KEMBAR78
Unit 6: Internet of Things: Iot Privacy, Security and Vulnerabilities Solutions | PDF | Security | Computer Security
0% found this document useful (0 votes)
991 views51 pages

Unit 6: Internet of Things: Iot Privacy, Security and Vulnerabilities Solutions

This document discusses IoT privacy, security and vulnerabilities. It covers basics of IoT security including the importance of securely transmitting messages. Privacy is important to prevent unauthorized access to data like video clips. Security aims to safeguard data while privacy safeguards user identity. The document defines key terms and outlines vulnerabilities at different layers of IoT. It examines privacy, vulnerabilities, security requirements and performing threat analysis using the STRIDE methodology and Microsoft Threat Modeling Tool. The document also discusses use cases, misuse cases and examples of each. Finally, it mentions IoT security tomography and using layer attack models.

Uploaded by

Khushbu Bora
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
991 views51 pages

Unit 6: Internet of Things: Iot Privacy, Security and Vulnerabilities Solutions

This document discusses IoT privacy, security and vulnerabilities. It covers basics of IoT security including the importance of securely transmitting messages. Privacy is important to prevent unauthorized access to data like video clips. Security aims to safeguard data while privacy safeguards user identity. The document defines key terms and outlines vulnerabilities at different layers of IoT. It examines privacy, vulnerabilities, security requirements and performing threat analysis using the STRIDE methodology and Microsoft Threat Modeling Tool. The document also discusses use cases, misuse cases and examples of each. Finally, it mentions IoT security tomography and using layer attack models.

Uploaded by

Khushbu Bora
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 51

Unit 6: Internet of Things

IoT Privacy, Security and


Vulnerabilities Solutions
This document is for private circulation for Btech,
Computer 2020-21 Cummins college of
Engineering students. It contains data from
various sources and is intended to be used for
educational purposes only.
Basics about security


Security of IoT systems are very important. For Ex. Consider the
ATM messages. They should communicate on internet securely

The security distortion may lead to serious consequences

Privacy is also important as video clips communicates on the
internet in a smart home security application. If the clips reach to
unrelated entitiites, It can lead to serious breach of home security

Security is about the safeguarding of data, whereas privacy is about
the safeguarding of user identity

Industrial organization Allseen Alliance is dedicated for enabling
interoperability of IoT devices and applications

Design of IoT system must ensure Privacy and Security
Some Key Terms

Message- String that represents Data

Hash- It is a bundle which gives an irreversible result after many
operations on data and the operations are just one way

Digest- It a process which gives irreversible result involving
many operations

Encryption is a process of generating new data using a secret
key know only to receiver

Decryption- It is a process which retrives data from the
encrypted data

Use Case- List of event or actions

Misuse case- It defines the behaviour which is not required from
the software under devlopment
Some Key Terms

Layer- Stage during set of actions at which action is taken as per
the specific protocol and then result passes to next layer

Sublayer- Set of actions sequentially taking place at the layer

Firewall- Software interface which interconnects networks with
differing trust. It performs monitoring and controlling

It allows only authorized traffic and imposes restrictions on
network services

Now we will see some processes and actions for ensuring security
And privacy that are taken at the device, network, transport,
application and at service levels
VULNERABILITIES, SECURITY REQUIREMENTS AND THREAT ANALYSIS

1. Privacy

Message Privacy

It means no interference or disturbance from other

It means messages only reach to the centre and used only by the
services of the centre

IoT necessarily need privacy policy

A privacy policy needs to determine that how much of IoT
devices data and which data need absolute privacy and which
needs limited privacy

NIST developing standards for privacy

A system may secure but may inadverantly breach the privacy
of an individual
VULNERABILITIES, SECURITY REQUIREMENTS AND THREAT ANALYSIS

Security authorities and agencies need support for accessing data


which may be private for individuals
Privacy standards for IoT data are under development
Organization 'I am The Cavarly'
2. Vulnerabilities for IoT
It means weak without complete protection
An IoT security article describes that there are many vulnerabilities,
due to participation of the number of layers, hardware sublayers and
software in applications and services
Sensors, machines, automobiles, services each faces different kind of
vulnerabilities
IoT netowork can be vulnerable to eavesdropping(secreatly
listening to private communication)
VULNERABILITIES, SECURITY REQUIREMENTS AND THREAT ANALYSIS

Eavesdropper creates security issues.


