IIW | 06 May 2014 Secure Identity Consulting © Copyright Secure Identity Consulting 2014 Jeff Stollman Secure Identity Consulting Unexpected and Complex.

Slides:



Advertisements
Similar presentations
Socioeconomics knowledge cafe Wrap-up. Agreed the list of socioeconomic themes/issues that have dependencies with RWI research priorities Standardization.
Advertisements

Internet Of Things What is IOT all about The Internet of Things (IoT) incorporates physical devices into business processes using predictive analytics.
Internet of Things Security Architecture
US View on the Technological Convergence Between the Internet of Things and Cloud Computing June 1, 2010 Brussels, Belgium Presented by: Dan Caprio.
The Internet of Riedwaan Bassadien Platform Strategy Manager Microsoft Everything Your things.
Key Word Challenge This is when a computer uses services provided by another organisation’s computer systems. A computer hardware system which acts as.
Slide title minimum 48 pt Slide subtitle minimum 30 pt towards 50 billion connections Zagreb, 9-11 November 2011 Mićo dujak Solution Manager ICT solutions.
ICT For Preparatory Programs
Ch. 7. Architecture Standardization for WoT
1. Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall 2 Technology in Action Chapter 1 Why Computers Matter to You: Becoming Computer.
Introduction to Security Computer Networks Computer Networks Term B10.
How Smart, Connected Products are Transforming Competition: Executive Summary Eric Snow SVP, Corporate Communications April 9, 2015.
1. Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall 2 Technology in Action Chapter 1 Why Computers Matter to You: Becoming Computer.
MORE THAN SMART IN CONSUMER ELECTRONICS California Energy Commission June 18, 2015.
WHAT IS CLOUD COMPUTING? PRESENTED BY BRIAN DUKE, RISHI SINGH & JOSE CERVANTES.
COMP6005 An Introduction to Computing Session One Introduction.
Copyright © 2010 Pearson Education, Inc. Publishing as Prentice Hall 1.
How Safe is your Data? Cloud Computing A Research Paper By: Adam Shump.
Microcontroller-Based Wireless Sensor Networks
1 Copyright © 2010 Pearson Education, Inc. Publishing as Prentice Hall 1 What Is Computer Literacy? To be computer literate, you must: –Understand a computer’s.
IoT, Big Data and Emerging Technologies
SLIDE: 1 © COPYRIGHT 2014 MARKLOGIC CORPORATION. ALL RIGHTS RESERVED. U.S. Combatant Command Intelligence, Surveillance, and Reconnaissance (ISR)
Cloud Computing New Technology Presentation Riley Woldt EDT 661.
Is this a good idea? Potential risks posed by The Internet of Things Phillip Barker IT Systems Administrator City of Lincoln City 801 Southwest Highway.
© OECD/IEA 2010 Towards smart and energy efficient systems Vida Rozite The Role of Standardization for Smart Grids in Realizing Their Energy-Efficiency.
Presented by Darshan Balakrishna Shetty. Contents Internet of Things? Sample IoT devices What's Smart? Why Now? IoT in Power Grids and Homes Smart Grid.
The Internet of Things – Connected Vehicles Simon Backer, Industrial Technology Advisor (ITA) National Research Council – Industrial Research Assistance.
Internet of Things (Ref: Slideshare)
The ERA of API in the World of IoT Jing Zhang-Lee November, 2015.
November 25th, 2015 The Internet of Everything... Addressing the challenges of a changing world Yasser Helmy Business Development – Smart Cities, EMEA.
Engineering Secure Software. Agenda  What is IoT?  Security implications of IoT  IoT Attack Surface Areas  IoT Testing Guidelines  Top IoT Vulnerabilities.
The Internet of Things, WTF? Rik Ferguson Vice President, Security Research Trend #CLOUDSEC.
Internet of Things in Industries
Cevgroup.org C utting E dge V isionaries. cevgroup.org TODAY’s TALK 1) Internet Of Things (IoT) 2) Wi-Fi Controlled Robots 3) Augmented Reality.
1 Requirement Specification for IoT API layer Company:Tata Consultancy Services Author(s):Avik Ghose Contact
Strategic Agenda We want to be connected to the internet……… We may even want to host our own web site……… We must have a secure network! What are the.
 Shut off unused lights  Shut off unused electronics  Turn on fans to lower A/C usage.
Cyber in the Cloud & Network Enabling Offense and Defense Mark Odell April 28, 2015.
Education – Partnership – Solutions Information Security Office of Budget and Finance Christopher Giles Governance Risk Compliance Specialist The Internet.
Internet of Things. Creating Our Future Together.
Security of the Internet of Things: perspectives and challenges
A Layered Solution to Cybersecurity Dr. Erfan Ibrahim Cyber-Physical Systems Security & Resilience Center National Renewable Energy Laboratory.
INFSO-RI Enabling Grids for E-sciencE Grid & Cloud Computing Introduction
Internet of Things – Getting Started
Smart Home Environment
Innovative ICT Building a Better Smart City. Agenda 1. Why focus on Smart City 2. What is a Smart City 3. References.
SOURCE:2014 IEEE 17TH INTERNATIONAL CONFERENCE ON COMPUTATIONAL SCIENCE AND ENGINEERING AUTHER: MINGLIU LIU, DESHI LI, HAILI MAO SPEAKER: JIAN-MING HONG.
Internet Of Things (IoT)
Internet of Things (Part 1)
What is it ? …all via a single, proven Platform-as-a-Service.
Objectives Overview Explain why computer literacy is vital to success in today’s world Define the term, computer, and describe the relationship between.
Fundamental of Information Communication Technology (ICT)
Security of In-Vehicle Software
1st Draft for Defining IoT (1)
Ubiquitous Networking in support of UNIOT
Computer Hardware-Meeting the machine
North Carolina Law Review Symposium
Hello, Today we will look at cyber security and the Internet of Things and how it could impact our business.
Test Automation for IoT solutions A Paradigm shift
© 2016 Global Market Insights, Inc. USA. All Rights Reserved Fuel Cell Market size worth $25.5bn by 2024 IP Camera Market to surpass.
Internet of Things
Objectives Overview Explain why computer literacy is vital to success in today's world Describe the five components of a computer Discuss the advantages.
Artificial Intelligence Changes the Security Landscape
Home Internet Vulnerabilities
Securing the Internet of Things: Key Insights and Best Practices Across the Industry Theresa Bui Revon IoT Cloud Strategy.
Smart Home and Garden System
LO1 - Know about aspects of cyber security
Distributed Edge Computing
Villas, appartments, residence
Presentation transcript:

