference on Human factors in computing systems, April 2010. Requirements
People in the Machine 28 Engineer – Smart System Smart Systems Users Software Engineers Policy Makers / Regulators Administrators + others
Supporting System Design IoT Privacy Guidelines 29Perera, C.; Mccormick, C.; et al (2016). Privacy-by-Design Framework for Assessing IoT Applications and Platforms. In: International Conference on the Internet of Things (IOT 2016), November 2016. Process/Techniques
Supporting Software Design IoT Privacy Guidelines 30Perera, C.; Mccormick, C.; et al (2016). Privacy-by-Design Framework for Assessing IoT Applications and Platforms. In: International Conference on the Internet of Things (IOT 2016), November 2016. Process/Techniques
People in the Machine 31 User – Smart System Smart Systems Users Software Engineers Policy Makers / Regulators Administrators + others
User - System Interactions Privacy Itch & Scratch 32Mehta, V.; Bandara, A. K.; et al (2016). Privacy Itch and Scratch:
 On Body Privacy Warnings and Controls. In: ACM Conference on Human Factors in Computing Systems, May 2016. UserInterfaces
User - System Interactions Privacy Band 33 Arduino( Nano( Bluetooth( LE( 3.7V(LiPo( Ba7ery( Power(Booster( Vero( Board( On<Off(Switch( (a)( 7.5cm&7.5cm& Vibe&Boards& Fabric& Patch&1& Fabric& Patch&2& (b)& UserInterfaces Mehta, V.; Bandara, A. K.; et al (2016). Privacy Itch and Scratch:
 On Body Privacy Warnings and Controls. In: ACM Conference on Human Factors in Computing Systems, May 2016.
People in the Machine 34 IoT systems involve many different types of people … Smart Systems Users Software Engineers Policy Makers Administrators + others Human-centric Security & Privacy
Dealing with the Internet of Insecure Things Overview 36 Security Internet of Things IoT Security & Privacy Human-centric Engineering Future Directions
Dealing with the Internet of Insecure Things Future Directions 37 Effective Security Collaborative Composition Forensic readiness Transparency Socio-technical resilience
Dealing with Internet of Insecure Things ●People are an integral part of the Internet of Things. ●Engineering security and privacy needs to encompass the cyber-physical-social dimensions of the Internet of Things. ●Human-centric approaches are a critical addressing the future challenges of securing the Internet of Things. Key Messages 38
Dealing with the Internet of Insecure Things 39 Thank You

Recomendados

Chariot generic presentation owaspwia_Infosecgirls
Chariot generic presentation owaspwia_InfosecgirlsChariot generic presentation owaspwia_Infosecgirls
Chariot generic presentation owaspwia_InfosecgirlsVandana Verma
 
Different applications and security concerns in Iot by Jatin Akad
Different applications and security concerns in Iot by Jatin AkadDifferent applications and security concerns in Iot by Jatin Akad
Different applications and security concerns in Iot by Jatin AkadJatin Akar
 
Security of iot device
Security of iot deviceSecurity of iot device
Security of iot deviceMayank Pandey
 
IOT
IOTIOT
IOTAashiq Ahamed N
 
Internet of Things and i's Applications
Internet of Things and i's ApplicationsInternet of Things and i's Applications
Internet of Things and i's ApplicationsAakashjit Bhattacharya
 
IMPROVE SECURITY IN SMART CITIES BASED ON IOT, SOLVE CYBER ELECTRONIC ATTACKS...
IMPROVE SECURITY IN SMART CITIES BASED ON IOT, SOLVE CYBER ELECTRONIC ATTACKS...IMPROVE SECURITY IN SMART CITIES BASED ON IOT, SOLVE CYBER ELECTRONIC ATTACKS...
IMPROVE SECURITY IN SMART CITIES BASED ON IOT, SOLVE CYBER ELECTRONIC ATTACKS...IJNSA Journal
 
A Comprehensive Survey on Exiting Solution Approaches towards Security and Pr...
A Comprehensive Survey on Exiting Solution Approaches towards Security and Pr...A Comprehensive Survey on Exiting Solution Approaches towards Security and Pr...
A Comprehensive Survey on Exiting Solution Approaches towards Security and Pr...IJECEIAES
 
