IoT Security Fundamentals That Must Be...
Transcript of IoT Security Fundamentals That Must Be...
![Page 1: IoT Security Fundamentals That Must Be Solved1zkq0n152z6rnp4v81tnk1zh.wpengine.netdna-cdn.com/... · fredrik@apptimate.io fredrik.beckman@combitech.se IoT is all about the application,](https://reader036.fdocuments.in/reader036/viewer/2022071219/605466cf274df9538a1ed368/html5/thumbnails/1.jpg)
IoT Security Fundamentals
That Must Be Solved
Fredrik Beckman
CEO Apptimate AB
Engagement Manager Combitech AB
September 2016
1
![Page 2: IoT Security Fundamentals That Must Be Solved1zkq0n152z6rnp4v81tnk1zh.wpengine.netdna-cdn.com/... · fredrik@apptimate.io fredrik.beckman@combitech.se IoT is all about the application,](https://reader036.fdocuments.in/reader036/viewer/2022071219/605466cf274df9538a1ed368/html5/thumbnails/2.jpg)
2
1. IoT products must die
2. Rosetta stone
3. Thanks' for letting me in!
4. The fall of the wall
5. Rubber bands
6. The disappearing act
![Page 3: IoT Security Fundamentals That Must Be Solved1zkq0n152z6rnp4v81tnk1zh.wpengine.netdna-cdn.com/... · fredrik@apptimate.io fredrik.beckman@combitech.se IoT is all about the application,](https://reader036.fdocuments.in/reader036/viewer/2022071219/605466cf274df9538a1ed368/html5/thumbnails/3.jpg)
3
IOT PRODUCTS MUST DIEproduct life cycle management and EOL
![Page 4: IoT Security Fundamentals That Must Be Solved1zkq0n152z6rnp4v81tnk1zh.wpengine.netdna-cdn.com/... · fredrik@apptimate.io fredrik.beckman@combitech.se IoT is all about the application,](https://reader036.fdocuments.in/reader036/viewer/2022071219/605466cf274df9538a1ed368/html5/thumbnails/4.jpg)
Release
Hack
Patch
Breach
Patch
New hack
SECURITY IS AN ITERATIVE PROCESS
4
Remote push updates
Maintain critical operation
Hot Swap
Supplier Swap
Don’t be the weakest link
LIABILITIES
![Page 5: IoT Security Fundamentals That Must Be Solved1zkq0n152z6rnp4v81tnk1zh.wpengine.netdna-cdn.com/... · fredrik@apptimate.io fredrik.beckman@combitech.se IoT is all about the application,](https://reader036.fdocuments.in/reader036/viewer/2022071219/605466cf274df9538a1ed368/html5/thumbnails/5.jpg)
Microsoft stopped providing security patches for Windows XP on April 8, 2014
5
![Page 6: IoT Security Fundamentals That Must Be Solved1zkq0n152z6rnp4v81tnk1zh.wpengine.netdna-cdn.com/... · fredrik@apptimate.io fredrik.beckman@combitech.se IoT is all about the application,](https://reader036.fdocuments.in/reader036/viewer/2022071219/605466cf274df9538a1ed368/html5/thumbnails/6.jpg)
THE NON-DIGITAL MARKET IS SLOW
Cars can live for 30 years or more
They need a recall or service intervals for updates
6
Digital is actually NO better
COBOL is still ALIVE and kicking:90% of Fortune 500 business systems are supported daily by COBOL
70% of all critical business logic and data is written in COBOL
* http://cobolpros.com/the-need-for-cobol/
![Page 7: IoT Security Fundamentals That Must Be Solved1zkq0n152z6rnp4v81tnk1zh.wpengine.netdna-cdn.com/... · fredrik@apptimate.io fredrik.beckman@combitech.se IoT is all about the application,](https://reader036.fdocuments.in/reader036/viewer/2022071219/605466cf274df9538a1ed368/html5/thumbnails/7.jpg)
7
IOT PRODUCTS WILL STAY ALIVE
WAY LONGER THAN EXPECTED
What’s your legacy?
![Page 8: IoT Security Fundamentals That Must Be Solved1zkq0n152z6rnp4v81tnk1zh.wpengine.netdna-cdn.com/... · fredrik@apptimate.io fredrik.beckman@combitech.se IoT is all about the application,](https://reader036.fdocuments.in/reader036/viewer/2022071219/605466cf274df9538a1ed368/html5/thumbnails/8.jpg)
8
ROSETTA STONEinteroperability
![Page 9: IoT Security Fundamentals That Must Be Solved1zkq0n152z6rnp4v81tnk1zh.wpengine.netdna-cdn.com/... · fredrik@apptimate.io fredrik.beckman@combitech.se IoT is all about the application,](https://reader036.fdocuments.in/reader036/viewer/2022071219/605466cf274df9538a1ed368/html5/thumbnails/9.jpg)
“The nice thing about IoT standards is that
you have so many to choose from;
And, if you do not like any of them, you can
just wait for next year’s model.”