For eg. 'E' listens to the messages and commands in the network
during communication and obtains confidential messages
A server at 'E' sends fake commands which a server S for the devices
data assumes that are from the devices or applications
'S' issues responses for the device operations in response to requests
from 'E'
'E' listens these responses
A fake device at 'E' can be used to send the device data such as sensor
data, requests and commands from 'E' for disrupting the control systems
Use of encryption key can protect the messages
The 'Key' is device software generated string
It can be crack by trying large number of combinations
VULNERABILITIES, SECURITY REQUIREMENTS AND THREAT ANALYSIS

Open Web Application Security Policy(OWASP)


It is open source and has free to use licensing policy
It works on Attack surfaces Areas , vulnerabilities
It has identified top 10 vulnerabilities in IoT :
Insecure Web Interface

Insufficient Authentication and Authorization

Inseucre network services

Lack of transport encryption

Privacy concerns

Insecure Cloud Interface

Insecure data Interface

Insecure Software
VULNERABILITIES, SECURITY REQUIREMENTS AND THREAT ANALYSIS

Question: What are the attack surface areas in Device web


interface(DWI) and Cloud web Interface(CWI) defined in OWASP?
For DWI: SQL Injection, account lock out, username enumeration,
weak passwords and known default credentials
For CWI: SQL Injection, account lock out, username enumeration,
weak passwords and known default credentials and
transport encryption
encrypted personally identifiable information sent
unencrypted PII sent
device information leaked
location leaked, cloud user data disclosure
user device location disclosure
VULNERABILITIES, SECURITY REQUIREMENTS AND THREAT ANALYSIS

3. Security Requirements
IoT reference architecture(guide) is set of-
1. Functional 2. Information 3. Deployment 4. Operational
Security consists of Functional View F and it has FG(functional
group). FG contains 5 sets of functions which are required for ensuring
security and privacy
5 Functional Components(FC's) are:
1. Identity Management
2. Autherntications-authentication is the process of verifying who a user
3. Authorization- Authorization is the process of verifying what they
have access to
4. Key exchange and management
5. Trust and Reputation
VULNERABILITIES, SECURITY REQUIREMENTS AND THREAT ANALYSIS
VULNERABILITIES, SECURITY REQUIREMENTS AND THREAT ANALYSIS

4. Threat Analysis
It is a tool first generates the threats and analyses a system for
threats
It means uncovering the security design flaws after specifying the
stride catagory
STRIDE is an acronym that stands for 6 categories of security
risks: Spoofing, Tampering, Repudiation, Information
Disclosure, Denial of Service, and Elevation of Privileges. Each
category of risk aims to address one aspect of security
It also has a meaning like passing over in one long step
How ia threat analysis for a system performed using Microsoft
Threat Modelling Tool 2014?

A model is designed with Stride and elements


Tool has 3 components- Getting Strated, Create a Model and Open
Model
Tool provide definition for new threats using stride catagory
How ia threat analysis for a system performed using Microsoft
Threat Modelling Tool 2014?

Tool predefines a number of threat catagories


Tool messages display shows the vulnerabilities and data flow
diagrams
Analysis view shows threats which are active and which are inactive
Foe eg. Data store is inaccessible
Eg. of Threat 'Daniel of servie Attack'
A Denial-of-Service (DoS) attack is an attack meant to shut down a
machine or network, making it inaccessible to its intended users
USE CASES AND MISUSE CASES

UML notation use case diagram are required for the Fcs of a security FG
Use case analysis enables the requirement analysis
Use cases are key features of many models and frameworks for processes
development
Oracle Unified Method(OUM) and IBM Rational Unified Process(RUP)
are examples of frameworks for S/W development
USE CASES AND MISUSE CASES
Question : What are the examples of security issues for which use cases are
required in IoT?
USE CASES AND MISUSE CASES
Question : What are the examples of security issues for which misuse cases
are required in IoT so that the requirements of new use cases can be
analysed?
Identity misuse case
Eavesdropping
Fake Server
Fake Device Platform
Unauthorized Access to a data store
MISUSE CASES
Misuse case is a business process modeling tool usedin the software
development industry
The term Misuse Case or mis-use case is derived from and is the inverse
of use case
It describes the process of executing a malicious act against a system
Advantages of misuse cases
Quality is increased because non-functional requirements are noticed
Developers and customers can better understand the system
Measures are immediately visible because risks and counter-measures are
visualized
Risk analysis is possible early on
Risks can be recognized customer-specifically
Traceability is ensured because features to increase security have to be
revised
MISUSE CASES
Applications of Misuse Cases

• Eliciting Security Requirements

• Eliciting Safety Requirements

• Identifying Exceptions

• Identifying Test Cases

• Design Trade-offs
MISUSE CASES
The creation process is composed of the following steps:

Determine the functionality of the system and create use cases

Identify the system’s risks or threatening actors and create misuse


cases and misactors

Link misuse cases with the use cases that they endanger

Determine the features that misuse cases could prevent, and link
them with use cases