THE INTERNET OF THINGS
THE INTERNET OF THINGSTHE INTERNET OF THINGS
THE INTERNET OF THINGSChidiogo Mbonu
 

Recomendados

Chariot generic presentation owaspwia_Infosecgirls
Chariot generic presentation owaspwia_InfosecgirlsChariot generic presentation owaspwia_Infosecgirls
Chariot generic presentation owaspwia_InfosecgirlsVandana Verma
 
Different applications and security concerns in Iot by Jatin Akad
Different applications and security concerns in Iot by Jatin AkadDifferent applications and security concerns in Iot by Jatin Akad
Different applications and security concerns in Iot by Jatin AkadJatin Akar
 
Security of iot device
Security of iot deviceSecurity of iot device
Security of iot deviceMayank Pandey
 
IOT
IOTIOT
IOTAashiq Ahamed N
 
Internet of Things and i's Applications
Internet of Things and i's ApplicationsInternet of Things and i's Applications
Internet of Things and i's ApplicationsAakashjit Bhattacharya
 
IMPROVE SECURITY IN SMART CITIES BASED ON IOT, SOLVE CYBER ELECTRONIC ATTACKS...
IMPROVE SECURITY IN SMART CITIES BASED ON IOT, SOLVE CYBER ELECTRONIC ATTACKS...IMPROVE SECURITY IN SMART CITIES BASED ON IOT, SOLVE CYBER ELECTRONIC ATTACKS...
IMPROVE SECURITY IN SMART CITIES BASED ON IOT, SOLVE CYBER ELECTRONIC ATTACKS...IJNSA Journal
 
A Comprehensive Survey on Exiting Solution Approaches towards Security and Pr...
A Comprehensive Survey on Exiting Solution Approaches towards Security and Pr...A Comprehensive Survey on Exiting Solution Approaches towards Security and Pr...
A Comprehensive Survey on Exiting Solution Approaches towards Security and Pr...IJECEIAES
 
THE INTERNET OF THINGS
THE INTERNET OF THINGSTHE INTERNET OF THINGS
THE INTERNET OF THINGSChidiogo Mbonu
 
Ijcet 06 07_002
Ijcet 06 07_002Ijcet 06 07_002
Ijcet 06 07_002IAEME Publication
 
Internet of things in AI presentation
Internet of things in AI presentationInternet of things in AI presentation
Internet of things in AI presentationHazrat Sharif
 
Principals of IoT security
Principals of IoT securityPrincipals of IoT security
Principals of IoT securityIoT613
 
352 356
352 356352 356
352 356Editor IJARCET
 
Internet of things: dispelling common myths
Internet of things: dispelling common myths Internet of things: dispelling common myths
Internet of things: dispelling common myths Vish Nandlall
 
efficient io t management with resilience to unauthorized access to cloud sto...
efficient io t management with resilience to unauthorized access to cloud sto...efficient io t management with resilience to unauthorized access to cloud sto...
efficient io t management with resilience to unauthorized access to cloud sto...Venkat Projects
 
an efficient spam detection technique for io t devices using machine learning
an efficient spam detection technique for io t devices using machine learningan efficient spam detection technique for io t devices using machine learning
an efficient spam detection technique for io t devices using machine learningVenkat Projects
 
IoT
IoTIoT
IoTMphasis
 
security and privacy-Internet of things
security and privacy-Internet of thingssecurity and privacy-Internet of things
security and privacy-Internet of thingssreelekha appakondappagari
 
A survey in privacy and security in Internet of Things IOT
A survey in privacy and security in Internet of Things IOTA survey in privacy and security in Internet of Things IOT
A survey in privacy and security in Internet of Things IOTUniversity of Ontario Institute of Technology (UOIT)
 
Iot ppt
Iot pptIot ppt
Iot pptKrishna Saini
 
Emerging trends in computer science and related technologies
Emerging trends in computer science and related technologiesEmerging trends in computer science and related technologies
Emerging trends in computer science and related technologiesSidraAfreen
 
Five applications of computer network
Five applications of computer networkFive applications of computer network
Five applications of computer networkMobashshirur Rahman 👲
 
International Journal of Information Security and Applications(IJISA)
International Journal of Information Security and Applications(IJISA) International Journal of Information Security and Applications(IJISA)
International Journal of Information Security and Applications(IJISA) MiajackB
 
