SlideShare a Scribd company logo

Security challenges for IoT

WSO2
WSO2
Technology
1 of 47
Download to read offline
Your Thing is pwnd Security Challenges for the Internet of Things   Paul  Fremantle   CTO  and  Co-­‐Founder,  WSO2   @pzfreo  #wso2  #wso2con  
Firstly,  does  it  even  maAer?    
“Google Hacking”
My  three  rules  for  IoT  security   •  1.  Don’t  be  dumb   •  2.  Think  about  what’s  different   •  3.  Do  be  smart  
My  three  rules  for  IoT  security   •  1.  Don’t  be  dumb   –  The  basics  of  Internet  security  haven’t  gone  away   •  2.  Think  about  what’s  different   –  What  are  the  unique  challenges  of  your  device?   •  3.  Do  be  smart   –  Use  the  best  pracQce  from  the  Internet  
http://www.forbes.com/sites/kashmirhill/2013/07/26/smart-homes-hack/
http://freo.me/1pbUmofhttp://freo.me/1pbUmof
So  what  is  different  about  IoT?   •  The  fact  there  is  a  device   –  Yes  –  its  hardware!     –  Ease  of  use  is  almost  always  at  odds  with  security   •  The  longevity  of  the  device   –  Updates  are  harder  (or  impossible)   •  The  size  of  the  device   –  CapabiliQes  are  limited  –  especially  around  crypto   •  The  data   –  OXen  highly  personal   •  The  mindset   –  Appliance  manufacturers  don’t  always  think  like  security  experts   –  Embedded  systems  are  oXen  developed  by  grabbing  exisQng  chips,  designs,  etc  
Physical  Hacks   A Practical Attack on the MIFARE Classic: http://www.cs.ru.nl/~flaviog/publications/Attack.MIFARE.pdf Karsten Nohl and Henryk Plotz. MIFARE, Little Security, Despite Obscurity
Or  try  this  at  home?   hAp://freo.me/1g15BiG    
http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-630.html
Hardware  recommendaQons   •  Don’t  rely  on  obscurity    
Hardware  recommendaQons   •  Don’t  rely  on  obscurity   •  Don’t  rely  on  obscurity   •  Don’t  rely  on  obscurity   •  Don’t  rely  on  obscurity   •  Don’t  rely  on  obscurity   •  Don’t  rely  on  obscurity   •  Don’t  rely  on  obscurity    
Hardware  RecommendaQon  #2     •  Unlocking  a  single  device  should  risk  only  that   device’s  data  
The  Network  
hAp://ubertooth.sourceforge.net/  hAps://www.usenix.org/conference/woot13/ workshop-­‐program/presentaQon/ryan  
Crypto  on  small  devices   •  PracQcal  ConsideraQons  and  ImplementaQon  Experiences  in   Securing  Smart  Object  Networks   –  hAp://tools.ied.org/html/draX-­‐aks-­‐crypto-­‐sensors-­‐02  
ROM  requirements  
ECC  is  possible     (and  about  fast  enough)  
Crypto   Borrowed from Chris Swan: http://www.slideshare.net/cpswan/security-protocols-in-constrained-environments/13
Won’t  ARM  just  solve  this  problem?  
Cost  maAers   8 bits $5 retail $1 or less to embed 32 bits $25 retail $?? to embed
Another  opQon?  
SIMON  and  SPECK   https://www.schneier.com/blog/archives/2013/07/simon_and_speck.html
Datagram  Transport  Layer   Security  (DTLS)   •  UDP  based  equivalent  to  TLS   •  hAps://tools.ied.org/html/rfc4347  
Key  distribuQon  
Passwords   •  Passwords  suck  for  humans   •  They  suck  even  more  for  devices    
Why  Federated  IdenQty  for  Things?   •  Enable  a  meaningful  consent  mechanism  for  sharing  of  device  data   •  Giving  a  device  a  token  to  use  on  API  calls  beAer  than  giving  it  a   password   –  Revokable   –  Granular   •  May  be  relevant  for  both   –  Device  to  cloud   –  Cloud  to  app   •  “IdenQty  is  the  new  perimeter”  
MQTT  
MQTT  and  OAuth2    
    An     Open  Source     IdenQty   and     EnQtlement   Management     Server       Apache  Licensed   LDAP,  JDBC,  AcQve  Directory,  SCIM,  SPML   SAML2,  OpenID  Connect,  WS-­‐Trust,  Kerberos   OAuth  1.0/2.0,  XACML  2.0,  XACML  3.0   XDAS,  Web  Console,  SOAP  Admin   MulQ-­‐tenant,  Clusterable,  HA,  24x7  support   39   What  is  WSO2  IdenQty  Server?  
Other  WSO2  technology  to  help  you   •  WSO2  BAM  –  monitoring   •  WSO2  CEP  –  realQme  fraud  detecQon   •  WSO2  API  Manager  –  securing  API  endpoints    
Real  Qme  event  processing  
Are you setting up for the next privacy or security breach?
Exemplars   •  Shields   •  Libraries   •  Server  Frameworks   •  Standards  and  Profiles  
Summary   •  1.  Don’t  be  dumb   •  2.  Think  about  the  differences   •  3.  Be  smart     •  4.  Create  and  publish  exemplars  
WSO2 Reference Architecture for the Internet of Things http://freo.me/iot-ra
Thank  You  

Recommended

IoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIntel® Software
 
Introduction to IoT Security
Introduction to IoT SecurityIntroduction to IoT Security
Introduction to IoT SecurityCAS
 
IoT Security
IoT SecurityIoT Security
IoT SecurityNarudom Roongsiriwong, CISSP
 
IoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranIoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranKoenig Solutions Ltd.
 
