Professional Documents
Culture Documents
TE-20 Synopsis Final
TE-20 Synopsis Final
Wagholi,Pune.
Seminar Synopsis
On topic
IoT Threat
Detection Advances
and Challenges
Presented By
Exam No: 20
Class : TE(Comp)
2) Seminar Area:
IOT(Internet Of Thing)
Cyber security
3) Seminar Guide:
Prof. Pramod Dhamdhere
4) Technical Keywords:
—IoT, threat detection, challenges, future directions.
5) Problem Statement
Incorrect access control
Overly large attack surface
Outdated software
Lack of encryption
Application vulnerabilities
Lack of trust execution environment
Vendor security posture
Insufficient privacy protection
Intrusion ignorance
Insufficient physical security
User interaction
6) Abstract:
It is predicted that, the number of connected Internet of Things (IoT) devices will
rise to 38.6 billion by 2025 and an estimated 50 billion by 2030. The increased
deployment of IoT devices into diverse areas of our life has provided us with
significant benefits such as improved quality of life and task automation. However,
each time a new IoT device is deployed, new and unique security threats emerge or
are introduced into the environment under which the device must operate.
Instantaneous detection and mitigation of every security threat introduced by
different IoT devices deployed can be very challenging. This is because many of
the IoT devices are manufactured with no consideration of their security
implications. In this paper therefore, we review existing literature and present IoT
threat detection research advances with a focus on the various IoT security
challenges as well as the current developments towards combating cyber security
threats in IoT networks. However, this paper also highlights several future
research directions in the IoT domain
Security by design
Privacy by design
Hardware security
Network security
Again, knowing that each time a new IoT device is deployed, new and unique security threats may
be introduced into the environment under which the device must operate, protecting IoT networks
therefore calls for further research and development of various lightweight security protocol to
enhance the security of any communication between different IoT devices in the network
1. Security by Design
To remain unaffected from the IoT security issues, you must integrate security in the product
design phase. Having security as a part of the design process ensures that each stage of product
development has provisions for defence against the cybersecurity risks.
Also, hardware vulnerabilities can’t be patched on-the-fly. Ensuring security during hardware
design, thus, can prevent product recalls and save millions of dollars. Moreover, architecting a
secure software helps in minimizing zero-day bugs.
Incorporating security during design also ensures a product that fits well with the required IoT
security standards and techniques.
2. Privacy by Design
Economist Intelligence Unit (EIU) surveyed 1,600 consumers in eight countries and found 92%
of the consumers want to control the personal information collected about them. And IoT
security risks not only affect the product but also the data stored and processed by the device.
So, along with device security, data privacy measures must be an integral part of the design
stage itself. Have provisions for privacy assessments at each stage to ensure the product, as well
as the data, is secure.
3. Authentication and Authorization
Assigning device identity and outlining ways to authenticate it is one of the fundamental
elements in IoT security. Whether you design your product for humans, machines, or both, you
must implement proper authentication mechanisms.
Certificates, complex passwords, PINs, and biometrics are among the various ways to
authenticate access. You can also implement two-factor or multi-factor authentication in place
for better security. And the stored credentials, of course, should be encrypted.
Along with reliable authentication, your product must also have suitable authorisation process.
It protects the modules from any unintended access.
Robust encryption and access control protocols also are among the key elements of IoT product
security requirements. The measures are essential to comply with the IoT security regulations,
especially when personal or sensitive data is involved.
And by encrypting the data, allowing access only with appropriate credentials, data is secure
even if security is compromised. You got to ensure effective use and correct implementation of
encryption algorithms combined with strong cryptographic keys.
5. Hardware Security
IoT security requirements also mandate that the product is tamper-proof. Specialised security
chips, trusted device identity mechanism, and a physically secured data storage medium is a
must.
Only essential physical ports should be available, open just to trusted connections. Apart from
ensuring that the device can't be disassembled easily, also ensure that any hardware tampering
can be detected. The product should be tamper-proof and tamper-evident even in the test/debug
modes, to prevent unauthorised access.