WHAT IS IoT
WHAT IS IoTWHAT IS IoT
WHAT IS IoTTaresh Khandekar
 
Case studies in io t smart-home
Case studies in io t smart-homeCase studies in io t smart-home
Case studies in io t smart-homevishal choudhary
 
Iot and ethics
Iot and ethicsIot and ethics
Iot and ethicsErling Hesselberg
 
IoT Research & Education at LNU
IoT Research & Education at LNUIoT Research & Education at LNU
IoT Research & Education at LNUFrancesco Flammini
 
IoT Security Elements
IoT Security ElementsIoT Security Elements
IoT Security ElementsEurotech
 
International Journal of Information Security and Applications(IJISA)
International Journal of Information Security and Applications(IJISA) International Journal of Information Security and Applications(IJISA)
International Journal of Information Security and Applications(IJISA) MiajackB
 
People in the Machine: Human-centric Software Engineering for Smart Systems
People in the Machine: Human-centric Software Engineering for Smart SystemsPeople in the Machine: Human-centric Software Engineering for Smart Systems
People in the Machine: Human-centric Software Engineering for Smart SystemsArosha Bandara
 
76 s201918
76 s20191876 s201918
76 s201918IJRAT
 

Más contenido relacionado

La actualidad más candente

Internet of things in AI presentation
Internet of things in AI presentationInternet of things in AI presentation
Internet of things in AI presentationHazrat Sharif
 
Principals of IoT security
Principals of IoT securityPrincipals of IoT security
Principals of IoT securityIoT613
 
Internet of things: dispelling common myths
Internet of things: dispelling common myths Internet of things: dispelling common myths
Internet of things: dispelling common myths Vish Nandlall
 
efficient io t management with resilience to unauthorized access to cloud sto...
efficient io t management with resilience to unauthorized access to cloud sto...efficient io t management with resilience to unauthorized access to cloud sto...
efficient io t management with resilience to unauthorized access to cloud sto...Venkat Projects
 
an efficient spam detection technique for io t devices using machine learning
an efficient spam detection technique for io t devices using machine learningan efficient spam detection technique for io t devices using machine learning
an efficient spam detection technique for io t devices using machine learningVenkat Projects
 
Emerging trends in computer science and related technologies
Emerging trends in computer science and related technologiesEmerging trends in computer science and related technologies
Emerging trends in computer science and related technologiesSidraAfreen
 
International Journal of Information Security and Applications(IJISA)
International Journal of Information Security and Applications(IJISA) International Journal of Information Security and Applications(IJISA)
International Journal of Information Security and Applications(IJISA) MiajackB
 
Case studies in io t smart-home
Case studies in io t smart-homeCase studies in io t smart-home
Case studies in io t smart-homevishal choudhary
 
IoT Research & Education at LNU
IoT Research & Education at LNUIoT Research & Education at LNU
IoT Research & Education at LNUFrancesco Flammini
 
IoT Security Elements
IoT Security ElementsIoT Security Elements
IoT Security ElementsEurotech
 
International Journal of Information Security and Applications(IJISA)
International Journal of Information Security and Applications(IJISA) International Journal of Information Security and Applications(IJISA)
International Journal of Information Security and Applications(IJISA) MiajackB
 

La actualidad más candente (20)

Ijcet 06 07_002
Ijcet 06 07_002Ijcet 06 07_002
Ijcet 06 07_002
 
Internet of things in AI presentation
Internet of things in AI presentationInternet of things in AI presentation
Internet of things in AI presentation
 
Principals of IoT security
Principals of IoT securityPrincipals of IoT security
Principals of IoT security
 
352 356
352 356352 356
352 356
 
Internet of things: dispelling common myths
Internet of things: dispelling common myths Internet of things: dispelling common myths
Internet of things: dispelling common myths
 
efficient io t management with resilience to unauthorized access to cloud sto...
efficient io t management with resilience to unauthorized access to cloud sto...efficient io t management with resilience to unauthorized access to cloud sto...
efficient io t management with resilience to unauthorized access to cloud sto...
 
an efficient spam detection technique for io t devices using machine learning
an efficient spam detection technique for io t devices using machine learningan efficient spam detection technique for io t devices using machine learning
an efficient spam detection technique for io t devices using machine learning
 
IoT
IoTIoT
IoT
 
security and privacy-Internet of things
security and privacy-Internet of thingssecurity and privacy-Internet of things
security and privacy-Internet of things
 
