Week1:

Evolution of Internet

IoT (Internet of things)

Definition 1-the network of physical objects or ‘things’ embedded with electronics, software, sensor and connectivity
to enable it to achieve greater value and service by exchanging data with other connected devices.
2-which enables the objects to connect and exchange data.
Example of physical :vehicles, home appliances and other items
Vision: 1-(wearable watches, alarm clocks, home drives, surrounding objects) become ‘smart’
2-function like living entities by sensing, computing and communication
3-through embedded devices
4-which interact with remote objects (servers, clouds, applications, services and process) or persons
5-through the internet or Near-Field Communication (NFC)
The rise of IOT
1-Cheap sensors Prices drop 60 cents from $1.30 in the past 10 years
2-Cheap bandwidth Declined nearly nearly 40X over the past 10 years.
3-Cheap processing declined by nearly 60X over the past 10 years , enabling more devices and their data to be processed in the
cloud.
4-Smartphones personal gateway to the IoT, a remote control for IoT enabled devices
5-Ubiquitous wireless coverage Wi-Fi coverage now ubiquitous, connectivity is available for free or at a very low cost
6-Big Data huge amounts of structured data, availability of big data analytics
7-IPv6 the newest version of the Internet Protocol (IP),support 128-bit addresses
Characteristics of IoT
1-Dynamic & Self-Adapting 2-Self-Configuring 3-Interoperable 4-Unique Identity 5-Integrated into
Communication Protocols Information Network
Advantages of IoT
1-Efficient resource utilization 2-Reduced human 3- Lowers the cost 4. Real-time 5. Decision 6. Better customer
efforts and bring marketing analytics experiences
productivity
IOT ATTRIBUTES
five key attributes that distinguish it from the “regular” Internet:
S-E-N-S-E framework: Sensing, Efficient, Networked, Specialized, Everywhere.
NOTE:

Sensor Attach More data gain

Add intelligence ^productivity:T+P

Connect Fog computing D

Customizes ^fragmented

More device & more

Pervasively in anywhere
secure

Smart cities
Definition an urban area that uses different types of electronic data collection sensors to supply information which is used to
manage assets and resources efficiently.
How it work data collected from citizens, devices, and assets that is processed and analyzed to monitor and manage
example: traffic and transportation systems, power plants, water supply networks, waste management, law
enforcement, information systems, schools, libraries, hospitals,
concept 1- integrates information and communication technology (ICT), and various physical devices connected to the
network IOT
2- to optimize the efficiency of city operations and services and connect to citizens
Aim 1-make a better use of the public resources,
2-increasing the quality of the services offered to the citizens,
3-while reducing the operational costs of the public administrations
Aim achieved by deployment of an urban IoT = communication infrastructure
unified, simple, and economical access , potential synergies (benefits), increasing transparency to the citizens
 Smart cities service:
1. Structural Health of Buildings 6. Traffic Congestion
2. Waste Management 7. City Energy Consumption
3. Structural Health of Buildings 8. Smart Parking
4. Waste Management 9. Smart Lighting
5. Air Quality

IOT impact AREAS

IoT Based on Domains

1-Health & Lifestyle Health and Fitness monitoring 2-Agriculture Smart Irrigation, Green House
3-Logistics Route Generation and Scheduling, Fleet 4-Retail Inventory Management, Smart Payments, Smart
Tracking Vending Machines
5-Home Automation Smart Lighting, Smart Appliances, 6-Smart Cities Smart Parking, Smart Lighting, Smart Roads,
Intrusion Detection, Smoke or Gas Surveillance, Emergency Response
Detectors
7-Environment Weather Monitoring, Air / Noise pollution monitoring, River Flood Detection, Forest Fire Detection

