TOP 5 IoT Security Initiative:

IoT_Security
IoT Security

 Lessons from Architecture School Experience Design for the Internet of Things May 20, 2015 Agenda Introduction Lessons from Architecture School Start with people, in context Understand unspoken needs Homes are more than houses Conclusion 2 Agenda Introduction Lessons from Architecture School Start with people, in context Understand unspoken needs Homes are more than houses Conclusion 3 4 CONNECTING COLLECTING Buildings Are Becoming Sites of Surveillance 5 Buildings Are Becoming Sites of Surveillance Samsung’s Smart TVs recording and transcribing conversations and Mattel selling children’s questions to Hello Barbie are recent examples. 




TOP 5 IoT Security Initiative according to Forebs:

  1. IoT network security: Protecting and securing the network connecting IoT devices to back-end systems on the internet. IoT network security is a bit more challenging than traditional network security because there is a wider range of communication protocols, standards, and device capabilities, all of which pose significant issues and increased complexity. Key capabilities include traditional endpoint security features such as antivirus and antimalware as well as other features such as firewalls and intrusion prevention and detection systems. Sample vendors: Bayshore Networks, Cisco, Darktrace, and Senrio.
  2. IoT authentication: Providing the ability for users to authenticate an IoT device, including managing multiple users of a single device (such as a connected car), ranging from simple static password/pins to more robust authentication mechanisms such as two-factor authentication, digital certificates and biometrics. Unlike most enterprise networks where the authentication processes involve a human being entering a credential, many IoT authentication scenarios (such as embedded sensors) are machine-to-machine based without any human intervention. Sample vendors: Baimos Technologies, Covisint, Device Authority, Entrust Datacard, and Gemalto.
  3. IoT encryption: Encrypting data at rest and in transit between IoT edge devices and back-end systems using standard cryptographic algorithms, helping maintain data integrity and preventing data sniffing by hackers. The wide range of IoT devices and hardware profiles limits the ability to have standard encryption processes and protocols. Moreover, all IoT encryption must be accompanied by equivalent full encryption key lifecycle management processes, since poor key management will reduce overall security. Sample vendors: Cisco, Entrust Datacard, Gemalto, HPE, Lynx Software Technologies, and Symantec.
  4. IoT PKI: Providing complete X.509 digital certificate and cryptographic key and life-cycle capabilities, including public/private key generation, distribution, management, and revocation. The hardware specs for some IoT devices may limit or prevent their ability to utilize PKI. Digital certificates can be securely loaded onto IoT devices at the time of manufacture and then activated/enabled by third-party PKI software suites; the certificates could also be installed post-manufacture. Sample vendors: DigiCert, Entrust Datacard, Gemalto, HPE, Symantec, and WISeKey.
  5. IoT security analytics: Collecting, aggregating, monitoring, and normalizing data from IoT devices and providing actionable reporting and alerting on specific activities or when activities fall outside established policies. These solutions are starting to add sophisticated machine learning, artificial intelligence, and big data techniques to provide more predictive modeling and anomaly detection (and reduce the number of false positives), but these capabilities are still emerging. IoT security analytics will increasingly be required to detect IoT-specific attacks and intrusions that are not identified by traditional network security solutions such as firewalls. Sample vendors: Cisco, Indegy, Kaspersky Lab, SAP, and Senrio. (See also my post regarding Aperio Systems)

http://www.theguardian.com/technology/2015/may/17/sold-our-souls-and-moreto-internet-giants-privacy-surveillance-bruce-schneier

6 Buildings Are Becoming Sites of Surveillance There needs to be richer discussion than the tension between what’s technically possible and what’s legal. Security for IoT needs design. The Attic.  

Architecture school teaches problem finding 11 Architecture School Teaches the Design Process Feedback via critique 12 Presenting work in charettes (pitch) Learning by doing Master and apprentice model Building to think/ making it visual Learning to see Architecture School Teaches the Design Process Feedback via critique 13 Presenting work in charettes (pitch) Learning by doing Master and apprentice model Building to think/ making it visual Learning to see 14 Understand unspoken needs Start with people, in context Homes are more than houses Lessons from Architecture School: Learning to See Start with people Understand unspoken needs Agenda Introduction Lessons from Architecture School Start with people, in context Understand unspoken needs Homes are more than houses Conclusion 15 Man Handing a Letter to a Woman in the Entrance Hall of a House Pieter de Hooch, 1670 From the Rijksmuseum 16 Man Handing a Letter to a Woman in the Entrance Hall of a House Pieter de Hooch, 1670 From the Rijksmuseum 17 Windows, morality, and privacy as a dirty word Man Handing a Letter to a Woman in the Entrance Hall of a House Pieter de Hooch, 1670 From the Rijksmuseum 18 Internet of 1670 Man Handing a Letter to a Woman in the Entrance Hall of a House Pieter de Hooch, 1670 From the Rijksmuseum 19 Multiple people with di ferent privileges inhabit the home Start With People, In Context Homes have multiple people with varied permissions.

