The Ticking Time Bomb – Infrastructure Annual IIAISACA Hacking... · The Danger Is Real • IoT...

The Ticking Time Bomb – Infrastructure –

Vulnerabilities of the

Internet of Things

Prepared For

Copyright Eclypses 2017 - Confidential

By Steven R. Russo

We are living in a “Connected World


The “Pineapple”


Risk is high - Security Flaws Abundant The Danger Is Real

• IoT vulnerabilities can be utilized to: • Exploit “data,” • Inflict physical harm to one or many

• Examples of Prime Targets :

• Data • Critical infrastructure

• Natural gas – Electric - Oil • Nuclear facilities

• Autonomous vehicles • ATM’s • Military Autonomy

• Drones, Aircraft, Missiles, Tanks, etc.


Why Change Is Required

Threats not limited to things around us –


• Neurostimulators • Gastric stimulators • Cardiac Defibrillators • Pacemakers • Insulin Pumps



U.S. Food and Drug Administration (FDA) confirmed the existence of flaws in implants and transmitters made by a major U.S. medical device company These transmitters are connected to the internet The FDA disclosed that the transmitters have security vulnerabilities allowing them to be hacked in dangerous fashion.

The Landscape

Simplistic tactics can cause great harm Destruction


Attackers Ability To Execute Commands To Both Connected and Intelligent Devices Must Be

Stopped

The Landscape

• Gartner forecasts - 8.4 billion connected 2017

• Up 31 percent from 2016, will reach 20.4 billion by 2020 • Total spending on endpoints and - $2 trillion in 2017


The Landscape

• Vulnerabilities such as malware ARE and WILL be present

• DDoS attacks - 71% increase between late 2015 - 2016

• Remote code-injection into a server or systems • Substation control • Power outages • Loss of critical services


The Landscape

• Manufacturers do the absolute minimum

• Researchers uncovered dozens of vulnerabilities in critical infrastructure ecosystems

• Researchers uncovered dozens of vulnerabilities in most every other connected system


The Internet’s Design From Day 1

• Internet never constructed to be secure • James Scott, a senior fellow at the Institute for Critical Infrastructure Technology

• “Now you have insecure devices being networked to an insecure Internet"

• Vince G. Cerf VP/ Chief Evangelist for Google –

• "We didn’t focus on how you could wreck this system intentionally”


The Door Has Been Left Wide open

It’s Easy to Point Out Vulnerabilities It’s Solution Can Be Complex

• Many attempting to solve

• Methods and methodology flawed • Encryption

• Public Key Infrastructure (PKI), combined Firewalls and/or Certificates

• “Blockchain” architecture

• Static hardware solutions


It’s Easy to Point Out Vulnerabilities It’s Solution Can Be Complex

• All provide obstacles and challenges

• All exposed to vulnerabilities

• All have a variety of limitations

.


Flaws And Limitations To Current Solutions

• Speed • Performance • Flexibility • Requirement of Processing Power • Storage requirements


They Have NOT Been Proven To Be Unhackable

What The World Does Today

Deployment of “Real Commands” End to end Encryption

• PKI • Secure Tunnel Architectures • AES Encryption • Hardware Solutions • Intrusion monitoring


Commands To & From Connected Devices

Flaws And Limitations To Current Solutions - PKI

• PKI • Framed to be the best

• Flawed • Assumption that Certificate Authority (CA) is truthful, honest,

and legitimate

• Gaining control of a CA - • fraudulent certificates • Masquerade at will


Flaws And Limitations To Current Solutions - PKI

• PKI – History • compromised CA organizations

• Emergence of new threats continues

• Attacks continue to be successful

• Repeated success question’s PKI

Is it really the best choice as the security of the future?