Iot Security
Iot SecurityIot Security
Iot SecurityMAITREYA MISRA
 
security and privacy-Internet of things
security and privacy-Internet of thingssecurity and privacy-Internet of things
security and privacy-Internet of thingssreelekha appakondappagari
 
Security challenges in IoT
Security challenges in IoTSecurity challenges in IoT
Security challenges in IoTVishnupriya T H
 
Iot Security, Internet of Things
Iot Security, Internet of ThingsIot Security, Internet of Things
Iot Security, Internet of ThingsBryan Len
 

Recommended

IoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIntel® Software
 
Introduction to IoT Security
Introduction to IoT SecurityIntroduction to IoT Security
Introduction to IoT SecurityCAS
 
IoT Security
IoT SecurityIoT Security
IoT SecurityNarudom Roongsiriwong, CISSP
 
IoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranIoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranKoenig Solutions Ltd.
 
Iot Security
Iot SecurityIot Security
Iot SecurityMAITREYA MISRA
 
security and privacy-Internet of things
security and privacy-Internet of thingssecurity and privacy-Internet of things
security and privacy-Internet of thingssreelekha appakondappagari
 
Security challenges in IoT
Security challenges in IoTSecurity challenges in IoT
Security challenges in IoTVishnupriya T H
 
Iot Security, Internet of Things
Iot Security, Internet of ThingsIot Security, Internet of Things
Iot Security, Internet of ThingsBryan Len
 
Iot architecture
Iot architectureIot architecture
Iot architectureNiranjan Kumar
 
IoT - Attacks and Solutions
IoT - Attacks and SolutionsIoT - Attacks and Solutions
IoT - Attacks and SolutionsUlf Mattsson
 
IoT ecosystem
IoT ecosystemIoT ecosystem
IoT ecosystemMd. Shamsul Haque
 
Presentation on IOT SECURITY
Presentation on IOT SECURITYPresentation on IOT SECURITY
Presentation on IOT SECURITYThe Avi Sharma
 
Iot security and Authentication solution
Iot security and Authentication solutionIot security and Authentication solution
Iot security and Authentication solutionPradeep Jeswani
 
Chapter_1.pptx
Chapter_1.pptxChapter_1.pptx
Chapter_1.pptxAadiSoni3
 
fog computing ppt
fog computing ppt fog computing ppt
fog computing ppt sravya raju
 
M2M vs IoT: The Key Differences and Similarities
M2M vs IoT: The Key Differences and SimilaritiesM2M vs IoT: The Key Differences and Similarities
M2M vs IoT: The Key Differences and SimilaritiesNavjyotsinh Jadeja
 
Wireless Sensor Networks ppt
Wireless Sensor Networks pptWireless Sensor Networks ppt
Wireless Sensor Networks pptDevdutta Chakrabarti
 
Iot cyber security
Iot cyber securityIot cyber security
Iot cyber securitysajid mehmood
 
Seminar ppt fog comp
Seminar ppt fog compSeminar ppt fog comp
Seminar ppt fog compMahantesh Hiremath
 
IoT security
IoT securityIoT security
IoT securityYashKesharwani2
 
Security for iot and cloud aug 25b 2017
Security for iot and cloud aug 25b 2017Security for iot and cloud aug 25b 2017
Security for iot and cloud aug 25b 2017Ulf Mattsson
 
IOT Presentation Seminar PPT
IOT Presentation Seminar PPTIOT Presentation Seminar PPT
IOT Presentation Seminar PPTHimanshu Jaswal
 
Freenet
FreenetFreenet
FreenetAshraf Uddin
 
Firewall Architecture
Firewall Architecture Firewall Architecture
Firewall Architecture Yovan Chandel
 
Fog computing in IoT
Fog computing in IoTFog computing in IoT
Fog computing in IoTsreelesh balan
 
A survey in privacy and security in Internet of Things IOT
A survey in privacy and security in Internet of Things IOTA survey in privacy and security in Internet of Things IOT
A survey in privacy and security in Internet of Things IOTUniversity of Ontario Institute of Technology (UOIT)
 
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...CableLabs
 
Understanding the Internet of Things Protocols
Understanding the Internet of Things ProtocolsUnderstanding the Internet of Things Protocols
Understanding the Internet of Things ProtocolsReal-Time Innovations (RTI)
 
IoT App Development Areas And Major Challenges
IoT App Development Areas And Major ChallengesIoT App Development Areas And Major Challenges
IoT App Development Areas And Major Challengesastoria0128
 
Challenges in the IoT
Challenges in the IoTChallenges in the IoT
Challenges in the IoTEUBrasilCloudFORUM .
 