Repeat steps 1 – 4 and refine the use cases and misuse cases
MISUSE CASES Examples
MISUSE CASES Examples
MISUSE CASES Examples
IoT Security Tomography and Layer Attack Models
Computational Tomography
A computing method of producing a three-dimensional picture of the
internal structures of an object
By observation and recording of the differences in effects on passage of
energy waves impinging on those structures
Identifying the network vulnerabilities
Used in computational security in complex set of networks
It enables design of efficient attack strategies
Security Tomography
Means finding attack vulnerable sections/subsections
Observations for behaviours using a finite number of objects or threats
in a complex set of subsystems
IoT Security Tomography and Layer Attack Models
Network Tomography
Refers to study of vulnerabilities and security aspects for network
monitoring in a complex system such as WSNs, RFIDs networks, IoT
networks
By allocating resources and ensuring the network reliability and
security
Layered Attacker Model
It gives possible attacks on the layers
Layered Attacker Model
Layer 1 Attacks Solution
• Depends on the devices used
• For example, link level provisioning of security Uses—BT LE link level
AES-CCM 128 authenticated encryption algorithm for confidentiality and
authentication, and
• ZigBee at link level security using AES-CCM-128.

Layer 2 Attacks Solution



Programming the network switches to prevent internal node attacks during
use of DHCP or Spanning Tree Protocol (STP)

Additional controls:

1. ARP inspection,

2. Disabling unused ports and

3. Enforcing effective security on VLAN’s (Virtual LAN)


to prevent VLAN hopping.
Layered Attacker Model
Layer 3 Attacks Solution
• Use of temper resistant router
• Use of packet filtering
• A firewall for controlling routing messages and packets data
between layers 3 and 4 for reducing the risks

Layer 4 Attacks Solution



Port scanning method to Identify the vulnerable port

Effective firewall configuring and opening of network ports and
locking down ports only to those required

Inclusion of SASL (Simple Authentication and Security Layer) for
security when using the XMPP protocol.
Layered Attacker Model
Layers 5 & 6
Assume an attacker injects the SQL input to extract data from the
database. When the application fails to validate the injection, the
query extracs the data

Web application can use HTTPS Communication Link as it


provides:

Application Level Security

Allows use of digital signatures and encryption, various encryption
options

Server-Client Negotiations

Specific Algorithm
CISO Suggested Layered Framework Solutions:

•Layers 1–6: Role-based security


•Layers 1–4 Anti-temper and detection-based security
•Layers 1–6: Data protection and confidentiality
•Layers 1–6: IP protection
Identity Management and Establishment
Source of Message (s)
• Needs to specify an identity (Id) when sending the messages
•The receiver can thus know that from where the messages have been
received

The messages can be from several sensros, actuators and platforms and
those may be for several applications and services

MAC Address can specify identity of a computing device platform

An URI can then be used as Universal resource identifier on Internet.

An Object Identifier (OID) in IoT have following identifires:
Types of things: Streetlight, vehicle, ATM, WSN,RFID
Class identifier: Class, type, or category of things, make and model
Instance identifier: VIN (Vehicle identity number) for vehicles
Identity Management(IdM)
IdM means managing the different identities, pseudonames, hierarchies
of group IDs as well as IDs for message senders and receivers

The FC anonymously manages the IDs

Acess Control
3 FC's in a Security FG for ensuring security and privacy are:
1. Authentication
2. Authorization
3. Key exchange and Management
Authentication

ID establishment and authentication are essential elements of access control

We Can use Hash Algorithm or MD5 that generates a fixed size hash value
using authentication data and secret key

Only hash value communicates

The receiver end receives the value and compares that with a stored value

If both are equal then sender is authenticated

Authorization

Aceess control allows only authorized device or application to a resource

It is essesntial element of secure access control. Some standard
authorization model are: ACL for coarse-grain access control, RBAC for
fine grain access control, ABAC

An access control server and data communication gateway can be
cenrally used to control accesses between application and IoT devices

Each device can access the server and communicates data to another
server
Key Exchange and Management
Message Integrity

It means maintaining and assuring the accuracy and consistency over its
entire life cycle

It means message remains unaltered. A msg should not be altred during
its communication

The encrypted data after decrypting should be identical to one before
communication

Message Integrity check invloves: Hash Function with hash value h0
taking the message M0 and K as inputs

Appends the h0 along with message

Communicate or store h0

Integirty Check

Retrieve M any time later. Assume that retrived message M1

Calculate 128 ,192 or 256 hash value h1, taking message M1 and K as
inputs

Compare h1 and h0

Message is unchanged if h1=h0 and integrity check passes else fails
Message Non-Repudiation

It is the the assurance that someone cannot deny the validity of
something

non-repudiation refers to the ability to ensure that a party to a contract
or a communication must accept the authenticity of their signature on a
document or the sending of a message.