A survey in privacy and security in Internet of Things IOT
A survey in privacy and security in Internet of Things IOTA survey in privacy and security in Internet of Things IOT
A survey in privacy and security in Internet of Things IOT
 
Iot ppt
Iot pptIot ppt
Iot ppt
 
Emerging trends in computer science and related technologies
Emerging trends in computer science and related technologiesEmerging trends in computer science and related technologies
Emerging trends in computer science and related technologies
 
Five applications of computer network
Five applications of computer networkFive applications of computer network
Five applications of computer network
 
International Journal of Information Security and Applications(IJISA)
International Journal of Information Security and Applications(IJISA) International Journal of Information Security and Applications(IJISA)
International Journal of Information Security and Applications(IJISA)
 
WHAT IS IoT
WHAT IS IoTWHAT IS IoT
WHAT IS IoT
 
Case studies in io t smart-home
Case studies in io t smart-homeCase studies in io t smart-home
Case studies in io t smart-home
 
Iot and ethics
Iot and ethicsIot and ethics
Iot and ethics
 
IoT Research & Education at LNU
IoT Research & Education at LNUIoT Research & Education at LNU
IoT Research & Education at LNU
 
IoT Security Elements
IoT Security ElementsIoT Security Elements
IoT Security Elements
 
International Journal of Information Security and Applications(IJISA)
International Journal of Information Security and Applications(IJISA) International Journal of Information Security and Applications(IJISA)
International Journal of Information Security and Applications(IJISA)
 

Similar a Dealing with the Internet of Insecure Things

People in the Machine: Human-centric Software Engineering for Smart Systems
People in the Machine: Human-centric Software Engineering for Smart SystemsPeople in the Machine: Human-centric Software Engineering for Smart Systems
People in the Machine: Human-centric Software Engineering for Smart SystemsArosha Bandara
 
76 s201918
76 s20191876 s201918
76 s201918IJRAT
 
Secure Modern Healthcare System Based on Internet of Things and Secret Sharin...
Secure Modern Healthcare System Based on Internet of Things and Secret Sharin...Secure Modern Healthcare System Based on Internet of Things and Secret Sharin...
Secure Modern Healthcare System Based on Internet of Things and Secret Sharin...Eswar Publications
 
Io t security_review_blockchain_solutions
Io t security_review_blockchain_solutionsIo t security_review_blockchain_solutions
Io t security_review_blockchain_solutionsShyam Goyal
 
A Critical Study on Security Threats, Issues, and Challenges in the Internet ...
A Critical Study on Security Threats, Issues, and Challenges in the Internet ...A Critical Study on Security Threats, Issues, and Challenges in the Internet ...
A Critical Study on Security Threats, Issues, and Challenges in the Internet ...BRNSSPublicationHubI
 
ICMRI2023_paper_3887.pdf
ICMRI2023_paper_3887.pdfICMRI2023_paper_3887.pdf
ICMRI2023_paper_3887.pdfBurhanNaeem1
 
SECURITY AND PRIVACY AWARE PROGRAMMING MODEL FOR IOT APPLICATIONS IN CLOUD EN...
SECURITY AND PRIVACY AWARE PROGRAMMING MODEL FOR IOT APPLICATIONS IN CLOUD EN...SECURITY AND PRIVACY AWARE PROGRAMMING MODEL FOR IOT APPLICATIONS IN CLOUD EN...
SECURITY AND PRIVACY AWARE PROGRAMMING MODEL FOR IOT APPLICATIONS IN CLOUD EN...ijccsa
 
The Internet of Things: What's next?
The Internet of Things: What's next? The Internet of Things: What's next?
The Internet of Things: What's next? PayamBarnaghi
 
Novel authentication framework for securing communication in internet-of-things
Novel authentication framework for securing communication in internet-of-things Novel authentication framework for securing communication in internet-of-things
Novel authentication framework for securing communication in internet-of-things IJECEIAES
 
Abid - Final Presentation .pptx
Abid - Final Presentation .pptxAbid - Final Presentation .pptx
Abid - Final Presentation .pptxSyedSaqlain32
 
Semantic Technologies for the Internet of Things: Challenges and Opportunities
Semantic Technologies for the Internet of Things: Challenges and Opportunities Semantic Technologies for the Internet of Things: Challenges and Opportunities
Semantic Technologies for the Internet of Things: Challenges and Opportunities PayamBarnaghi
 