More Related Content

What's hot

IoT - Attacks and Solutions
IoT - Attacks and SolutionsIoT - Attacks and Solutions
IoT - Attacks and SolutionsUlf Mattsson
 
Presentation on IOT SECURITY
Presentation on IOT SECURITYPresentation on IOT SECURITY
Presentation on IOT SECURITYThe Avi Sharma
 
Iot security and Authentication solution
Iot security and Authentication solutionIot security and Authentication solution
Iot security and Authentication solutionPradeep Jeswani
 
Chapter_1.pptx
Chapter_1.pptxChapter_1.pptx
Chapter_1.pptxAadiSoni3
 
fog computing ppt
fog computing ppt fog computing ppt
fog computing ppt sravya raju
 
M2M vs IoT: The Key Differences and Similarities
M2M vs IoT: The Key Differences and SimilaritiesM2M vs IoT: The Key Differences and Similarities
M2M vs IoT: The Key Differences and SimilaritiesNavjyotsinh Jadeja
 
Security for iot and cloud aug 25b 2017
Security for iot and cloud aug 25b 2017Security for iot and cloud aug 25b 2017
Security for iot and cloud aug 25b 2017Ulf Mattsson
 
IOT Presentation Seminar PPT
IOT Presentation Seminar PPTIOT Presentation Seminar PPT
IOT Presentation Seminar PPTHimanshu Jaswal
 
Firewall Architecture
Firewall Architecture Firewall Architecture
Firewall Architecture Yovan Chandel
 
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...CableLabs
 

What's hot (20)

Iot architecture
Iot architectureIot architecture
Iot architecture
 
IoT - Attacks and Solutions
IoT - Attacks and SolutionsIoT - Attacks and Solutions
IoT - Attacks and Solutions
 
IoT ecosystem
IoT ecosystemIoT ecosystem
IoT ecosystem
 
Presentation on IOT SECURITY
Presentation on IOT SECURITYPresentation on IOT SECURITY
Presentation on IOT SECURITY
 
Iot security and Authentication solution
Iot security and Authentication solutionIot security and Authentication solution
Iot security and Authentication solution
 
Chapter_1.pptx
Chapter_1.pptxChapter_1.pptx
Chapter_1.pptx
 
fog computing ppt
fog computing ppt fog computing ppt
fog computing ppt
 
M2M vs IoT: The Key Differences and Similarities
M2M vs IoT: The Key Differences and SimilaritiesM2M vs IoT: The Key Differences and Similarities
M2M vs IoT: The Key Differences and Similarities
 
Wireless Sensor Networks ppt
Wireless Sensor Networks pptWireless Sensor Networks ppt
Wireless Sensor Networks ppt
 
Iot cyber security
Iot cyber securityIot cyber security
Iot cyber security
 
Seminar ppt fog comp
Seminar ppt fog compSeminar ppt fog comp
Seminar ppt fog comp
 
IoT security
IoT securityIoT security
IoT security
 
Security for iot and cloud aug 25b 2017
Security for iot and cloud aug 25b 2017Security for iot and cloud aug 25b 2017
Security for iot and cloud aug 25b 2017
 
IOT Presentation Seminar PPT
IOT Presentation Seminar PPTIOT Presentation Seminar PPT
IOT Presentation Seminar PPT
 
Freenet
FreenetFreenet
Freenet
 
Firewall Architecture
Firewall Architecture Firewall Architecture
Firewall Architecture
 
Fog computing in IoT
Fog computing in IoTFog computing in IoT
Fog computing in IoT
 
A survey in privacy and security in Internet of Things IOT
A survey in privacy and security in Internet of Things IOTA survey in privacy and security in Internet of Things IOT
A survey in privacy and security in Internet of Things IOT
 
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
 
Understanding the Internet of Things Protocols
Understanding the Internet of Things ProtocolsUnderstanding the Internet of Things Protocols
Understanding the Internet of Things Protocols
 

Viewers also liked

IoT App Development Areas And Major Challenges
IoT App Development Areas And Major ChallengesIoT App Development Areas And Major Challenges
IoT App Development Areas And Major Challengesastoria0128
 
Your Thing is Pwned - Security Challenges for the IoT
Your Thing is Pwned - Security Challenges for the IoTYour Thing is Pwned - Security Challenges for the IoT
Your Thing is Pwned - Security Challenges for the IoTWSO2
 
Embedded Security and the IoT
Embedded Security and the IoTEmbedded Security and the IoT
Embedded Security and the IoTteam-WIBU
 
