Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Critical Analysis on the Security of IoTs

Published byJustin Baldwin Modified over 8 years ago

Similar presentations

Presentation on theme: "A Critical Analysis on the Security of IoTs"— Presentation transcript:

1 A Critical Analysis on the Security of IoTs
International Journal of Computer Applications ( ) Volume No. 7, February 2015 Syeda Wishal Bokhari School of Material Sciences & Engineering December 3rd, 2015 Thursday

2 Contents Introduction Generic Architecture Security goals
Security Challenges & issues Security at different layers Conclusion & future work

3 Contents Introduction Generic Architecture Security goals
Security Challenges & issues Security at different layers Conclusion & future work

4 Introduction Why do we ne

5 Does the Internet of Things need Security?
Pacemakers, insulin pumps etc. may be hacked Malicious applications may collect your private data (photos, messages, location, etc.) Smartphone Medical Devices Can burglars determine whether you are home? Your Smartphone Not only may your cellular provider be tracking information about you – such as with whom you communicate and your location – but it, as well as Google GOOG +0.15% (in the case of Android), Apple AAPL -8.11% (in the case of iPhones), or other providers of software on the device, may be aware of far more detailed actions such as what apps you install and run, when you run them, etc. Some apps sync your contacts list to the providers’ servers by default, and others have been found to ignore privacy settings. Phones may even be capturing pictures or video of you when you do not realize and sending the photos or video to criminals! Your Webcam or Home Security Cameras On that note, malware installed on your computer may take control of the machine’s webcam and record you – by taking photos or video – when you think the camera is off. Miss Teen USA was allegedly blackmailed by a hacker who took control of her laptop’s webcam and photographed her naked when she thought the camera was not on. Likewise, malware on computers or hackers operating on those machines could potentially intercept transmissions from security cameras attached to the same network as the devices (some cameras transmit data unencrypted), and copy such videos for their own systems. Such information is invaluable to burglars. Your Lights, Home Entertainment System, and Home Alarm System Various newer lighting, home entertainment, and home security systems can be controlled via Wi-Fi or even across the Internet. Remote control is a great convenience, but it also raises questions as to whether information is reported to outside parties. Does your alarm provider get notified every time you come and go? Is information about your choice of audio entertainment relayed to manufacturers of the equipment on which it is played or the supplier of the music? Could hackers gather information from smart lighting, entertainment, or security devices – or the networks on which they communicate – to determine patterns of when you are home, when you are likely to have company over, and when your house is empty? Your Laundry Equipment Like kitchen appliances, washers and dryers that connect to the Internet may report information that users may not realize is being shared, and that if intercepted, or misused, could help criminals identify when you are home and when you are not. Your Medical Devices It is not news that pacemakers, insulin pumps, and other medical devices can be hacked. But even normal functioning devices may spy on you. Various pacemakers relay patient status information over the Internet – this may be valuable in some cases, but also creates risks. Could unauthorized parties obtain information from such data in transmit? What if a criminal sent out phony “pacemaker impersonating” messages stating that a patient is in distress in order to have his physician instruct him to go to the hospital – and leave his home vulnerable? Laundry Equipment Broadcast WiFi passwords unencrypted Smart Lights Smart Kitchen Appliances Slide taken from Group # 6 presentation

6 Contents Generic Architecture Introduction Security goals
Security Challenges & issues Security at different layers Conclusion & future work

7 Generic Architecture Perception Layer Network Middle-ware Layer
Information processing Information applications e.g. smart homes etc. Information transmission Information generation with the help of sensors. Perception Layer Network Middle-ware Layer Application Layer

8 Contents Security Goals Introduction Generic Architecture
Security Challenges & issues Security at different layers Conclusion & future work

9 Security Goals Confidentiality Availability Integrity Data
Data Confidentiality: Providing freedom to the user from the external interference. Privacy of the sensitive information and guarantee the access to the data by authorized users only. Many security measures available e.g. DATA ENCRYPTION, 2-STEP VERIFICATION, BIOMETIC VERIFICATION. For IoTs, sensors don’t transmit their data to neighboring nodes and tags don’t transmit their data to the unauthorized reader. Data Integrity: Refers to the protection of information from the cybercriminals during transmission and reception with some common tracking methods so the data cannot be tempered without the system catching the threat. The methods include Checksum and Cyclic Redundancy Check (CRC). Continuous syncing for backup purposes can also ensure the integrity of the data until accessed by the authorized user. Data Availability: It ensures the intermediate access of the authorized party to the data in normal and even disastrous conditions. It is necessary to provide the firewalls to countermeasure the attacks on the services like DoS which can deny the availability of data to the end users.