IoT Security proposal.pptx
IoT Security proposal.pptxIoT Security proposal.pptx
IoT Security proposal.pptxsaaaatt
 
Running Head TRENDS IN CYBERSECURITY1TRENDS IN CYBERSECURITY.docx
Running Head TRENDS IN CYBERSECURITY1TRENDS IN CYBERSECURITY.docxRunning Head TRENDS IN CYBERSECURITY1TRENDS IN CYBERSECURITY.docx
Running Head TRENDS IN CYBERSECURITY1TRENDS IN CYBERSECURITY.docxtodd521
 
December 2023 - Top 10 Read Articles in Network Security & Its Applications
December 2023 - Top 10 Read Articles in Network Security & Its ApplicationsDecember 2023 - Top 10 Read Articles in Network Security & Its Applications
December 2023 - Top 10 Read Articles in Network Security & Its ApplicationsIJNSA Journal
 
CICS: Cloud–Internet Communication Security Framework for the Internet of Sma...
CICS: Cloud–Internet Communication Security Framework for the Internet of Sma...CICS: Cloud–Internet Communication Security Framework for the Internet of Sma...
CICS: Cloud–Internet Communication Security Framework for the Internet of Sma...AlAtfat
 
April 2023: Top 10 Read Articles in Network Security and Its Applications
April 2023: Top 10 Read Articles in Network Security and Its Applications April 2023: Top 10 Read Articles in Network Security and Its Applications
April 2023: Top 10 Read Articles in Network Security and Its ApplicationsIJNSA Journal
 
March 2023: Top 10 Read Articles in Network Security and Its Applications
March 2023: Top 10 Read Articles in Network Security and Its ApplicationsMarch 2023: Top 10 Read Articles in Network Security and Its Applications
March 2023: Top 10 Read Articles in Network Security and Its ApplicationsIJNSA Journal
 
June 2023: Top 10 Read Articles in Network Security and Its Applications
June 2023: Top 10 Read Articles in Network Security and Its ApplicationsJune 2023: Top 10 Read Articles in Network Security and Its Applications
June 2023: Top 10 Read Articles in Network Security and Its ApplicationsIJNSA Journal
 

Similar a Dealing with the Internet of Insecure Things (20)

People in the Machine: Human-centric Software Engineering for Smart Systems
People in the Machine: Human-centric Software Engineering for Smart SystemsPeople in the Machine: Human-centric Software Engineering for Smart Systems
People in the Machine: Human-centric Software Engineering for Smart Systems
 
76 s201918
76 s20191876 s201918
76 s201918
 
Data Science for IoT
Data Science for IoTData Science for IoT
Data Science for IoT
 
Secure Modern Healthcare System Based on Internet of Things and Secret Sharin...
Secure Modern Healthcare System Based on Internet of Things and Secret Sharin...Secure Modern Healthcare System Based on Internet of Things and Secret Sharin...
Secure Modern Healthcare System Based on Internet of Things and Secret Sharin...
 
Io t security_review_blockchain_solutions
Io t security_review_blockchain_solutionsIo t security_review_blockchain_solutions
Io t security_review_blockchain_solutions
 
A Critical Study on Security Threats, Issues, and Challenges in the Internet ...
A Critical Study on Security Threats, Issues, and Challenges in the Internet ...A Critical Study on Security Threats, Issues, and Challenges in the Internet ...
A Critical Study on Security Threats, Issues, and Challenges in the Internet ...
 
ICMRI2023_paper_3887.pdf
ICMRI2023_paper_3887.pdfICMRI2023_paper_3887.pdf
ICMRI2023_paper_3887.pdf
 
SECURITY AND PRIVACY AWARE PROGRAMMING MODEL FOR IOT APPLICATIONS IN CLOUD EN...
SECURITY AND PRIVACY AWARE PROGRAMMING MODEL FOR IOT APPLICATIONS IN CLOUD EN...SECURITY AND PRIVACY AWARE PROGRAMMING MODEL FOR IOT APPLICATIONS IN CLOUD EN...
SECURITY AND PRIVACY AWARE PROGRAMMING MODEL FOR IOT APPLICATIONS IN CLOUD EN...
 