BUD17-104: Scripting Languages in IoT: Challenges and Approaches
BUD17-104: Scripting Languages in IoT: Challenges and ApproachesBUD17-104: Scripting Languages in IoT: Challenges and Approaches
BUD17-104: Scripting Languages in IoT: Challenges and ApproachesLinaro
 
introduction to Embedded System Security
introduction to Embedded System Securityintroduction to Embedded System Security
introduction to Embedded System SecurityAdel Barkam
 
IoT Security: Problems, Challenges and Solutions
IoT Security: Problems, Challenges and SolutionsIoT Security: Problems, Challenges and Solutions
IoT Security: Problems, Challenges and SolutionsLiwei Ren任力偉
 
IoT Security Risks and Challenges
IoT Security Risks and ChallengesIoT Security Risks and Challenges
IoT Security Risks and ChallengesOWASP Delhi
 
IoT - IT 423 ppt
IoT - IT 423 pptIoT - IT 423 ppt
IoT - IT 423 pptMhae Lyn
 
Internet of Things security-issues
Internet of Things security-issuesInternet of Things security-issues
Internet of Things security-issuesMobileMonday Atlanta
 
IBM BC2015 - Internet of Things - from hype to reality
IBM BC2015 - Internet of Things - from hype to realityIBM BC2015 - Internet of Things - from hype to reality
IBM BC2015 - Internet of Things - from hype to realityIBM Sverige
 
Digital Trust: How Identity Tackles the Privacy, Security and IoT Challenge
Digital Trust: How Identity Tackles the Privacy, Security and IoT ChallengeDigital Trust: How Identity Tackles the Privacy, Security and IoT Challenge
Digital Trust: How Identity Tackles the Privacy, Security and IoT ChallengeForgeRock
 
Cybesecurity of the IoT
Cybesecurity of the IoTCybesecurity of the IoT
Cybesecurity of the IoTAltoros
 
Highland Property Management Data Management
Highland Property Management Data ManagementHighland Property Management Data Management
Highland Property Management Data ManagementCasey Hynes
 
Internet of thing (IoT and cloud convergence opportunitis and challenges
Internet of thing (IoT and cloud convergence opportunitis and challenges Internet of thing (IoT and cloud convergence opportunitis and challenges
Internet of thing (IoT and cloud convergence opportunitis and challenges Dr.-Ing Abdur Rahim Biswas
 
Big Data Analytics & IoT Challenges
Big Data Analytics & IoT ChallengesBig Data Analytics & IoT Challenges
Big Data Analytics & IoT ChallengesBig Data for You
 
Predix Analytics
Predix AnalyticsPredix Analytics
Predix AnalyticsAltoros
 
Security issues and solutions : IoT
Security issues and solutions : IoTSecurity issues and solutions : IoT
Security issues and solutions : IoTJinia Bhowmik
 

Viewers also liked (20)

IoT App Development Areas And Major Challenges
IoT App Development Areas And Major ChallengesIoT App Development Areas And Major Challenges
IoT App Development Areas And Major Challenges
 
Challenges in the IoT
Challenges in the IoTChallenges in the IoT
Challenges in the IoT
 
Your Thing is Pwned - Security Challenges for the IoT
Your Thing is Pwned - Security Challenges for the IoTYour Thing is Pwned - Security Challenges for the IoT
Your Thing is Pwned - Security Challenges for the IoT
 
Embedded Security and the IoT
Embedded Security and the IoTEmbedded Security and the IoT
Embedded Security and the IoT
 
BUD17-104: Scripting Languages in IoT: Challenges and Approaches
BUD17-104: Scripting Languages in IoT: Challenges and ApproachesBUD17-104: Scripting Languages in IoT: Challenges and Approaches
BUD17-104: Scripting Languages in IoT: Challenges and Approaches
 
introduction to Embedded System Security
introduction to Embedded System Securityintroduction to Embedded System Security
introduction to Embedded System Security
 
IoT Security: Problems, Challenges and Solutions
IoT Security: Problems, Challenges and SolutionsIoT Security: Problems, Challenges and Solutions
IoT Security: Problems, Challenges and Solutions
 
IoT Security Risks and Challenges
IoT Security Risks and ChallengesIoT Security Risks and Challenges
IoT Security Risks and Challenges
 
IoT - IT 423 ppt
IoT - IT 423 pptIoT - IT 423 ppt
IoT - IT 423 ppt
 
Internet of Things security-issues
Internet of Things security-issuesInternet of Things security-issues
Internet of Things security-issues
 
IBM BC2015 - Internet of Things - from hype to reality
IBM BC2015 - Internet of Things - from hype to realityIBM BC2015 - Internet of Things - from hype to reality
IBM BC2015 - Internet of Things - from hype to reality
 
Digital Trust: How Identity Tackles the Privacy, Security and IoT Challenge
Digital Trust: How Identity Tackles the Privacy, Security and IoT ChallengeDigital Trust: How Identity Tackles the Privacy, Security and IoT Challenge
Digital Trust: How Identity Tackles the Privacy, Security and IoT Challenge
 
Cybesecurity of the IoT
Cybesecurity of the IoTCybesecurity of the IoT
Cybesecurity of the IoT
 