10 Contents Security Challenges & issues Introduction
Generic Architecture Security Goals Security Challenges & issues Security at different layers Conclusion & future work

11 Security Challenges & issues
Perception Layer Challenge Unauthorized access to tags Tag cloning Eavesdropping Spoofing RF jamming

12 2. Network Layer Challenge
Sybil Attack Manipulation of nodes Sinkhole Attack Silence traffic fooling system by the attacker Sleep deprivation Attack The minimization of life time of battery resulting in nodes shut down Denial of Service (DoS) Attack The unavailability of the network by a flood of traffic by the attacker Malicious Code Injection The injection of malicious code into the system Man-in-the-middle Attack Kind of eavesdropping 1 2 3 4 5 6

13 3. Middle-ware Layer Challenge
Unauthorized Access DoS Attack Malicious insider Forbidding access to the related services of IoT by the attacker Failure of system by the unauthorized access System Shut down Unavailability of services Tempering of the data for personal benefits by authorized party for any 3rd party. Easy extraction and manipulation of the data.

14 4. Application Layer Challenge
ALC Malicious Code Injection DoS Attack Sniffing Attack (introduction of sniffer app) Spear Phishing Attack (Junk/spam ) 4. Application Layer Challenge

15 Contents Security at different layers Introduction
Generic Architecture Security Goals Security Challenges & issues Security at different layers Conclusion & future work

16 Security at different Layers
Perception Layer Hash algorithms Encryption Mechanisms Anonymity approaches Risk assessment Intrusion detection Network Layer P2P Encryption Routing Security Data Integrity Application & Middle-ware Layer Integrated identity identification Encryption mechanisms Firewalls Risk assessments Intrusion detection

17 Contents Conclusion & future work Introduction Generic Architecture
Security Goals Security Challenges & issues Security at different layers Conclusion & future work

18 Self defense system Self responsiveness Automated confront

19

20

Download ppt "A Critical Analysis on the Security of IoTs"

Similar presentations

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
1 Programa de Engenharia Elétrica - PEE/COPPE/UFRJ Universidade Federal do Rio de Janeiro A Review of Anomalies Detection Schemes for Smart Grids Andrés.

1 Programa de Engenharia Elétrica - PEE/COPPE/UFRJ Universidade Federal do Rio de Janeiro A Review of Anomalies Detection Schemes for Smart Grids Andrés.
1 MIS 2000 Class 22 System Security Update: Winter 2015.

1 MIS 2000 Class 22 System Security Update: Winter 2015.
Cryptography and Network Security Chapter 1

Cryptography and Network Security Chapter 1
Introduction to Sensor Networks Rabie A. Ramadan, PhD Cairo University 4.

Introduction to Sensor Networks Rabie A. Ramadan, PhD Cairo University 4.
Raphael Frank 20 October 2007 Authentication & Intrusion Prevention for Multi-Link Wireless Networks.

Raphael Frank 20 October 2007 Authentication & Intrusion Prevention for Multi-Link Wireless Networks.
McGraw-Hill/Irwin © 2008 The McGraw-Hill Companies, All Rights Reserved Business Plug-In B6 Information Security.

McGraw-Hill/Irwin © 2008 The McGraw-Hill Companies, All Rights Reserved Business Plug-In B6 Information Security.
Security Issues and Challenges in Cloud Computing

Security Issues and Challenges in Cloud Computing
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
1-1 CMPE 259 Sensor Networks Katia Obraczka Winter 2005 Security.

1-1 CMPE 259 Sensor Networks Katia Obraczka Winter 2005 Security.
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
7: Network Security1 Chapter 7: Network security – Author? Foundations: r what is security? r cryptography r authentication r message integrity r key distribution.

7: Network Security1 Chapter 7: Network security – Author? Foundations: r what is security? r cryptography r authentication r message integrity r key distribution.
Information Security of Embedded Systems 20.1.2010: Communication, wireless remote access Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer.

Information Security of Embedded Systems : Communication, wireless remote access Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer.
Wireless Sensor Network Security Anuj Nagar CS 590.

Wireless Sensor Network Security Anuj Nagar CS 590.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
Securing Information Systems

Securing Information Systems
LEVERAGING UICC WITH OPEN MOBILE API FOR SECURE APPLICATIONS AND SERVICES Ran Zhou 1 9/3/2015.

LEVERAGING UICC WITH OPEN MOBILE API FOR SECURE APPLICATIONS AND SERVICES Ran Zhou 1 9/3/2015.

Similar presentations

Ads by Google