1 - Introduction To IoT

Information Security
Office of Budget and Finance

Education – Partnership – Solutions
The Internet of Things (IoT)
Dr. Basudeba Behera

1
Contents
• Introduction/Overview
• The Internet of Things
• Applications of IoT
• Challenges and Barriers in IoT
• Future of IoT
2
Internet Revolution
3
Impact of the Internet
4
Internet Usage and Population Statistics
5
Connected World
6
Various Names, One Concept

• M2M (Machine to Machine)
• “Internet of Everything” (Cisco Systems)
• “World Size Web” (Bruce Schneier)
• “Skynet” (Terminator movie)
7
8
What is IoT? Information Security
• “Internet of Objects” “Machine-to-Machine Era” “Internet of Everything”

The Internet of Things (IoT) is the network of physical objects—
devices, vehicles, buildings and other items embedded with electronics,
software, sensors, and network connectivity—that enables these objects
to collect and exchange data.
(1) The Internet of Things, also called The Internet of Objects, refers to a
wireless network between objects, usually the network will be wireless
and self configuring, such as household appliances.
------Wikipedia
9
What is IoT? Information Security
(2) Internet of Things refers to the concept that the Internet is no longer just
a global network for people to communicate with one another using
computers, but it is also a platform for devices to communicate
electronically with the world around them.”
--Center for Data and Innovation
(3) The term "Internet of Things" has come to describe a number of

technologies and research disciplines that enable the Internet to reach
out into the real world of physical objects. ------IoT 2008
(4) “Things having identities and virtual personalities operating in smart

spaces using intelligent interfaces to connect and communicate within
social, environmental, and user contexts”. -------IoT in 2020
10
Typical Views of the Internet of
Things
11
Internet of Things
•The term Internet of Things

was first used by Kevin Ashton
in 1999.
•Refers to uniquely
identifiable objects (things)
and their virtual
representations in an
Internet-like structure
12
Where is IoT? Office of Budget and Finance
It’s everywhere!
13
Smart Appliances
Wearable
Tech
Healthcare 14
15
Where is IoT? Office of Budget and Finance
On your campus…
16
17
Enabling Technologies Office of Budget and Finance
18
The IoT Market Information Security
• As of 2013, 9.1 billion IoT units

• Expected to grow to 28.1 billion
IoT devices by 2020
• Revenue growth from $1.9 trillion
in 2013 to $7.1 trillion in 2020
19
Many Different type of devices are considered
valuable technologies to enable IoT Solutions
20
Technical Perspective
21
Applications of IoT
22
Applications of IoT
23
Applications of IoT
24
Applications of IoT
25
Applications of IoT
26
Applications of IoT
27
Applications of IoT
28
Why be concerned about IoT? Office of Budget and Finance
• It’s just another computer, right?

– All of the same issues we have with
access control, vulnerability
management, patching, monitoring, etc.
– Imagine your network with 1,000,000

more devices
– Any compromised device is a foothold

on the network
29
Does IoT add additional risk? Office of Budget and Finance
• Are highly portable devices captured during vulnerability scans?
• Where is your network perimeter?
• Are consumer devices being used in areas – like health care –

where reliability is critical?
• Do users install device management software on other

computers? Is that another attack vector?
30
Attacking IoT
• Default, weak, and hardcoded credentials

• Difficult to update firmware and OS
• Lack of vendor support for repairing
vulnerabilities
• Vulnerable web interfaces (SQL injection, XSS)
• Coding errors (buffer overflow)
• Clear text protocols and unnecessary open ports
• DoS / DDoS
• Physical theft and tampering
31
Challenges and Issues
• Issues
– Society: People, security, privacy
• A policy for people in the Internet of Things:
• Legislation
– Environmental aspects
• Resource efficiency
• Pollution and disaster avoidance
– Technological
• Architecture (edge devices, servers, discovery
services, security, etc.)
• Governance, naming, identity, interfaces
• Service openness, interoperability
• Connections of real and virtual world
• Standards 32
IoT will inherit the drawbacks of the current
internet on an infinitely larger, but more
invisible scale
– Privacy – will be a huge issue when implementing
IoT
– Identity - Online Fragmentation of Identity
– Efficiency – speed - person loses identity and is
an IP address
– Decisions – do not delegate too much of our
decision making and freedom of choice to things
and machines
– Balancing
33
Transition to IPv6 – Internet protocol v6
• Establishing a common set of standards between
companies, educational systems, and nations.
– The same type of cabling,
– The same applications or programming
– The same protocol or set of rules that will apply to all
• Developing energy sources for millions -even
billions - of sensors.
– Wind
– Solar,
– Hydro-electric
34
Case Study Information Security
• Connected thermostat vulnerabilities detected by Cisco’s Talos group

allowed foothold into network
• 12 months to publish fixes for 2 vulnerabilities
• 21 months to publish fix for 1 vulnerability
• Device owners may not be aware of fixes, or have the skill to install
updates
35
Case Study: Lessons Learned