Week2:
Vehicles
2-Self-driving Vehicles (SDV) make use of sensor data and connected
1-Connected: communicate with peers and infrastructure
vehicle
100M+ LoC = Complexity = vulnerabilities
Significant Code
Integration with other systems
Vehicles Communication
1-V2V : Vehicle-to-vehicle Communication Slow down I’m taking left
2-V2I : Vehicle-to-infrastructure Communication Slow down , Ambulance passing by
3-V2X :Vehicle-to-application Door not close
4-DSRC: Dedicated Short Range Communications SATCOM, Bluetooth-LE, NFC, WiFi, Cellular(4G/LTE, 5G)
Threats:
Actor : Threats: Impact:
1-Identifies vulnerability in SDV code 1-Shakes confidence in CV technology
2-Unauthenticated APIs 2-Lowering windows etc
1-Hacker 3-Gains access to SDV through exposed IP 3-Zero-day published and in wild for others to
address (For example, infotainment system; AP) use
4-Sensor spoofing (For example, LIDAR) 4-Cause a vehicle to run into a pedestrian
-Vehicle owner is denied access to vehicle
2- Criminal/Organized Crime ($$)Ransom ware on vehicle -Vehicle owner is stalked by criminal/other
-Vehicle is crashed
1-Denial of Service against traffic infrastructure
2-Infiltrates the supply chain to install malware
3- Nation-State within SDV or ecosystem Widespread impact event
3-May attempt to circumvent safety
systems/controls
Age of the IoT:
-Merge SDVs and CVs with other IoT domains
-so New Integration Point = New Potential attack point
stakeholders participating growing the cloud help us with:
Cloud -New Integrations point facilitated through the cloud
Example:Traffic management systems
The Certificate Process:
 IOT DEVICE(thing) have :
1-unique identities 2-perform remote sensing, actuating and 3-communicate with other device / server / applications over
monitoring capabilities internet or other communication methods
IOT DEVICE(thing) can:
1-Exchange data with other 2-Collect data from 3-Send the data to centralized 4-Perform some tasks locally and
connected devices and other devices and servers or cloud-based other tasks within the IoT
applications (directly or process the data locally application back-ends for infrastructure, based on temporal
indirectly), processing the data and space constraints

IOT MADE of

Sensors 1-fundamental source of IoT data

2-converts some physical phenomenon into an electrical impulse
Example: touch sensors on your phone, accelerometer etc
Actuators 1-operates in the reverse direction of a sensor
2-It takes an electrical input and turns it into physical action
A sensor may collect information and route to a control center where a decision is made and a
corresponding command is sent back to an actuator in response to that sensed input

transducers 1-Sensors and Actuators type of it

2-any physical device that converts one form of energy into another
microcontroller 1-he brain of the IoT device
2-small computer with a microprocessor core, memory, and input/ output (I/O) ports
3-microprocessor core of your microcontroller is a central processing unit. (CPU)
4-It handles all the number crunching and local data manipulation and decision-making.
Memory :
1-Read Only Memory (ROM) 2- Random Access Memory (RAM).
stores the microcontroller’s software program stores and receives data while also supporting number crunching.
I/O ports
1-Input ports 2-outputs
collect data from sensors support any necessary actuation or local control in the IoT device
Control Interface a protocol allowing peripheral devices and the microcontroller to communicate with one another
example: GPIO – General Purpose Input Output
1-Wired and wireless radios – such as for WiFI, BLE etc 2-Power sources – could be battery or mains electricity

IOT COMPONENT DESCRIPTION

Physical Object Thing
Sensors Sense the physical environment
Actuators Affect the physical environment
Virtual Objects Electronic tickets, Agendas, Books, Wallets
People Ex.: Humans can control the environment via mobile apps
Ex.: Cloud services – can be used to:
Services • Process big data and turn it into valuable information
• Build and run innovative applications
Type of middleware used to connect IoT components (objects, people, services, etc.) to IoT. Provide
numerous functions:
• Access to devices
Platforms
• Ensuring proper installation/behavior of device
• Data analytics
• Interoperable connection to local network, cloud or other devices.
IoT components are tied together by networks, using various wireless and wireline technologies, standards,
Networks
and protocols to provide pervasive connectivity.
 IoT Levels & Deployment Templates
1-Device: identification, remote sensing, actuating and remote monitoring capabilities

2-Resource software components on the IoT device for accessing, processing, and storing sensor
information, or controlling actuators connected to the device. that enable network access for
the device
3-Controller Service 1-native service that runs on the device and interacts with the web services.
2-sends data from the device to the web service and receives commands from the application
(via web services) for controlling the device
4-Database can be either local or in the cloud and stores the data generated by the IoT device.