Flaws And Limitations To Current Solutions Blockchain • Decades of R & D • Touted as disruptive

• Decentralized electronic ledger • variables and authentication into a transmission

• Concern:

• Application within automotive • Different design requirements • Business cases – security architectures • Methods initially adopted

• Public/Private Blockchains • Unsolved Challenges - widespread use


Flaws And Limitations To Current Solutions Blockchain

• IoT - So many variables

• Blockchain requires high data quality • Standard definitions - Recognizable globally

• Quality of data within Blockchain remains suspect


After All These Years, Blockchain Technology Has Yet To Be perfected

Who knows if it ever will

Flaws And Limitations To Current Solutions Hardware

• Argument that they can withstand attacks • Flaws:

• Not flexible • Require higher levels of processing power • System requirements • Not easily adaptable

• Significant changes required • Require internet access • Impractical on deployed Systems • Update complexity


Flaws And Limitations To Current Solutions Hardware

• Sensors, Controls, Valves and LED warning systems possess little to no processing power • Limited space availability

• Manufactures are looking to “Cut Cost”

• “Things” change – Flexibility - Limits hardware viability


Hardware, will not be a widely adopted, long-term viable or a realistic

solution for the future


Because Today’s Methods Do Not Work!


• Forrester predicts that more than 500,000 internet of things (IoT) devices will suffer a compromise in 2017, dwarfing Heartbleed.

THIS IS JUST THE BEGINNING

• Bad actors penetrate Firewalls • Get past Encryption

• Access to all the data being stored • Data Intercepted • Physical harm


Privacy And Security


• Google Home • Baby Monitors • Televisions

• Automobile Theft • Automobile Control • Autonomous Vehicles • Aeronautics – Planes - Drones • Military Communications • Missile Defense

A New Solution – A Paradyme Shift • Requires something new and different

• Optimal solution - advanced layers

• Connected and/or Intelligent devices

• Eliminate malicious attacks

• End-to-end solution

• Ultra-secure and “iron-clad” framework


New Options Are Available – MicroToken Exchange™

• MicroToken Exchange™ • Creates That Paradyme Shift • MicroTokenization®,

• Software solution • Replaces actual data with MicroToken Clusters • Utilized existing networks

Potentially Makes Data Exploitation Unassailable

MicroToken Exchange


Data In Motion (IoT) – MicroToken Exchange Securing commands to intelligent and connected devices

• Premise :

• Stop Using “Real Data”; use MicroTokens instead! • What Is A MicroToken?

• “Token type” replacement • Placeholder for real data

• Created through (AI)

Command-Level MicroTokenization

No Longer Transfer Real Data Between Controllers And Networked (IoT) Devices

• Send/receive commands authenticated & obfuscated

• MicroTokens™ Execute pre-programmed commands

Access is never granted to entire systems

• Can only be interpreted by paired devices– • Randomly-sized MicroToken packets

MTE MicroToken

Exchange

MTE - Command-Level MicroTokenization at Work

• Sending “Real Commands” eliminated

• Variable chaff

Visual of MTE - Command-Level MicroTokenization

• MicroToken identified

• Indiscernible

MTE (MicroToken Exchange) Better and Stronger Than Encryption

• In-directional technologies add to the magic

• Packet sizes are small & lightweight

• MTE ELIMINATES ability to replicate discernable values

• MicroTokens expire MicroToken Exchange

MTE

Why Is Encryption Not The Best Choice

• Require processing power • stronger the encryption, the more processing power

• Increases latency • Stronger encryption - slower speeds

• Key Management

• Processing power and speed • Key management Vulnerabilities

• Encryption broken

Additional Enhancements Combining Data At Rest

• MTE - Larger Data

• Secures data individually

• Pairs data with a MicroToken™

• independently MicroEncrypted™

• No Key management by users


Ensuring that sensitive data remains unavailable to exploitation in the event of an internal or external

network defense breach

Steven Russo

Executive Vice President

[email protected]

Office: 719-323-6680 X 120

For more information contact:

Prepared For


The Ticking Time Bomb – Infrastructure –

Vulnerabilities of the

Internet of Things

Sponsored By

Date post:	10-Oct-2020
Category:	Documents
Upload:	others
View:	0 times
Download:	0 times

The Ticking Time Bomb – Infrastructure Annual IIAISACA Hacking... · The Danger Is Real • IoT...

Documents