Andrew S. TanenbaumProfessor Computer Science
Vrije Universiteit, Amsterdam
9
![Page 10: IoT Security Fundamentals That Must Be Solved1zkq0n152z6rnp4v81tnk1zh.wpengine.netdna-cdn.com/... · fredrik@apptimate.io fredrik.beckman@combitech.se IoT is all about the application,](https://reader036.fdocuments.in/reader036/viewer/2022071219/605466cf274df9538a1ed368/html5/thumbnails/10.jpg)
IOT -A WILD WEST
360+ IoT platforms
100+ protocols
![Page 11: IoT Security Fundamentals That Must Be Solved1zkq0n152z6rnp4v81tnk1zh.wpengine.netdna-cdn.com/... · fredrik@apptimate.io fredrik.beckman@combitech.se IoT is all about the application,](https://reader036.fdocuments.in/reader036/viewer/2022071219/605466cf274df9538a1ed368/html5/thumbnails/11.jpg)
11
![Page 12: IoT Security Fundamentals That Must Be Solved1zkq0n152z6rnp4v81tnk1zh.wpengine.netdna-cdn.com/... · fredrik@apptimate.io fredrik.beckman@combitech.se IoT is all about the application,](https://reader036.fdocuments.in/reader036/viewer/2022071219/605466cf274df9538a1ed368/html5/thumbnails/12.jpg)
DEVELOPER PAIN
- 6LowPAN by IETF (IPv6 for IoT)
- AllJoyn by AllSeen Alliance*
- AMQP by OASIS
- CoAP by IP for Smart Objects Alliance
- Contiki by Thingsquare*
- DDS by Object Management Group
- HomeKit by Apple*
- HTTP by W3C
- IoT Platform by Intel*
- Mbed by ARM*
- MQTT by IBM
- IoTivity by Open Interconnect Consortium*
- Stomp by Stomp Spec Group
- Thread by Thread Group
- WAMP by Tavendo
- WebSocket by IETF
- XMPP by XMPP Standards Foundation
- ZeroMQ by iMatix*
- ZigBee by ZigBee Alliance
- Z-Wave by Z-Wave Alliance
*platform rather than protocol
12
“The application shall
communicate with mobiles,
cloud, central database and IoT
sensors from all our suppliers!
It must be fast and SECURE!
And we need it next week!”
![Page 13: IoT Security Fundamentals That Must Be Solved1zkq0n152z6rnp4v81tnk1zh.wpengine.netdna-cdn.com/... · fredrik@apptimate.io fredrik.beckman@combitech.se IoT is all about the application,](https://reader036.fdocuments.in/reader036/viewer/2022071219/605466cf274df9538a1ed368/html5/thumbnails/13.jpg)
IT’S ABOUT THE WHOLE APPLICATION
- everything integrated –
WHERE IS THE WEAKEST LINK?
13
![Page 14: IoT Security Fundamentals That Must Be Solved1zkq0n152z6rnp4v81tnk1zh.wpengine.netdna-cdn.com/... · fredrik@apptimate.io fredrik.beckman@combitech.se IoT is all about the application,](https://reader036.fdocuments.in/reader036/viewer/2022071219/605466cf274df9538a1ed368/html5/thumbnails/14.jpg)
14
THANKS' FOR LETTING ME INremote access and control
![Page 15: IoT Security Fundamentals That Must Be Solved1zkq0n152z6rnp4v81tnk1zh.wpengine.netdna-cdn.com/... · fredrik@apptimate.io fredrik.beckman@combitech.se IoT is all about the application,](https://reader036.fdocuments.in/reader036/viewer/2022071219/605466cf274df9538a1ed368/html5/thumbnails/15.jpg)
HOW YOUR TEA KETTLE COULD TAKE IT ALL DOWN1
5
BlackBerry Security Summit 2016
![Page 16: IoT Security Fundamentals That Must Be Solved1zkq0n152z6rnp4v81tnk1zh.wpengine.netdna-cdn.com/... · fredrik@apptimate.io fredrik.beckman@combitech.se IoT is all about the application,](https://reader036.fdocuments.in/reader036/viewer/2022071219/605466cf274df9538a1ed368/html5/thumbnails/16.jpg)
REMOTE CONTROL DDoS
Manipulation
Control remotely
16
WIRED hacks a Jeep Cherokee
12 of 15 Bluetooth SmartLocks easy to hack
Hack attack causes 'massive damage'
at German steel works
![Page 17: IoT Security Fundamentals That Must Be Solved1zkq0n152z6rnp4v81tnk1zh.wpengine.netdna-cdn.com/... · fredrik@apptimate.io fredrik.beckman@combitech.se IoT is all about the application,](https://reader036.fdocuments.in/reader036/viewer/2022071219/605466cf274df9538a1ed368/html5/thumbnails/17.jpg)
17
THE FALL OF THE WALLdecentralized applications in public networks
![Page 18: IoT Security Fundamentals That Must Be Solved1zkq0n152z6rnp4v81tnk1zh.wpengine.netdna-cdn.com/... · fredrik@apptimate.io fredrik.beckman@combitech.se IoT is all about the application,](https://reader036.fdocuments.in/reader036/viewer/2022071219/605466cf274df9538a1ed368/html5/thumbnails/18.jpg)