Internet of Things
Internet of ThingsInternet of Things
Internet of Things
 
Highland Property Management Data Management
Highland Property Management Data ManagementHighland Property Management Data Management
Highland Property Management Data Management
 
Internet of thing (IoT and cloud convergence opportunitis and challenges
Internet of thing (IoT and cloud convergence opportunitis and challenges Internet of thing (IoT and cloud convergence opportunitis and challenges
Internet of thing (IoT and cloud convergence opportunitis and challenges
 
Big Data Analytics & IoT Challenges
Big Data Analytics & IoT ChallengesBig Data Analytics & IoT Challenges
Big Data Analytics & IoT Challenges
 
Internet of Things
Internet of ThingsInternet of Things
Internet of Things
 
Predix Analytics
Predix AnalyticsPredix Analytics
Predix Analytics
 
Security issues and solutions : IoT
Security issues and solutions : IoTSecurity issues and solutions : IoT
Security issues and solutions : IoT
 

Similar to Security challenges for IoT

Your Thing is pwnd - Security Challenges for the Internet of Things
Your Thing is pwnd - Security Challenges for the Internet of ThingsYour Thing is pwnd - Security Challenges for the Internet of Things
Your Thing is pwnd - Security Challenges for the Internet of ThingsWSO2
 
IoT World - creating a secure robust IoT reference architecture
IoT World - creating a secure robust IoT reference architectureIoT World - creating a secure robust IoT reference architecture
IoT World - creating a secure robust IoT reference architecturePaul Fremantle
 
A Reference Architecture for IoT: How to create a resilient, secure IoT cloud
A Reference Architecture for IoT: How to create a resilient, secure IoT cloudA Reference Architecture for IoT: How to create a resilient, secure IoT cloud
A Reference Architecture for IoT: How to create a resilient, secure IoT cloudWSO2
 
WSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet Challenge
WSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet ChallengeWSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet Challenge
WSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet ChallengeWSO2
 
Securing IoT Applications
Securing IoT Applications Securing IoT Applications
Securing IoT Applications WSO2
 
Infosecurity.be 2019: What are relevant open source security tools you should...
Infosecurity.be 2019: What are relevant open source security tools you should...Infosecurity.be 2019: What are relevant open source security tools you should...
Infosecurity.be 2019: What are relevant open source security tools you should...B.A.
 
The Internet of Things: We've Got to Chat
The Internet of Things: We've Got to ChatThe Internet of Things: We've Got to Chat
The Internet of Things: We've Got to ChatDuo Security
 
Ryan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson
 
Security challenges for internet of things
Security challenges for internet of thingsSecurity challenges for internet of things
Security challenges for internet of thingsMonika Keerthi
 
IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014
IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014
IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014Brian Knopf
 
How to hide your browser 0-day @ Disobey
How to hide your browser 0-day @ DisobeyHow to hide your browser 0-day @ Disobey
How to hide your browser 0-day @ DisobeyZoltan Balazs
 
Hacktivity2014: Virtual Machine Introspection to Detect and Protect
Hacktivity2014: Virtual Machine Introspection to Detect and ProtectHacktivity2014: Virtual Machine Introspection to Detect and Protect
Hacktivity2014: Virtual Machine Introspection to Detect and ProtectTamas K Lengyel
 
BSides London 2015 - Proprietary network protocols - risky business on the wire.
BSides London 2015 - Proprietary network protocols - risky business on the wire.BSides London 2015 - Proprietary network protocols - risky business on the wire.
BSides London 2015 - Proprietary network protocols - risky business on the wire.Jakub Kałużny
 
Attacking Embedded Devices (No Axe Required)
Attacking Embedded Devices (No Axe Required)Attacking Embedded Devices (No Axe Required)
Attacking Embedded Devices (No Axe Required)Security Weekly
 
Mickey pacsec2016_final
Mickey pacsec2016_finalMickey pacsec2016_final
Mickey pacsec2016_finalPacSecJP
 
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Zoltan Balazs
 
Pro Tips for Power Users – Palo Alto Networks Live Community and Fuel User Gr...
Pro Tips for Power Users – Palo Alto Networks Live Community and Fuel User Gr...Pro Tips for Power Users – Palo Alto Networks Live Community and Fuel User Gr...
Pro Tips for Power Users – Palo Alto Networks Live Community and Fuel User Gr...PaloAltoNetworks
 
Securing the Internet of Things
Securing the Internet of ThingsSecuring the Internet of Things
Securing the Internet of ThingsPaul Fremantle
 
Automated Malware Analysis and Cyber Security Intelligence
Automated Malware Analysis and Cyber Security IntelligenceAutomated Malware Analysis and Cyber Security Intelligence
Automated Malware Analysis and Cyber Security IntelligenceJason Choi
 

Similar to Security challenges for IoT (20)

Your Thing is pwnd - Security Challenges for the Internet of Things
Your Thing is pwnd - Security Challenges for the Internet of ThingsYour Thing is pwnd - Security Challenges for the Internet of Things
Your Thing is pwnd - Security Challenges for the Internet of Things
 
