Scribd Logo
Upload

Welcome to Scribd!

  • aman

    Uploaded by

    physics lover
    2 views23 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    2 views23 pages

    aman

    Uploaded by

    physics lover

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 23

    Seminar Presentation

    Department
    of
    Electronics and Communication
    Research Topic

    IoT: Internet of Threats? A Survey of Practical


    Security Vulnerabilities in Real IoT Devices

    Student Name :
    Research Guide :
    Aman Kumar Roy
    Prof. Rajesh Saha
    2020UEC1629
    Contents :-
    Intoduction
    Security Challenges
    Security Mechanism
    Security of IoT
    Conclusion
    Introduction -
    Rapid growing network .

    Very convenient and beneficial but many security vulnerabilities.

    Many of these services require users to intentionally reveal personal data for
    advanced and more personalized services.

    Hacking and Exploitation.

    Serious security breaches and financial losses.


    Security Challenges
    Attacks are simple and easy

    Collected data can be any thing

    # Security Requirements
    There are three levels where security is required:-

    1.Information Level

    2. Access Level

    3.Functional Level
    Information Level
    At this level, security should guarentee the following requirements:

    1) Integrity: The received data should not be altered during transmission.

    2) Anonymity: The identity of the data source should remain hidden from third parties.

    3) Confidentiality: Data cannot be read by third parties.

    4) Privacy: The user’s private information should not be disclosed during the data exchange.
    Access Level
    It specifies some security mechanisms to control the access of the network:

    1) Access Control: Only legitimate users have access

    2) Authentication: Does device has the right to access a network and vice

    - versa

    3) Authorization: Only authorized devices and users get access


    Functional Level

    This level defines the security requirements in terms of the following criteria.

    1) Resilience: Network's capacity to ensure security, even in case of attacks and failures.

    2) Self Organization: Capability to adjust to remain operational even in failure or malicious

    attacks.
    Security Mechanism
    Standard security mechanisms designed to overcome the above problems are:

    Encryption
    Light Weight Cryptography
    Random Number Generators
    Secure Hardware
    Intrusion detection System
    Ecnryption
    Confidentiality during communication.
    Convert actual message to different one.
    Reverted only with a secret key.

    Standard Encryption Mechanism


    Can be performed in two ways:
    1. Bit-by-Bit
    2. Block cipher

    Most used in advanced encryption standard (AES) (or Rijndael).


    Published in 2001 by the National Institute of Standards and Technology (NIST).

    AES is Cascade of N successive series of three elementary cipher


    Series of three Elementary cipher

    The three Blocks are:

    Substitution(S) Cipher
    Transportation(T) Cipher
    Linear(L) Cipher

    Depending on the length of the key, the number of blocks as well as the name is determined.
    Lightweight Cryptography
    Low-complexity IoT devices.
    Resource and energy-constrained devices.
    Required to design specific security algorithms.
    Standard lightweight cryptography mechanism - PRESENT and CLEIFA.
    Random Number Generator
    Randomness - the base of encryption.
    Cryptographically secure when probability lesser than 1/2.

    Commonly used for cryptographic applications:


    1) The true random number generator (TRNG) -
    Exploits physical noise

    2) The pseudo-random number generator (PRNG) -


    Expands short key into a long random bits
    Deterministic Algo
    Real application and technology
    Secure Hardware
    Secure hardware is also required.

    Physically unclonable functions (PUFs) can be adopted.


    PUF exploits little differences introduced by the fabrication process to generate
    unique signature for each device.
    Intrusion Detection System

    Should detect ongoing attacks.


    Complex anti-virus software and traffic analyzer can't be used(constrained).
    Security of Common IoT Communication Technologies
    Popular transmission technologies :
    1. ZigBee
    2. BLE
    3. 6LoWPAN
    4. LoRaWAN.

    Among these technologies, ZigBee, BLE, and 6LoWPAN are predominantly


    used for short-range communications in homes or small offices.

    LoRaWAN instead is used for long-range scenarios, such as city-wide


    monitoring and control applications.
    A. ZigBee
    Two way wireless communication
    Low cost and power consumption
    Each network includes a Trust Center
    Star or Tree topology
    Attack Surface
    Discovering key
    B. Bluetooth Low Energy(BLE)
    Widely used short range service

    Master and Slave Concept


    Star Topology
    Attack Surface
    Pairing
    Conclusion

    Benefits, but serious security risks also.


    Role of manufacturers and users.
    Resources

    www.google.com
    www.canva.com
    ieeexplore.ieee.org
    en.wikipedia.org/wiki/Internet_of_things

    You might also like