Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Internet-of-Insecure-Things Causes, Trends and Responses

Published byמלאכי שניידר Modified over 5 years ago

Similar presentations

Presentation on theme: "The Internet-of-Insecure-Things Causes, Trends and Responses"— Presentation transcript:

1 The Internet-of-Insecure-Things Causes, Trends and Responses
RIPE 77 ) Arman Noroozian ( Economics of Cybersecurity, Delft, Netherlands )

2

3 NCTA — The Internet & Television Association

4 Whole Lotta Questions Raised!!
How? How did we get into this mess? How do we get out of this mess?

5 How did we get here? Fragmented landscape
Vendors without competence or incentives Lack of visibility into which ‘things’ fail Dependencies in value chains

6 How do we get out of it? (Mopping While the Tap is Still Running)

7 Governance Strategies Being Discussed
Awareness raising (but don’t blame the victim) Monitoring and transparency (name, shame, and praise) Certifications and standards (FTC fining ASUS, D-Link) Liability, duty to care (make vendors bear the cost) Intermediary Role (ask ISPs to cut off access) Strengthening user rights (opt in, data minimization)

8 Governance Strategies
Awareness raising (but don’t blame the victim) Monitoring and transparency (name, shame, and praise) Certifications and standards (FTC fining ASUS, D-Link) Liability, duty to care (make vendors bear the cost) Intermediary Role (ask ISPs to cut off access) Strengthening user rights (opt in, data minimization)

9 Where are the hacked devices?

10 Monitoring IoT compromise
Honeypot infrastructure with Yokohama National University (Japan) Emulated and physical devices Port 22, 23, 80, 8080, 53413, … Log interactions, scan back, attacking devices

11 Who operates the network?

12 Infection rates across ISPs

13 Who operates the network (NL)?

14 Cleaning IoT Devices (KPN)
Walled Garden Cutting off access to infected devices 1736 quarantining actions 1208 customers 50% clean infections Most quarantined once Let Me Out! Evaluating the Effectiveness of Quarantining Compromised Users in Walled Gardens. Orçun Çetin, Lisette Altena, Carlos Gañán, Michel van Eeten. In SOUPS 2018

15 Cleaning IoT Devices (Cont.)
Randomized Control Experiment 220 Customers

16 Cleaning IoT Devices (Cont.)
Randomized Control Experiment 92% Cleaned In 14 days!

17 In Conclusion Network operators can significantly help
Awareness raising (but don’t blame the victim) Monitoring and transparency (name, shame, and praise) Certifications and standards (FTC fining ASUS, D-Link) Liability, duty to care (make vendors bear the cost) Intermediary Role (ask ISPs to cut off access) Strengthening user rights (opt in, data minimization)

18 Future Research MINIONS - MitigatINg IOt-based DDoS attacks via the DNS

19

20 Thank you! Follow our research on

Download ppt "The Internet-of-Insecure-Things Causes, Trends and Responses"

Similar presentations

Marketing Environmental Services Strategies to Create Awareness.

Marketing Environmental Services Strategies to Create Awareness.
Addressing spam email and enforcing a Do Not Email Registry using a Certified Electronic Mail System Information Technology Advisory Group, Inc.

Addressing spam and enforcing a Do Not Registry using a Certified Electronic Mail System Information Technology Advisory Group, Inc.
Trojan Horse Program Presented by : Lori Agrawal.

Trojan Horse Program Presented by : Lori Agrawal.
Honeypots Margaret Asami. What are honeypots ? an intrusion detection mechanism entices intruders to attack and eventually take over the system, while.

Honeypots Margaret Asami. What are honeypots ? an intrusion detection mechanism entices intruders to attack and eventually take over the system, while.
Website Hardening HUIT IT Security | Sep 30 2011.

Website Hardening HUIT IT Security | Sep
Introduction to Honeypot, Botnet, and Security Measurement

Introduction to Honeypot, Botnet, and Security Measurement
IDENTITY MANAGEMENT: PROTECTING FROM THE INSIDE OUT MICHAEL FORNAL, SECURITY ANALYST PROVIDENCE HEALTH & SERVICES SOURCE SEATTLE CONFERENCE 10.23.13 -10.24.13.

IDENTITY MANAGEMENT: PROTECTING FROM THE INSIDE OUT MICHAEL FORNAL, SECURITY ANALYST PROVIDENCE HEALTH & SERVICES SOURCE SEATTLE CONFERENCE
Assessing Home Internet Users’ Demand for Security Brent Rowe, RTI International Dallas Wood, RTI International.

Assessing Home Internet Users’ Demand for Security Brent Rowe, RTI International Dallas Wood, RTI International.
SMEs: The Hacker’s Preferred Route into the Corporate World Richard Henson Worcester Business School February 2012.

SMEs: The Hacker’s Preferred Route into the Corporate World Richard Henson Worcester Business School February 2012.
Honeypot and Intrusion Detection System

Honeypot and Intrusion Detection System
Databases and security continued CMSC 461 Michael Wilson.

Databases and security continued CMSC 461 Michael Wilson.
Hacker’s Strategies Revealed WEST CHESTER UNIVERSITY Computer Science Department Yuchen Zhou March 22, 2002.

Hacker’s Strategies Revealed WEST CHESTER UNIVERSITY Computer Science Department Yuchen Zhou March 22, 2002.
Local Threat Report Vikram Kumar – Chief Executive, InternetNZ 22/08/2012.

Local Threat Report Vikram Kumar – Chief Executive, InternetNZ 22/08/2012.
5/18/2006 Department of Technology Services Security Architecture.

5/18/2006 Department of Technology Services Security Architecture.
Retina Network Security Scanner

Retina Network Security Scanner
Security Vulnerabilities in A Virtual Environment

Security Vulnerabilities in A Virtual Environment
Engineering Secure Software. Agenda  What is IoT?  Security implications of IoT  IoT Attack Surface Areas  IoT Testing Guidelines  Top IoT Vulnerabilities.

Engineering Secure Software. Agenda  What is IoT?  Security implications of IoT  IoT Attack Surface Areas  IoT Testing Guidelines  Top IoT Vulnerabilities.
PRESENTATION TITLE Presented by: Xxxx Xxxxx. Providence Health & Services Very large Catholic healthcare system 33 hospitals in AK, CA, MT, OR, WA 65,000.

PRESENTATION TITLE Presented by: Xxxx Xxxxx. Providence Health & Services Very large Catholic healthcare system 33 hospitals in AK, CA, MT, OR, WA 65,000.
Information Security In the Corporate World. About Me Graduated from Utica College with a degree in Economic Crime Investigation (ECI) in Spring 2005.

Information Security In the Corporate World. About Me Graduated from Utica College with a degree in Economic Crime Investigation (ECI) in Spring 2005.
Education – Partnership – Solutions Information Security Office of Budget and Finance Christopher Giles Governance Risk Compliance Specialist The Internet.

Education – Partnership – Solutions Information Security Office of Budget and Finance Christopher Giles Governance Risk Compliance Specialist The Internet.

Similar presentations

Ads by Google