IoT World - creating a secure robust IoT reference architecture
IoT World - creating a secure robust IoT reference architectureIoT World - creating a secure robust IoT reference architecture
IoT World - creating a secure robust IoT reference architecture
 
A Reference Architecture for IoT: How to create a resilient, secure IoT cloud
A Reference Architecture for IoT: How to create a resilient, secure IoT cloudA Reference Architecture for IoT: How to create a resilient, secure IoT cloud
A Reference Architecture for IoT: How to create a resilient, secure IoT cloud
 
WSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet Challenge
WSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet ChallengeWSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet Challenge
WSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet Challenge
 
IoT security zigbee -- Null Meet bangalore
IoT security zigbee -- Null Meet bangaloreIoT security zigbee -- Null Meet bangalore
IoT security zigbee -- Null Meet bangalore
 
Securing IoT Applications
Securing IoT Applications Securing IoT Applications
Securing IoT Applications
 
Infosecurity.be 2019: What are relevant open source security tools you should...
Infosecurity.be 2019: What are relevant open source security tools you should...Infosecurity.be 2019: What are relevant open source security tools you should...
Infosecurity.be 2019: What are relevant open source security tools you should...
 
The Internet of Things: We've Got to Chat
The Internet of Things: We've Got to ChatThe Internet of Things: We've Got to Chat
The Internet of Things: We've Got to Chat
 
Ryan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT Security
 
Security challenges for internet of things
Security challenges for internet of thingsSecurity challenges for internet of things
Security challenges for internet of things
 
IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014
IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014
IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014
 
How to hide your browser 0-day @ Disobey
How to hide your browser 0-day @ DisobeyHow to hide your browser 0-day @ Disobey
How to hide your browser 0-day @ Disobey
 
Hacktivity2014: Virtual Machine Introspection to Detect and Protect
Hacktivity2014: Virtual Machine Introspection to Detect and ProtectHacktivity2014: Virtual Machine Introspection to Detect and Protect
Hacktivity2014: Virtual Machine Introspection to Detect and Protect
 
BSides London 2015 - Proprietary network protocols - risky business on the wire.
BSides London 2015 - Proprietary network protocols - risky business on the wire.BSides London 2015 - Proprietary network protocols - risky business on the wire.
BSides London 2015 - Proprietary network protocols - risky business on the wire.
 
Attacking Embedded Devices (No Axe Required)
Attacking Embedded Devices (No Axe Required)Attacking Embedded Devices (No Axe Required)
Attacking Embedded Devices (No Axe Required)
 
Mickey pacsec2016_final
Mickey pacsec2016_finalMickey pacsec2016_final
Mickey pacsec2016_final
 
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
 
Pro Tips for Power Users – Palo Alto Networks Live Community and Fuel User Gr...
Pro Tips for Power Users – Palo Alto Networks Live Community and Fuel User Gr...Pro Tips for Power Users – Palo Alto Networks Live Community and Fuel User Gr...
Pro Tips for Power Users – Palo Alto Networks Live Community and Fuel User Gr...
 
Securing the Internet of Things
Securing the Internet of ThingsSecuring the Internet of Things
Securing the Internet of Things
 
Automated Malware Analysis and Cyber Security Intelligence
Automated Malware Analysis and Cyber Security IntelligenceAutomated Malware Analysis and Cyber Security Intelligence
Automated Malware Analysis and Cyber Security Intelligence
 

More from WSO2

Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessWSO2
 
How to Create a Service in Choreo
How to Create a Service in ChoreoHow to Create a Service in Choreo
How to Create a Service in ChoreoWSO2
 
Ballerina Tech Talk - May 2023
Ballerina Tech Talk - May 2023Ballerina Tech Talk - May 2023
Ballerina Tech Talk - May 2023WSO2
 
Platform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on AzurePlatform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on AzureWSO2
 
GartnerITSymSessionSlides.pdf
GartnerITSymSessionSlides.pdfGartnerITSymSessionSlides.pdf
GartnerITSymSessionSlides.pdfWSO2
 
[Webinar] How to Create an API in Minutes
[Webinar] How to Create an API in Minutes[Webinar] How to Create an API in Minutes
[Webinar] How to Create an API in MinutesWSO2
 
Modernizing the Student Journey with Ethos Identity
Modernizing the Student Journey with Ethos IdentityModernizing the Student Journey with Ethos Identity
Modernizing the Student Journey with Ethos IdentityWSO2
 
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...WSO2
 
CIO Summit Berlin 2022.pptx.pdf
CIO Summit Berlin 2022.pptx.pdfCIO Summit Berlin 2022.pptx.pdf
CIO Summit Berlin 2022.pptx.pdfWSO2
 
Delivering New Digital Experiences Fast - Introducing Choreo
Delivering New Digital Experiences Fast - Introducing ChoreoDelivering New Digital Experiences Fast - Introducing Choreo
Delivering New Digital Experiences Fast - Introducing ChoreoWSO2
 