The Internet of Things: What's next?
The Internet of Things: What's next? The Internet of Things: What's next?
The Internet of Things: What's next?
 
Novel authentication framework for securing communication in internet-of-things
Novel authentication framework for securing communication in internet-of-things Novel authentication framework for securing communication in internet-of-things
Novel authentication framework for securing communication in internet-of-things
 
Abid - Final Presentation .pptx
Abid - Final Presentation .pptxAbid - Final Presentation .pptx
Abid - Final Presentation .pptx
 
Semantic Technologies for the Internet of Things: Challenges and Opportunities
Semantic Technologies for the Internet of Things: Challenges and Opportunities Semantic Technologies for the Internet of Things: Challenges and Opportunities
Semantic Technologies for the Internet of Things: Challenges and Opportunities
 
IoT Security proposal.pptx
IoT Security proposal.pptxIoT Security proposal.pptx
IoT Security proposal.pptx
 
Running Head TRENDS IN CYBERSECURITY1TRENDS IN CYBERSECURITY.docx
Running Head TRENDS IN CYBERSECURITY1TRENDS IN CYBERSECURITY.docxRunning Head TRENDS IN CYBERSECURITY1TRENDS IN CYBERSECURITY.docx
Running Head TRENDS IN CYBERSECURITY1TRENDS IN CYBERSECURITY.docx
 
December 2023 - Top 10 Read Articles in Network Security & Its Applications
December 2023 - Top 10 Read Articles in Network Security & Its ApplicationsDecember 2023 - Top 10 Read Articles in Network Security & Its Applications
December 2023 - Top 10 Read Articles in Network Security & Its Applications
 
CICS: Cloud–Internet Communication Security Framework for the Internet of Sma...
CICS: Cloud–Internet Communication Security Framework for the Internet of Sma...CICS: Cloud–Internet Communication Security Framework for the Internet of Sma...
CICS: Cloud–Internet Communication Security Framework for the Internet of Sma...
 
April 2023: Top 10 Read Articles in Network Security and Its Applications
April 2023: Top 10 Read Articles in Network Security and Its Applications April 2023: Top 10 Read Articles in Network Security and Its Applications
April 2023: Top 10 Read Articles in Network Security and Its Applications
 
March 2023: Top 10 Read Articles in Network Security and Its Applications
March 2023: Top 10 Read Articles in Network Security and Its ApplicationsMarch 2023: Top 10 Read Articles in Network Security and Its Applications
March 2023: Top 10 Read Articles in Network Security and Its Applications
 
inteross-iot.pdf
inteross-iot.pdfinteross-iot.pdf
inteross-iot.pdf
 
June 2023: Top 10 Read Articles in Network Security and Its Applications
June 2023: Top 10 Read Articles in Network Security and Its ApplicationsJune 2023: Top 10 Read Articles in Network Security and Its Applications
June 2023: Top 10 Read Articles in Network Security and Its Applications
 

Más de Arosha Bandara

My STEM Journey - Arosha K. Bandara
My STEM Journey - Arosha K. BandaraMy STEM Journey - Arosha K. Bandara
My STEM Journey - Arosha K. BandaraArosha Bandara
 
Working at the Edge: Developing a Cross-disciplinary Research Agenda
Working at the Edge: Developing a Cross-disciplinary Research AgendaWorking at the Edge: Developing a Cross-disciplinary Research Agenda
Working at the Edge: Developing a Cross-disciplinary Research AgendaArosha Bandara
 
SEF - Applying for a PhD
SEF - Applying for a PhDSEF - Applying for a PhD
SEF - Applying for a PhDArosha Bandara
 
Privacy Dynamics: Learning Privacy Norms for Social Software
Privacy Dynamics: Learning Privacy Norms for Social SoftwarePrivacy Dynamics: Learning Privacy Norms for Social Software
Privacy Dynamics: Learning Privacy Norms for Social SoftwareArosha Bandara
 
Code Club Assembly Presentation
Code Club Assembly PresentationCode Club Assembly Presentation
Code Club Assembly PresentationArosha Bandara
 
See it, shake it, set it
See it, shake it, set itSee it, shake it, set it
See it, shake it, set itArosha Bandara
 

Más de Arosha Bandara (6)

My STEM Journey - Arosha K. Bandara
My STEM Journey - Arosha K. BandaraMy STEM Journey - Arosha K. Bandara
My STEM Journey - Arosha K. Bandara
 