IIW | 06 May 2014 Secure Identity Consulting © Copyright Secure Identity Consulting 2014 Jeff Stollman Secure Identity Consulting Unexpected and Complex Implications of the Internet of Everything (IoE)

Secure Identity Consulting © Copyright Secure Identity Consulting 2014 Agenda  Defining Terms  Promise and Implications  Issues Prompted by IoT  Legal Perspective  Q&A European Identity and Cloud Conference | 15 May, 2014

Secure Identity Consulting © Copyright Secure Identity Consulting 2014 DEFINING TERMS European Identity and Cloud Conference | 15 May, 2014

Secure Identity Consulting © Copyright Secure Identity Consulting 2014 What is it? Internet of Things Internet of Everything Sensor Networks Smart Appliances Servers Netbooks Smart Phones Industrial Controllers SCADA Databases European Identity and Cloud Conference | 15 May, 2014

Secure Identity Consulting © Copyright Secure Identity Consulting 2014 Definition The Internet of Everything is: ANY device that is connected to a network. European Identity and Cloud Conference | 15 May, 2014

Secure Identity Consulting © Copyright Secure Identity Consulting 2014 Constituent Devices 1. SENSOR 2. PROCESSOR 3. ACTUATOR 4. Combinations of the above European Identity and Cloud Conference | 15 May, 2014

Secure Identity Consulting © Copyright Secure Identity Consulting 2014 IoE is a superset Traditional IT SCADA devices New Smart devices European Identity and Cloud Conference | 15 May, 2014 IoE

Secure Identity Consulting © Copyright Secure Identity Consulting 2014 PROMISE AND IMPLICATIONS Use Cases European Identity and Cloud Conference | 15 May, 2014

Secure Identity Consulting © Copyright Secure Identity Consulting 2014 The Promise European Identity and Cloud Conference | 15 May, 2014

Secure Identity Consulting © Copyright Secure Identity Consulting 2014 Use Case: Home Appliances – Security and Privacy European Identity and Cloud Conference | 15 May, 2014 Who is ordering your perishables?