Fueling the Digital Experience Economy with Connected Products
Fueling the Digital Experience Economy with Connected ProductsFueling the Digital Experience Economy with Connected Products
Fueling the Digital Experience Economy with Connected ProductsWSO2
 
A Reference Methodology for Agile Digital Businesses
A Reference Methodology for Agile Digital Businesses A Reference Methodology for Agile Digital Businesses
A Reference Methodology for Agile Digital BusinessesWSO2
 
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)WSO2
 
Lessons from the pandemic - From a single use case to true transformation
Lessons from the pandemic - From a single use case to true transformation Lessons from the pandemic - From a single use case to true transformation
Lessons from the pandemic - From a single use case to true transformationWSO2
 
Adding Liveliness to Banking Experiences
Adding Liveliness to Banking ExperiencesAdding Liveliness to Banking Experiences
Adding Liveliness to Banking ExperiencesWSO2
 
Building a Future-ready Bank
Building a Future-ready BankBuilding a Future-ready Bank
Building a Future-ready BankWSO2
 
WSO2 API Manager Community Call - November 2021
WSO2 API Manager Community Call - November 2021WSO2 API Manager Community Call - November 2021
WSO2 API Manager Community Call - November 2021WSO2
 
[API World ] - Managing Asynchronous APIs
[API World ] - Managing Asynchronous APIs[API World ] - Managing Asynchronous APIs
[API World ] - Managing Asynchronous APIsWSO2
 
[API World 2021 ] - Understanding Cloud Native Deployment
[API World 2021 ] - Understanding Cloud Native Deployment[API World 2021 ] - Understanding Cloud Native Deployment
[API World 2021 ] - Understanding Cloud Native DeploymentWSO2
 

More from WSO2 (20)

Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with Platformless
 
How to Create a Service in Choreo
How to Create a Service in ChoreoHow to Create a Service in Choreo
How to Create a Service in Choreo
 
Ballerina Tech Talk - May 2023
Ballerina Tech Talk - May 2023Ballerina Tech Talk - May 2023
Ballerina Tech Talk - May 2023
 
Platform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on AzurePlatform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on Azure
 
GartnerITSymSessionSlides.pdf
GartnerITSymSessionSlides.pdfGartnerITSymSessionSlides.pdf
GartnerITSymSessionSlides.pdf
 
[Webinar] How to Create an API in Minutes
[Webinar] How to Create an API in Minutes[Webinar] How to Create an API in Minutes
[Webinar] How to Create an API in Minutes
 
Modernizing the Student Journey with Ethos Identity
Modernizing the Student Journey with Ethos IdentityModernizing the Student Journey with Ethos Identity
Modernizing the Student Journey with Ethos Identity
 
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
 
CIO Summit Berlin 2022.pptx.pdf
CIO Summit Berlin 2022.pptx.pdfCIO Summit Berlin 2022.pptx.pdf
CIO Summit Berlin 2022.pptx.pdf
 
Delivering New Digital Experiences Fast - Introducing Choreo
Delivering New Digital Experiences Fast - Introducing ChoreoDelivering New Digital Experiences Fast - Introducing Choreo
Delivering New Digital Experiences Fast - Introducing Choreo
 
Fueling the Digital Experience Economy with Connected Products
Fueling the Digital Experience Economy with Connected ProductsFueling the Digital Experience Economy with Connected Products
Fueling the Digital Experience Economy with Connected Products
 
A Reference Methodology for Agile Digital Businesses
A Reference Methodology for Agile Digital Businesses A Reference Methodology for Agile Digital Businesses
A Reference Methodology for Agile Digital Businesses
 
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
 
Lessons from the pandemic - From a single use case to true transformation
Lessons from the pandemic - From a single use case to true transformation Lessons from the pandemic - From a single use case to true transformation
Lessons from the pandemic - From a single use case to true transformation
 
Adding Liveliness to Banking Experiences
Adding Liveliness to Banking ExperiencesAdding Liveliness to Banking Experiences
Adding Liveliness to Banking Experiences
 
Building a Future-ready Bank
Building a Future-ready BankBuilding a Future-ready Bank
Building a Future-ready Bank
 
WSO2 API Manager Community Call - November 2021
WSO2 API Manager Community Call - November 2021WSO2 API Manager Community Call - November 2021
WSO2 API Manager Community Call - November 2021
 
[API World ] - Managing Asynchronous APIs
[API World ] - Managing Asynchronous APIs[API World ] - Managing Asynchronous APIs
[API World ] - Managing Asynchronous APIs
 
[API World 2021 ] - Understanding Cloud Native Deployment
[API World 2021 ] - Understanding Cloud Native Deployment[API World 2021 ] - Understanding Cloud Native Deployment
[API World 2021 ] - Understanding Cloud Native Deployment
 

Recently uploaded

Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 

Recently uploaded (20)

Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 

Security challenges for IoT

  • 1. Your Thing is pwnd Security Challenges for the Internet of Things   Paul  Fremantle   CTO  and  Co-­‐Founder,  WSO2   @pzfreo  #wso2  #wso2con  
  • 2. Firstly,  does  it  even  maAer?    
  • 3.
  • 5.
  • 6. My  three  rules  for  IoT  security   •  1.  Don’t  be  dumb   •  2.  Think  about  what’s  different   •  3.  Do  be  smart  
  • 7. My  three  rules  for  IoT  security   •  1.  Don’t  be  dumb   –  The  basics  of  Internet  security  haven’t  gone  away   •  2.  Think  about  what’s  different   –  What  are  the  unique  challenges  of  your  device?   •  3.  Do  be  smart   –  Use  the  best  pracQce  from  the  Internet  
  • 8.
  • 10.
  • 12. So  what  is  different  about  IoT?   •  The  fact  there  is  a  device   –  Yes  –  its  hardware!     –  Ease  of  use  is  almost  always  at  odds  with  security   •  The  longevity  of  the  device   –  Updates  are  harder  (or  impossible)   •  The  size  of  the  device   –  CapabiliQes  are  limited  –  especially  around  crypto   •  The  data   –  OXen  highly  personal   •  The  mindset   –  Appliance  manufacturers  don’t  always  think  like  security  experts   –  Embedded  systems  are  oXen  developed  by  grabbing  exisQng  chips,  designs,  etc  
  • 13. Physical  Hacks   A Practical Attack on the MIFARE Classic: http://www.cs.ru.nl/~flaviog/publications/Attack.MIFARE.pdf Karsten Nohl and Henryk Plotz. MIFARE, Little Security, Despite Obscurity
  • 14.
  • 15. Or  try  this  at  home?   hAp://freo.me/1g15BiG    
  • 17. Hardware  recommendaQons   •  Don’t  rely  on  obscurity    
  • 18. Hardware  recommendaQons   •  Don’t  rely  on  obscurity   •  Don’t  rely  on  obscurity   •  Don’t  rely  on  obscurity   •  Don’t  rely  on  obscurity   •  Don’t  rely  on  obscurity   •  Don’t  rely  on  obscurity   •  Don’t  rely  on  obscurity    
  • 19. Hardware  RecommendaQon  #2     •  Unlocking  a  single  device  should  risk  only  that   device’s  data  
  • 22. Crypto  on  small  devices   •  PracQcal  ConsideraQons  and  ImplementaQon  Experiences  in   Securing  Smart  Object  Networks   –  hAp://tools.ied.org/html/draX-­‐aks-­‐crypto-­‐sensors-­‐02  
  • 24. ECC  is  possible     (and  about  fast  enough)  
  • 25. Crypto   Borrowed from Chris Swan: http://www.slideshare.net/cpswan/security-protocols-in-constrained-environments/13
  • 26. Won’t  ARM  just  solve  this  problem?  
  • 27. Cost  maAers   8 bits $5 retail $1 or less to embed 32 bits $25 retail $?? to embed
  • 29. SIMON  and  SPECK   https://www.schneier.com/blog/archives/2013/07/simon_and_speck.html
  • 30. Datagram  Transport  Layer   Security  (DTLS)   •  UDP  based  equivalent  to  TLS   •  hAps://tools.ied.org/html/rfc4347  
  • 32. Passwords   •  Passwords  suck  for  humans   •  They  suck  even  more  for  devices    
  • 33.
  • 34.
  • 35.
  • 36. Why  Federated  IdenQty  for  Things?   •  Enable  a  meaningful  consent  mechanism  for  sharing  of  device  data   •  Giving  a  device  a  token  to  use  on  API  calls  beAer  than  giving  it  a   password   –  Revokable   –  Granular   •  May  be  relevant  for  both   –  Device  to  cloud   –  Cloud  to  app   •  “IdenQty  is  the  new  perimeter”  
  • 39.     An     Open  Source     IdenQty   and     EnQtlement   Management     Server       Apache  Licensed   LDAP,  JDBC,  AcQve  Directory,  SCIM,  SPML   SAML2,  OpenID  Connect,  WS-­‐Trust,  Kerberos   OAuth  1.0/2.0,  XACML  2.0,  XACML  3.0   XDAS,  Web  Console,  SOAP  Admin   MulQ-­‐tenant,  Clusterable,  HA,  24x7  support   39   What  is  WSO2  IdenQty  Server?  
  • 40. Other  WSO2  technology  to  help  you   •  WSO2  BAM  –  monitoring   •  WSO2  CEP  –  realQme  fraud  detecQon   •  WSO2  API  Manager  –  securing  API  endpoints    
  • 41. Real  Qme  event  processing  
  • 42. Are you setting up for the next privacy or security breach?
  • 43.
  • 44. Exemplars   •  Shields   •  Libraries   •  Server  Frameworks   •  Standards  and  Profiles  
  • 45. Summary   •  1.  Don’t  be  dumb   •  2.  Think  about  the  differences   •  3.  Be  smart     •  4.  Create  and  publish  exemplars  
  • 46. WSO2 Reference Architecture for the Internet of Things http://freo.me/iot-ra