Working at the Edge: Developing a Cross-disciplinary Research Agenda
Working at the Edge: Developing a Cross-disciplinary Research AgendaWorking at the Edge: Developing a Cross-disciplinary Research Agenda
Working at the Edge: Developing a Cross-disciplinary Research Agenda
 
SEF - Applying for a PhD
SEF - Applying for a PhDSEF - Applying for a PhD
SEF - Applying for a PhD
 
Privacy Dynamics: Learning Privacy Norms for Social Software
Privacy Dynamics: Learning Privacy Norms for Social SoftwarePrivacy Dynamics: Learning Privacy Norms for Social Software
Privacy Dynamics: Learning Privacy Norms for Social Software
 
Code Club Assembly Presentation
Code Club Assembly PresentationCode Club Assembly Presentation
Code Club Assembly Presentation
 
See it, shake it, set it
See it, shake it, set itSee it, shake it, set it
See it, shake it, set it
 

Último

Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfMr Bounab Samir
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Mark Reed
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPCeline George
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxthorishapillay1
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPCeline George
 
Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for ParentsChoosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parentsnavabharathschool99
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersSabitha Banu
 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxAnupkumar Sharma
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Jisc
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTiammrhaywood
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceSamikshaHamane
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONHumphrey A Beña
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Celine George
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfTechSoup
 

Último (20)

Raw materials used in Herbal Cosmetics.pptx
Raw materials used in Herbal Cosmetics.pptxRaw materials used in Herbal Cosmetics.pptx
Raw materials used in Herbal Cosmetics.pptx
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERP
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptx
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERP
 
Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for ParentsChoosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parents
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginners
 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
 
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptxYOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in Pharmacovigilance
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
 
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptxLEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
 
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptxFINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
 
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptxYOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
 