6. Network Security
The Unit 42 of Palo Alto Networks studied devices used in various healthcare organizations for
an IoT threat survey. It revealed that 98% of IoT network communications are unencrypted.
And unsecured networks are known to be soft spots for cyber criminals. Therefore, IoT network
security too must be taken care of.
Not only the communication channels and data transport mediums but also the ports should be
monitored. Then, Public Key Infrastructure (PKI) and X.509 digital certificates build the trust
needed for secure data exchanges over networks.
7. Compliance Requirements
IoT security measures also require you to ensure the data is stored and processed as per the
laws. The product shouldn’t collect any data without the consent of the user(s).
For example, if you’re implementing your IoT device within the EU, it should comply with
GDPR. The users must be able to exercise their rights to information, access, rectification, and
others as per the policy. Devices should also comply with industry specific compliance
standards and guidelines like GSMA IoT Security, ISA 62443, IoTSF Checklist, and others.
These help address domain specific threats and risks.
So, have proper documentation outlining how the product collects and stores data, how the data
flows within the business and who all has access to it. You should also mention what you do
with the data and who all can make the changes, to be prepared for potential IoT security
vulnerabilities and attacks.
8. Performance Requirements
Maintaining the required performance standards as per the use case is another key component
of IoT security needs. If your device is intended to be powered on 24x7, it shouldn’t break
down in standard conditions, say, after only 5 hours of usage.
Apart from the intended features, the product must have systems for self-diagnosis and repair.
Features like recovery from malfunction, data rollup from a compromised state or standalone
operation in case of network failure, are mandatory.
IoT security and privacy challenges keep growing with time. Therefore, you must develop
security patches and deliver them to the product as required.
Outline an end-of-life strategy for support and update of your IoT products.
And then, ensure the device can receive Over-the-Air (OTA) software/firmware updates. The
update server, as well as the transmission channel, should be secure, and the device should be
able to decrypt and verify the encrypted update.
Also, the updates shouldn’t change user-configured preferences or settings before notifying the
user.
Your IoT product must have a logging system to record device status and related events during
its functioning. Events like user authentication and modifications to security and privacy
settings should be logged as they take place. The log must also record the user activities.
And all the event logs should be kept safe and secure for later retrieval.
An attacker might tamper with IoT devices physically since it might be deployed in a remote area and
left unattended. Following this, the attacker can then proceed to do harmful activities on the devices
such as modify the programs, extract information or even replace them with malicious devices. One way
to be employed as a security measure to defend such devices is by having tamper resistant packaging for
better protection. With the introduction of different kind of protocols that have been used by IoT devices
across the Internet, these multi-protocol characteristics make traditional security protection scheme not
suitable for IoT devices. Furthermore, IoT devices can join and leave a network at anytime from
anywhere. With the dynamic nature of the network topology, existing security protection do not easily
cope with this type of sudden topological changes. With the rapid escalation in the use of IoT devices
over the internet an extensive and scalable security solution is urgently needed.
11)Conclusion
IoT has emerged as one technology that has great potential to change the world in many ways. However,
this technology threatens users' privacy and security in the different environments under which it must
be deployed. For this reason, solutions to threat detection, intrusion, compromise or misuse in the IoT
domain should be developed.
The top security problems are without a doubt related to access control and exposed services.
Furthermore, IoT devices should implement best-practice security measures such as encryption. Vendors
can facilitate secure use of their products by providing documentation and interacting with users and
security professionals. To make it harder for attackers, devices should be physically secured. Finally, if a
device is compromised it should reject programs supplied by the attacker, and notify its user that
something is wrong.
Focussing on these problems can certainly improve the state of security of IoT devices. To solve these
problems, Eurofins Cyber Security recommends vendors to follow a security framework, or at least
implement the eight proposed essential requirements for securing consumer IoT devices.