• All software can contain vulnerabilities
• Public not informed for months
• Vendors may delay or ignore issues
• Product lifecycles and end-of-support
• Patching IoT devices may not scale in

large environments
36
Recommendations Office of Budget and Finance
Accommodate IoT with existing

practices:
– Policies, Procedures, & Standards
– Awareness Training
– Risk Management
– Vulnerability Management
– Forensics
37
Recommendations Office of Budget and Finance
• Plan for IoT growth:

– Additional types of logging, log storage: Can
you find the needle in the haystack?
– Increased network traffic: will your firewall /

IDS / IPS be compatible and keep up?
– Increased demand for IP addresses both IPv4

and IPv6
– Increased network complexity – should these

devices be isolated or segmented?
• Strengthen partnerships with researchers, vendors, and

procurement department
38
Threat vs. Opportunity Education – Partnership – Solutions
• If misunderstood and misconfigured, IoT poses risk to our data,

privacy, and safety
• If understood and secured, IoT will enhance communications,

lifestyle, and delivery of services
39
References Information Security
• http://www.utsystem.edu/offices/board-regents/uts165-standards
• https://securityintelligence.com/the-importance-of-ipv6-and-the-internet-of-things/
• http://www.isaca.org/Knowledge-Center/Research/ResearchDeliverables/Pages/internet-of-things-risk-
and-value-considerations.aspx
• https://www.owasp.org/images/7/71/Internet_of_Things_Top_Ten_2014-OWASP.pdf
• https://www.owasp.org/images/3/36/IoTTestingMethodology.pdf
• http://blog.sec-consult.com/2015/11/house-of-keys-industry-wide-https.html
• http://blog.trendmicro.com/trendlabs-security-intelligence/high-profile-mobile-apps-at-risk-due-to-three-
year-old-vulnerability/#
• http://www.rs-online.com/designspark/electronics/knowledge-item/eleven-internet-of-things-iot-
protocols-you-need-to-know-about
• https://thenewstack.io/tutorial-prototyping-a-sensor-node-and-iot-gateway-with-arduino-and-raspberry-
pi-part-1
• http://www.business.att.com/content/article/IoT-worldwide_regional_2014-2020-forecast.pdf
• http://blog.talosintel.com/2016/02/trane-iot.html
• http://krebsonsecurity.com/2016/02/iot-reality-smart-devices-dumb-defaults/
• http://www.gsma.com/connectedliving/gsma-iot-security-guidelines-complete-document-set/
40
Thank you!
41

1 - Introduction To IoT

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

1 - Introduction To IoT

Uploaded by

Copyright:

Available Formats

Information Security

Office of Budget and Finance

Dr. Basudeba Behera

Various Names, One Concept

• M2M (Machine to Machine)

• “Internet of Everything” (Cisco Systems)

• “World Size Web” (Bruce Schneier)

• “Skynet” (Terminator movie)

• “Internet of Objects” “Machine-to-Machine Era” “Internet of Everything”

--Center for Data and Innovation

(3) The term "Internet of Things" has come to describe a number of

(4) “Things having identities and virtual personalities operating in smart

•The term Internet of Things

• As of 2013, 9.1 billion IoT units

• It’s just another computer, right?

– Imagine your network with 1,000,000

– Any compromised device is a foothold

• Are highly portable devices captured during vulnerability scans?

• Where is your network perimeter?

• Are consumer devices being used in areas – like health care –

• Do users install device management software on other

• Default, weak, and hardcoded credentials

• Connected thermostat vulnerabilities detected by Cisco’s Talos group

Case Study: Lessons Learned

• All software can contain vulnerabilities

• Public not informed for months

• Vendors may delay or ignore issues

• Product lifecycles and end-of-support

• Patching IoT devices may not scale in

Accommodate IoT with existing

• Plan for IoT growth:

– Increased network traffic: will your firewall /

– Increased demand for IP addresses both IPv4

– Increased network complexity – should these

• Strengthen partnerships with researchers, vendors, and

Threat vs. Opportunity Education – Partnership – Solutions

• If misunderstood and misconfigured, IoT poses risk to our data,

• If understood and secured, IoT will enhance communications,

You might also like