5-Web Service: 1-link between the IoT device, application, database and analysis components
2-implemented using HTTP and REST principles (REST service) or using WebSocket protocol
(WebSocket service).
6-Analysis Component: responsible for analyzing the IoT data and generate results in a form

7-Application: provide an interface that the users can use to control and monitor various aspects of the IoT
system and view system status, processed data

Backend and cloud services

organization implement a IOT cloud service solution where the cloud provider takes of IT infrastructure, maintenance and scaling to
handle high data load from many IOT devices
Backend systems commonly considered for interfacing with the IoT data feeders include:
1-Database management systems: These systems are in charge of storing the large amount of information produced by IoT peripheral
nodes, such as sensors
2-Web sites: enable interoperation between the IoT system and the “data consumers,” e.g., public authorities, service operators,
utility providers, and common citizens.
3-Enterprise resource planning systems (ERP): support a variety of business functions and are tools to manage the flow of information
across a complex organization, such as a city administration
Amazon AWS – provides AWS IoT Core. AWS IoT Core can support billions of devices and trillions of messages.
Google - Google Cloud IOT
Example: Microsoft Azure – Azure IoT Hub
IBM - IBM Watson IOT

A Real-time Operating System (RTOS)

Provides a Number of Core Functions for IoT Devices
Can do ● Task scheduling
● Dynamic linking and loading
● Resource abstraction
● Sensor interfaces
● Hardware abstraction
EXAMPLE: ● TinyOS
● Contiki
● Mantis
● Windows 10 IoT
● Ubuntu Core

Hardware Security Vulnerabilities

• Security vulnerabilities of the device
• Hardware-based attacks target vulnerabilities
• Expose an IoT device to vulnerabilities
• Firmware that is loaded onto the hardware is cryptographically verified
Hardware Selection:
● Secure firmware updates?
● Cryptographic processing, and algorithms?
● Built-in tamper protections?
● Protection against reverse engineering?
● Secure mechanisms for cryptographic key storage?
Five security things
1. Secure boot: Authenticated software loads and updates
2. Authentication: Data authentication and device identity
3. Protected ports: Ensure no physical access to any I/O ports (JTAG)
4. Storage: Data stored in flash memory must be encrypted
5. Secure Connection: Encryption of data over-the-air (OTA) and secure key exchange
 Commuincation
Vehicle Communications: -Vehicles receiving messages must have confidence that messages are:
o Real (Genuine)
o Convey accurate data
-Messages should be integrated and authenticated
Protocols 1-Connects devices with each other & the cloud
2-Communication type:
• Wireline (e.g., copper wires, optical fibers)
• Wireless (e.g., RF, IR); RF-based communication is the most popular choice
3-Popular RF-based communication solutions:
• IEEE 802.15.4
• IEEE 802.11 (or Wifi)
• Bluetooth
• Near Field Communication (NFC), e.g., RFID
4-Zigbee: Physical Layer and Medium Access Control Layer
5-Zwave: Used in Consumer home devices
6-Thread: Supports AES Encryption

Tracking the security controls associated with communication protocols is challenging

Security Concerns with BLE Communications • Eavesdropping,
• Packet injection,
• Compromising key exchange protocol during the
pairing process
• Key exchange, and
• encrypted session setup can be saved
 Week3:

IOT Challenges
1st Challenge: Security and Privacy
-Concern about the personal safety
-Most important
-User data = vulnerable for theft
-one device gets attacked =rest get attack
-poor security = whole network to be damaged.
-Personal information can be tracked / monitored (by device without permission)
2nd Challenge: Connectivity
-wired or wireless connection
-Usage of frequency / spectrum need to be remembered
-latency or poor network reception
-billion device = occur Bottleneck
3rd Challenge: Power
-mostly use battery
-so how long&recharge the battery ?
-how use green source
4th Challenge: Complexity
-multidisciplinary field(ENG+IT)
-Limited expertise
-,software, hardware not abundant(available )
5th Challenge: Complexity (Cloud)
-mandatory (for storage)
-so which,cost,service,safty ?