It is like once having communicated data to a sender cannot deny it later
that message was not sent from the source

The servie provide proof of message's origin as well as its integirty

A digital certificate asserts the origin using public infrastructure by a
trusted digital certifying service
Mesage Availability
It affects when daniel of service attack occurs. Because source-
end message is unavailable to the intended destination-end on
DoS
SECURITY MODELS,PROFILES AND PROTOCOLS FOR IoT
The Internet Engineering Task Force is an open standards organization, which develops and
promotes voluntary Internet standards, in particular the standards that comprise the Internet
protocol suite.IETF recommended some security models for 5 security profiles
SECURITY MODELS,PROFILES AND PROTOCOLS FOR IoT
SECURITY PROTOCOLS FOR IoT

Open Trust Protocol



To deal with the risk, the companies collaborated on the Open
Trust Protocol (OTrP), which combines a secure architecture
with trusted code management

It manages security configurations in a Trusted Excecution
Eviornment (TEE)

It is used for installing, updating and deleting applications and
services

OTrP is equipped with a TEE and is pre-provisioned with a
device-unique public/private key pair, which is securely stored

This key pair is referred to as the “root of trust.” A service
provider uses such a device to run Trusted Applications (TAs).
SECURITY PROTOCOLS FOR IoT

The key components of the OTrP system are:

Trusted Services Manager (TSM): The TSM is responsible for originating and coordinating lifecycle
management activity on a particular TEE. It’s at the core of the protocol and manages the trust in the
devices on behalf of service providers.
Certificate authority: Mutual trust between a device, a TSM, and services providers is based on
certificates. A device embeds a list of root certificates, called trust anchors, from trusted certificate
authorities that will be used to validate a TSM. A TSM will remotely validate a device by checking that a
device comes with a certificate from a trusted certificate authority.
Trusted Execution Environment in the device: The TEE resides in the device chip security zone and is
responsible for protecting applications from attack, enabling them to perform secure operations.
SECURITY PROTOCOLS FOR IoT

Use cases for OTrP


1. Identity management for enterprise systems
2. Strong authentication and display protection for payment systems
3. Enterprise systems: VPN, secure access to web sites
4. Digital Rights Management applications
5. Automotive systems: authentication, pay as you drive, in-application
purchasing
6. Healthcare: authentication, privacy management
7. Home automation: authentication, privacy
SECURITY PROTOCOLS FOR IoT
Datagram Transport Layer Securty Protocol

It is used for maintaining the privacy during the datagram

It enables protection from eavesdropping,tampering or
message faking

TLS is the basis of DTLS for data segment communication
using transport layer
SECURITY PROTOCOLS FOR IoT
X.509 protocol

X.509 is a standard defining the format of public-key certificates.

It referes to issue of a digital certificate with a trust based on TTP
authorized certification authority

It deploys public key Infrastructure that manages digital
certificates and public key encryption

It is used for secure communication with the web

An X.509 contains a public key and an identity (a hostname, or
an organization, or an individual), and is either signed by a
certificate authority or self-signed

When a certificate is signed by a trusted certificate authority, or
validated by other means, someone holding that certificate can
rely on the public key it contains to establish secure
communications with another party, or validate documents
digitally signed by the corresponding private key
QuestionTime
What is a firewall in computer networks:
a. A system designed to prevent unauthorized access
b. A web browser
c. The physical boundary of network
d. The Network Operating System

Physical cum data-link layer in the IoT model consists of a local are
network/personal are network.
True
False
cannot say
Hash uses a 128 bit block size and a key size of __________ bits.
a. 128 or 192
b. 128 or 256
c. 128, 192, or 256
d. 128, 192 and 256

An encryption scheme is unconditionally secure if the ciphertext generated does not


contain enough information to determine uniquely the corresponding plaintext, no
matter how much cipher text is available.
a. True
b. False
Even with two-factor authentication, users may still be vulnerable
to_____________attacks.
a. Scripting
b. Cross attack
c. Man-in-the-middle
d. Radiant
Process of identifying any individual
a. Auditing
b. Authorisation
c. Authentication
d. Accounting
Process that prevents someone from denying that she accessed resource-
a. Accounting
b. Non-repudiation
c. Sniffing
d. Authorisation
The most common form of authentication is:
a. Password
b. Smart cards
c. PIN
d. Digital certificates
The process of indentifying a person before giving an access?
a. Authentication
b. Encryption
c. Auditing
d. Access control
What concept determines what resources users can access after they log on?
a. Auditing
b. Defense in depth
c. Authentication
d. Access control
What do you call the scope that hacker can use to break into a system
a. Attack surface
b. Defense in depth
c. Principle of least privilege
d. Risk mitigation
What kind of electronic document contains a public key?
a. PIN
b. Digital certificate
c. PAN
d. Biometrics
Which of the following is threat to IoT Device
a. Virus
b. All of the above
c. People
d. Natural Disaster
e. Spoofing

You might also like