Secure Identity Consulting © Copyright Secure Identity Consulting 2014 Use Case: Irrigation & Flood Control - Security European Identity and Cloud Conference | 15 May, 2014 Who is ensuring data integrity?

Secure Identity Consulting © Copyright Secure Identity Consulting 2014 Use Case: Farming – Information Ownership European Identity and Cloud Conference | 15 May, 2014 Who owns the data you collect?

Secure Identity Consulting © Copyright Secure Identity Consulting 2014 Use Case: Automotive Management – Privacy and Liability European Identity and Cloud Conference | 15 May, 2014 Who is controlling your vehicle?

Secure Identity Consulting © Copyright Secure Identity Consulting 2014 Use Case: Electric Vehicle Recharging Systems – Security and Liability European Identity and Cloud Conference | 15 May, 2014 Who is paying for power from your outlet?

Secure Identity Consulting © Copyright Secure Identity Consulting 2014 Use Case: Smart Packaging – Privacy and Liability European Identity and Cloud Conference | 15 May, 2014 Who can learn what drugs you are taking?

Secure Identity Consulting © Copyright Secure Identity Consulting 2014 Use Case: Physical Security – Privacy European Identity and Cloud Conference | 15 May, 2014 Does privacy exist anymore?

Secure Identity Consulting © Copyright Secure Identity Consulting 2014 Use Case: Electrical Grid – Security and LIability European Identity and Cloud Conference | 15 May, 2014 Who is managing your power?

Secure Identity Consulting © Copyright Secure Identity Consulting 2014 ISSUES PROMPTED BY IOT European Identity and Cloud Conference | 15 May, 2014

Secure Identity Consulting © Copyright Secure Identity Consulting 2014 IoT prompts several areas of concern  Security -Security issues of IoT are not new, but new solutions will be required.  Privacy  Privacy issues of IoT are not new, but new solutions will be required.  Ownership -Device ownership enters a new gray area. -Data ownership represents a brave new world of possibility.  Liability -Liability, as well, opens up a Pandora’s box of complex issues. European Identity and Cloud Conference | 15 May, 2014

Secure Identity Consulting © Copyright Secure Identity Consulting 2014 Security Questions 1.As traditional enterprise perimeters disintegrate into a web of devices, how do we secure devices 1.From an adversary manipulating sensor input data ? 1.E.g., holding a lighter below an outdoor temperature sensor that triggers an emergency response) 2.While this could happen today, I submit that the additional layer of abstraction provided by the IoT may prompt less scrutiny of physical security and increase the vulnerability of such systems. 2.From an adversary manipulating output from a sensor or input to a processor? 1.E.g., dividing the output from sensors on a harvester in half to create the impression of a bad crop, causing commodity prices to rise 2.compromising the video feed from a surveillance camera during a burglary 3.or the altimeter in an airplane to cause it to crash 3.From an adversary compromising the instruction code in the processor 1.E.g., changing the rule that prompts an alarm to take no action instead 4.From an adversary compromising the instruction feed from the processor or the input feed to the actuator 1.E.g., dividing the changing ON to OFF or a LOW setting to HIGH European Identity and Cloud Conference | 15 May, 2014

Secure Identity Consulting © Copyright Secure Identity Consulting 2014 Security Questions cont’d. 2.Who is responsible for controlling access to the data? 2.At rest -- on the device 3.In transit -- between devices 3.Who is responsible for allowing a “man-in-the-middle” attack when there is no perimeter? European Identity and Cloud Conference | 15 May, 2014

Secure Identity Consulting © Copyright Secure Identity Consulting 2014 Practical Questions 1.Will all devices need enough intelligence to manage their own access control? 1.Will all devices need to be servers to do so? 2.If devices have enough intelligence (i.e., processing power and storage) to manage access control, will they also have enough processing power and storage to be victims of malware and/or hacking? 3.Once enough devices are deployed to be of interest to adversaries (e.g., malware and hack publishers), will the burden of managing access to devices outweigh the benefits to be gained from them? European Identity and Cloud Conference | 15 May, 2014

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.