Dealing with the Internet of Insecure Things

  • 1. Dealing with the Internet of Insecure Things Arosha K. Bandara – The Open University arosha.bandara@open.ac.uk / @arosha
  • 2. Dealing with the Internet of Insecure Things Overview 3 Security Internet of Things IoT Security & Privacy Human-centric Engineering Future Directions
  • 3. Background: Internet of Things 4 aka Cyber Physical Systems: co-engineered interacting networks of physical and computational components … Food & Agriculture Transport Policing Health & Wellbeing + … Heterogeneous IoT Cloud IoT Intranet Hybrid IoT
  • 4. Background: Internet of Things 5 operate at different scales, from individuals to cities and nations … Large-scale
  • 5. Background: Internet of Things 6 Data Actions Learn Adapt Analyse Interact driven by data collected from the world … Data-driven
  • 6. Background: Internet of Things 7 Data Actions Learn Adapt Analyse Interact depend on software to weave together different technologies … Software-intensive Data-driven
  • 7. Dealing with the Internet of Insecure Things Overview 10 Security Internet of Things IoT Security & Privacy Human-centric Engineering Future Directions
  • 9. Background: Security 12 Risk Countermeasures Security goals/ requirements Policies Assets Threats Vulnerabilities Attacks Problem Space Solution Space Undiscovered vulnerabilities Unexpected attacks Variable risk Violated/changing policies Unknown threats Variable assets or asset values Failure (hidden bug/cascading failure) Failed/changing goals/reqs Conflict with other goals/reqs
  • 10. Dealing with the Internet of Insecure Things Research Challenge 13 Engineering adaptive systems that continue to satisfy their security and privacy requirements and that are forensics ready. Autonomous, Reactive, Automated, Dynamic, Runtime Cyber-physical, Socio-technicalSystematic Goals, Assets, Threats, Context Validation & Verification, Argumentation, Proof Design-time
  • 11. Dealing with the Internet of Insecure Things Overview 15 Security Internet of Things IoT Security & Privacy Human-centric Engineering Future Directions
  • 12. Internet of Insecure Things 16 Coding Practices Software Updates Configuration
  • 13. Internet of Insecure Things ●New attack surfaces through the physical environment ●For example, acoustic attacks can target gyroscopic sensors in autonomous vehicles to cause shutdowns. New Challenges: Physical Channel Attacks 17 Sound Wave @ Resonant Frequency of Gyroscope Attacker Drone
  • 14. Dealing with the Internet of Insecure Things Opportunities: Collaborative Cyber-Physical Security 21 Component 1 Component 2 Component 3 Component 4 Operational Environment E Component 1 Component 2 Component 4 Secure Operational Environment Mediator Requirements analysis1 Feature Selection Features-driven Mediator Synthesis 2 3 Security control Selected features Requirements R Capabilities Objective 1 2 3 Selecting and configuring components Making components collaborate Identify adequate security control Technique Mediator synthesis Feature modelling + Constraint programming Goal modelling1 2 3 Bennaceur, A.; Tun, T.T.; Bandara, A. K.; et al. (2017). Feature-driven Mediator Synthesis: Supporting Collaborative Security in the Internet of Things. ACM Transactions on Cyber-Physical Systems
  • 15. Dealing with the Internet of Insecure Things Overview 23 Security Internet of Things IoT Security & Privacy Human-centric Engineering Future Directions
  • 16. People in the Machine 24 IoT systems involve many different types of people … IoT Systems Users Software Engineers Policy Makers / Regulators Administrators + others
  • 17. People in the Machine 25 Engineer - Stakeholder Smart Systems Users Software Engineers Policy Makers / Regulators Administrators + others
  • 18. Gathering Requirements Smart System Exemplars 26Bennaceur, Amel; Mccormick, Ciaran; et al (2016). Feed me, Feed me: An Exemplar for Engineering Adaptive Software. In: 11th International Symposium on Software Engineering for Adaptive and Self-Managing Systems, May 2016. Requirements
  • 19. Gathering Requirements Contravision Technique 27Mancini, Clara; Rogers, Yvonne; et al (2010). Contravision: Exploring users' reactions to futuristic technology. In: Proceedings of the 28th International Conference on Human factors in computing systems, April 2010. Requirements
  • 20. People in the Machine 28 Engineer – Smart System Smart Systems Users Software Engineers Policy Makers / Regulators Administrators + others
  • 21. Supporting System Design IoT Privacy Guidelines 29Perera, C.; Mccormick, C.; et al (2016). Privacy-by-Design Framework for Assessing IoT Applications and Platforms. In: International Conference on the Internet of Things (IOT 2016), November 2016. Process/Techniques
  • 22. Supporting Software Design IoT Privacy Guidelines 30Perera, C.; Mccormick, C.; et al (2016). Privacy-by-Design Framework for Assessing IoT Applications and Platforms. In: International Conference on the Internet of Things (IOT 2016), November 2016. Process/Techniques
  • 23. People in the Machine 31 User – Smart System Smart Systems Users Software Engineers Policy Makers / Regulators Administrators + others
  • 24. User - System Interactions Privacy Itch & Scratch 32Mehta, V.; Bandara, A. K.; et al (2016). Privacy Itch and Scratch:
 On Body Privacy Warnings and Controls. In: ACM Conference on Human Factors in Computing Systems, May 2016. UserInterfaces
  • 25. User - System Interactions Privacy Band 33 Arduino( Nano( Bluetooth( LE( 3.7V(LiPo( Ba7ery( Power(Booster( Vero( Board( On<Off(Switch( (a)( 7.5cm&7.5cm& Vibe&Boards& Fabric& Patch&1& Fabric& Patch&2& (b)& UserInterfaces Mehta, V.; Bandara, A. K.; et al (2016). Privacy Itch and Scratch:
 On Body Privacy Warnings and Controls. In: ACM Conference on Human Factors in Computing Systems, May 2016.
  • 26. People in the Machine 34 IoT systems involve many different types of people … Smart Systems Users Software Engineers Policy Makers Administrators + others Human-centric Security & Privacy
  • 27. Dealing with the Internet of Insecure Things Overview 36 Security Internet of Things IoT Security & Privacy Human-centric Engineering Future Directions
  • 28. Dealing with the Internet of Insecure Things Future Directions 37 Effective Security Collaborative Composition Forensic readiness Transparency Socio-technical resilience
  • 29. Dealing with Internet of Insecure Things ●People are an integral part of the Internet of Things. ●Engineering security and privacy needs to encompass the cyber-physical-social dimensions of the Internet of Things. ●Human-centric approaches are a critical addressing the future challenges of securing the Internet of Things. Key Messages 38
  • 30. Dealing with the Internet of Insecure Things 39 Thank You