18
No firewalls
Decentralized applications
End-2-End encryption needed
Strong authentication
Unique IDs is the key
Multiple applications per device
Application security
PUBLIC NETWORKS IS THE NEW NORM
![Page 19: IoT Security Fundamentals That Must Be Solved1zkq0n152z6rnp4v81tnk1zh.wpengine.netdna-cdn.com/... · fredrik@apptimate.io fredrik.beckman@combitech.se IoT is all about the application,](https://reader036.fdocuments.in/reader036/viewer/2022071219/605466cf274df9538a1ed368/html5/thumbnails/19.jpg)
19
RUBBER BANDSroaming over multiple network technologies with varying bandwidth
![Page 20: IoT Security Fundamentals That Must Be Solved1zkq0n152z6rnp4v81tnk1zh.wpengine.netdna-cdn.com/... · fredrik@apptimate.io fredrik.beckman@combitech.se IoT is all about the application,](https://reader036.fdocuments.in/reader036/viewer/2022071219/605466cf274df9538a1ed368/html5/thumbnails/20.jpg)
STAY CONNECTED
GPRS
3G
4G
LTE
5G
Satellite
WiFi
Bluetooth
DECT
Z-wave
ZigBee
…
AND MANY MORE
20
Roaming is essential
Different connection tech in different parts of applications
Security over a chain of connections, proxies, hubs
![Page 21: IoT Security Fundamentals That Must Be Solved1zkq0n152z6rnp4v81tnk1zh.wpengine.netdna-cdn.com/... · fredrik@apptimate.io fredrik.beckman@combitech.se IoT is all about the application,](https://reader036.fdocuments.in/reader036/viewer/2022071219/605466cf274df9538a1ed368/html5/thumbnails/21.jpg)
End-2-End securitystrong authenticationpersistent connection
live feed from equipmentpublic networks
varying connectionsystem integration
eHEALTH
![Page 22: IoT Security Fundamentals That Must Be Solved1zkq0n152z6rnp4v81tnk1zh.wpengine.netdna-cdn.com/... · fredrik@apptimate.io fredrik.beckman@combitech.se IoT is all about the application,](https://reader036.fdocuments.in/reader036/viewer/2022071219/605466cf274df9538a1ed368/html5/thumbnails/22.jpg)
IT’S ALL ABOUT THE APPLICATION – NOT THE COMPONENTS
Varying bandwidth and radio shadow
Constrained nodes & connections
Latency
Distributed processing
Fog computing
22
More reading about Object Security in constrained environments: http://significantbits.io/
![Page 23: IoT Security Fundamentals That Must Be Solved1zkq0n152z6rnp4v81tnk1zh.wpengine.netdna-cdn.com/... · fredrik@apptimate.io fredrik.beckman@combitech.se IoT is all about the application,](https://reader036.fdocuments.in/reader036/viewer/2022071219/605466cf274df9538a1ed368/html5/thumbnails/23.jpg)
23
THE DISAPPEARING ACTsimplicity and NO user configuration
![Page 24: IoT Security Fundamentals That Must Be Solved1zkq0n152z6rnp4v81tnk1zh.wpengine.netdna-cdn.com/... · fredrik@apptimate.io fredrik.beckman@combitech.se IoT is all about the application,](https://reader036.fdocuments.in/reader036/viewer/2022071219/605466cf274df9538a1ed368/html5/thumbnails/24.jpg)
24
![Page 25: IoT Security Fundamentals That Must Be Solved1zkq0n152z6rnp4v81tnk1zh.wpengine.netdna-cdn.com/... · fredrik@apptimate.io fredrik.beckman@combitech.se IoT is all about the application,](https://reader036.fdocuments.in/reader036/viewer/2022071219/605466cf274df9538a1ed368/html5/thumbnails/25.jpg)
THE ONLY SECURITY WORTH ANYTHING
IS THE ONE THAT IS USED
YOUR SECURITY SOLUTION MUST BE EASY TO USE FOR
USERS, ADMINISTRATORS,
DEVELOPERS AND INTEGRATORS
25
![Page 26: IoT Security Fundamentals That Must Be Solved1zkq0n152z6rnp4v81tnk1zh.wpengine.netdna-cdn.com/... · fredrik@apptimate.io fredrik.beckman@combitech.se IoT is all about the application,](https://reader036.fdocuments.in/reader036/viewer/2022071219/605466cf274df9538a1ed368/html5/thumbnails/26.jpg)
26
THANK [email protected]
IoT is all about the application,
and the application must be secure,
from start, for today and tomorrow
REMEMBER
1. EOL
2. Interoperability
3. Remote access
4. Public networks
5. Roaming over
constrained networks
6. Make it simple