Conference2017
Securing The IoTsDr. Musfiq RahmanThompson Rivers University
Conference 2017
Roadmap
• Flavors of the Internet of Things• Benefits of IoT• Security challenges of IoT• Secure Architecture for IoT• Conclusion
2
Conference 2017
Flavor of the Internet of Things
3
Theclockchecksthetraintimesonlineand letsyousleep5minsmore
Inyourkitchen,ablinkinglight remindsyou,itstimetotakemedicine
Incaseyouforget,itsendsanemailtoyourdoctor
Conference 2017
Flavor of the Internet of Things
4
Onyourwayoutofthehouse,yourumbrellahandleislit up,whichmeansthatithascheckedthetoday’sweatherreport andpredictsrain.
Conference 2017
Flavor of the Internet of Things
5
Onthewaytostation,alargeLCDwithflashingdisplay“BUS23:ARRIVINGIN30SECS”
Conference 2017
Flavor of the Internet of Things
6
When you get to the train station, your phone checks you in automatically…
Your family also gets a text notification…
Conference 2017
Flavor of the Internet of Things
7
On your lunch break, run and track your runusing a pedometer in your shoes and a heart monitor in your wrist band…
Conference 2017
Flavor of the Internet of Things
8
Integrates with your online supermarket shopping accountto compare with how many calories you’ve eaten.
All the data is automatically uploaded to your sports tracking site
Conference 2017
What is IoT?
9
Physical Object+
Controller, Sensor, and Actuators
+Internet
=Internet of
Things
Conference 2017
IoT is Growing!
10
7.26.8 7.6
Rapid Adoption Rate of Digital Infrastructure:5X Faster Than Electricity and Telephony
50Billion
“Smart Objects”
50
2010 2015 2020
0
40
30
20
10
BIL
LIO
NS
OF
DEV
ICES
25
12.5
InflectionPoint
TIMELINE
Source: Cisco IBSG, 2011
World Population
Conference 2017 11
IoT Delivers Extraordinary Benefits
Conference 2017
Connected Train
12
PassengerSecurity
RouteOptimization
CriticalSensing
Conference 2017
Smart City
13
ConnectedTrafficSignals• ReduceCongestion• Improveemergency
servicesresponsetimes• Lowerfuelusage
ParkingandLighting• Increasedefficiency• Powerandcostsavings• Newrevenueopportunities
CityServices• Efficientservicedelivery• Increasedrevenues• Enhancedenvironmental
monitoring
Conference 2017
The Connected Car
14
WirelessRouters• Onlineentertainment• Mapping,dynamicre-
routing,safety,andsecurity
ConnectedSensors• Transform“data”to
“actionableintelligence”• Enableproactive
maintenance
UrbanConnectivity• Reducecongestion• Increaseefficiency
Conference 2017
…but it adds also adds complexity
15
••Smaller, more self-contained switches, routers••Operates in challenging environments
Connectivity tools be added to the platform
••Networked together, yet independent••Invisible, NOT owned or control by IT
Billions of “smart objects” share IT infrastructure
••Value from the data intelligence••Application provides a way to access intelligence
Applications are different
Conference 2017
What Comprises IoT Networks?
16
InformationTechnology
(IT)
OperationalTechnology
(OT)
SmartObjects
Conference 2017 17
The Flip Side: Major SecurityChallenges
Conference 2017
Iot expands security needs…
18
IoT SecurityIncreasedAttackSurface
ThreatDiversity
ImpactandRisk
Remediation
Protocols
ComplianceandRegulations
Conference 2017
What Can Go Wrong…
19
What can’t?
Billions of connected devicesSecure and insecure locationsSecurity may or may not be built in … Not owned or controlled by IT … but data flows through the network
Any node on your network can potentially provide access to the core
Conference 2017
Some Security Incidents
20
FirmFeedingSystemintheU.S.
HackersTakeControlofCars
IoT BotnetDDoSAttacks
*Src:http://www.zdnet.com/article/hackers-in-the-house-why-your-iot-devices-may-have-already-joined-a-botnet/https://www.wired.com/2016/08/jeep-hackers-return-high-speed-steering-acceleration-hacks/
Conference 2017 21
Delivering Security Across theExtended Network
Conference 2017
The Secure IoT Architecture
22
Services
Application Interfaces
Infrastructure Interfaces
New Business Models Partner Ecosystem
Applications
Smart Devices and Sensors
ApplicationPlatform
Infrastructure
Security
APPLICATION AND BUSINESS INNOVATION
DataIntegration BigData Analytics Control
SystemsApplicationIntegration
Network and Perimeter Security
Physical Security
Device-level Security /
Anti-tampering
Cloud-based Threat Analysis
/ Protection
End-to-End Data
Encryption
Services
Conference 2017
Conclusion: Securely Embrace IoT!
23
Newchallengesrequirenewthinking!
avoid operational siloes
networking and convergence are key
a sound security solution is integrated
throughout
build for the future
Securitymustbepervasive
inside and outside the network
device- and data-agnostic
proactive and intelligent
Intelligence,notdata
convergence, plus analytics
speed is essential for real-time decisions
Conference 2017
Thankyou!
24