 Children, and others who can’t or won’t consent, generate data. More aggressive rules govern collection of their data, and regulatory changes are likely. 20 Security Thought-Starters Plan for change and don’t take on privacy debt in a quickly-changing landscape 21 European Article 29 Working Party on information privacy 
http://ec.europa.eu/justice/dataprotection/article-29/index_en.htmSandy Clark’s “Honeymoon Efect”paperhttp://www.acsac.org/2010/openconf/modules/request.php?module=oc_program&action=summary.php&id=69 

Appropriate Complexity Managing profiles for ambient capture: right mode + right feedback 22 Netflix manages multiple profiles with explicit login, but many media services are struggling to identify group members present when video is played. Agenda Introduction Lessons from Architecture School Start with people, in context Understand unspoken needs Homes are more than houses Conclusion 23 Hvitträsk, Finland 1903. Buildings last and are upgradable. 

Security Thought-Starters Think firmware and plan an upgrade path 29 Internet Engineering Task Force (IETF) working on firmware standards, e.g. Carsten Bormann http://www.ietf.org/ proceedings/82/slides/plenaryt-7.pdf Supervisory Control and Data Acquisition (SCADA) https://en.wikipedia.org/wiki/SCADA Appropriate Complexity Reimagining updates as a form of engagement: design for behavior change 30 Cautionary tale of routers, keeping the internet of 10 years ago alive Agenda Introduction Lessons from Architecture School Start with people, in context Understand unspoken needs Homes are more than houses Conclusion 31 Shop Houses, Singapore 2013. 

There are roles for standards and for professional knowledge. 36 Security Thought-Starters Don’t invent your own crypto - use professional standards 37 Open Smart Grid insecurity https://threatpost.com/weakhomegrown-crypto-dooms-opensmart-grid-protocol/112680 Real World Crypto Conference: Stanford, CA in Jan 2016 http://www.realworldcrypto.com/ rwc2016 Appropriate Complexity Exposing the underlying systems to build knowledge 38 Interfaces on electric cars like the Toyota Prius teach engine function and driver behavior Agenda Introduction Lessons from Architecture School Start with people, in context Understand unspoken needs Homes are more than houses Conclusion 39 1905 Post Card. 

Architecture school teaches lessons for UX for IoT security 40 41 Start with people, in context Lessons from Architecture School Start with people, in context Understand unspoken needs Homes are more than houses Homes have multiple people with varied permissions Implementation matters in vernacular architecture Buildings last and are upgradable Security Thought-Starters 42 Don’t invent your own crypto– use professional standards Plan for change and don’t take on privacy debt Think firmware and plan an upgrade path Managing profiles for ambient capture Reimagining updates as a form of engagement Exposing underlying systems to build knowledge 43 Appropriate Complexity: UX Challenge for IoT 44 IoT Security UX Problems Are Exciting There’s a need for design to shape the conversation between possible and legal.

 The UX problems for IoT are inspiring and important. 
Location: Pune, Maharashtra, India

Comments

Post a Comment

Popular posts from this blog

Top 16 Mobile App Development Companies in India | App Developers 2017

Image
Top 16 Mobile App Development Companies in India 2017 | Indian Mobile App Developers (iPhone, iOS & Android) Is it a real struggle for you to find an Indian mobile app development company from a pile of thousands or may be more? I know your answer is yes because India is actually a hub of top companies where finding the one is like searching for needle in a haystack. To save you from such a striving task, I collected here a prime list of top mobile app development companies of India. They have made business-growing apps since years and still making them with latest introduced technology. They have precious assets which you call top Indian app developers making apps to interact more and more users towards your business. So, what are you waiting for? Here is the list of Top Mobile app development companies of India 1. OpenXcell OpenXcell is ISO 9001: 2008 certified mobile app development companies located in India and United States. OpenXcell is an expert in deve...
Read more

CCEE CDAC Exam Questions

Image
CDAC CCEE Papers CCEE CDAC Exam Questions This Page is for CDAC CCEE Prepration Material including PDF, Study Links, Q papers, MCQ sets keep Checking on this page for Updates  . Check This out: Live MCQ Test for CCEE CDAC!  Click Link to download/study : Subject PDF/Link OS Q PAPER PDF Solved MCQ SET 1 Solved MCQ SET 2 C++ Q PAPER PDF Solved MCQ SET 1 Prepration Link S/W Development Q PAPER PDF Web/Hybrid Programming Q PAPER PDF 1 Q PAPER PDF 2 DB/RDBMS Q PAPER PDF Android Solved MCQ SET 1 Solved MCQ SET 2 Solved MCQ SET 3 Solve MCQ SET 4 iOS Solved MCQ SET 1 Java Q PAPER PDF \|/ Must Read \|/ Preparing for CDAC Common Theory Final Examination with Sample Papers
Read more

CDAC CCEE EXAM Prepration Link/PDF [Syllabus Topic Wise ] C++ & DS

Image
PG Diploma  CDAC CCEE EXAM CPP Study Material NOTE: Click the Syllabus Topic to Download PDF/ Get Prepration Link OOPs with C++ Programming: Revision of C Programming, Pointers, Functions (Call by value and reference), Recursion, Arrays using Pointers, Structures, Union, Enumeration and Typedef, File handling Object oriented concepts Classes and Objects , Access Specifiers , Overloading , Inheritance , Polymorphism C++ Tokens , Initialization , C++ Operators Static Members , Constant Members Expressions Control Structure Functions in C++ Constructors , Encapsulating into an object Destructors Associations , Inner Classes Memory Management and pointers Inheritance , Virtual Functions , Polymorphism Interfaces Exception Handling Managing Console I/O Operations Working with files Advance Topics in C++: Object Design and Templates STL (Standard Type Libraries) RTTI (Run Time Type Identification) Advanced Typecasting new data types new operators class implementation namespace scope oper...
Read more