How do IoT and Cyber Security differ?

IoT security must be more robust than IT security because IoT devices are connected to the physical world.
1-Environment: hostile environments’ leaving them vulnerable for tampering
2- Variety more types of network and device
3-volume billions of IoT devices compared to millions of IT devices
4- Consequence: - IT device is hacked, you may end up as a news story
-IOT device : dire situation for user & risk company profile
5- Organization different points of (security is a protector or a barrier for progress.)

Five pillars of information assurance (IA)

1-Confidentiality 2-Integrity: 3-Authentication: 4- Non-repudiation 5-Availability:
Protect sensitive info not modified, Know the source Cant deny Info available when
information accidentally or needed
purposefully
 compromise a system
The ability to compromise a system requires the identification of a vulnerability in that system or
the surrounding environment

- represent the exploit potential of a particular scenario

-Each threat has a threat actor (human or otherwise)
Threats -Malicious insider = compromised hardware
-reverse engineers an IoT product
-in :design, the software, even the hardware, and even in the
development process itself
-one opening to gain access
Vulnerabilities -not in the actual product

-risk management : The process of identifying risks and their associated

-Scheduled risks
-Cost risks
Risks -cyber security: risks can be identified based on the results of threat modeling exercises
-identifying the most critical risks(high likelihood& impact) =system designers(identify where to spend
most resources )

• Wired and wireless scanning and mapping attacks

• Protocol attacks
• Eavesdropping attacks (loss of confidentiality)
• Cryptographic algorithm and key management attacks

attack types • Spoofing and masquerading (authentication attacks)

• Operating system and application integrity attacks
• Denial of service and jamming
• Physical security attacks (for example, tampering, interface exposures)
• Access control attacks (privilege escalation)

A vulnerability that is not yet publicly known, and for which an exploit has typically been developed, is called a zero-day (or O-day) vulnerability.
 Mirai Botnet ● Mirai Botnet – 2016
● Distributed Denial of Service attacks
● Unwilling participation of IoT devices
● DDOS attack – Dyn (21st October 2016)
● The Mirai Botnet harnessed the power of IoT zombies
● US east coast/global event
● Stopped using DNS services from Dyn
● Cost Dyn at least 14,000 Internet domains
DDoS Attack ● The attacker tries to saturate the network – Network bandwidth
● The attacker tries to saturate the host – Host processing capability
● Amplification attacks rely on protocols with minimal input
● Network Time Protocol
● Large quantity of distributed computing resources
● The Mirai Botnet shows that it was all easy to do this
Building a Botnet ● In a DDoS an attacker likely won’t want to use his or her own computers to carry out the
attack; instead relies on compromising other people’s computing resources
● Poor cyber hygiene
● Poor vendor security engineering
● Hard coded passwords
● Misconfigurations
● Software flaws
Poor cyber hygiene Poor vendor security engineering Hard Coded Passwords/Software Flaws
-all patch available updates? -Root account for all logins and then -unchangeable credentials
-missteps ways for an attacker to create a super user account -There are many flaws
compromise &take it over to be part of a -lack of understanding -Zero day exploits
botnet
Managing Botnets to Perform ● 10,000 hosts
DDoS Attacks ● Hosts acting on commands are known as Zombies
● Command and Control to co-ordinate the Zombies
● C&C Server can be used to instruct the botnet
● A control channel often over Internet Relay Chat
Examining Mirai ● TCP port 48101
● multiple attack vectors including:
✓ UDP, DNS and HTTP floods, as well as GRE IP and Ethernet floods
Future Impact of DDoS Attacks ● What does IoT and connectivity enable
● Connected cars
● Smart cities and transportation systems
● Smart and dynamic energy and utility systems
● Automation
Protect :
● Secure their products from easy takeover by botnets like Mirai but also
● Design resiliency into their systems so they can withstand hits by highly powerful botnets
of the future
● A defensive posture that includes resilience to targeted DDoS attacks
Best Practices ● Don’t fall prey to malicious actors
● Provide a defensive posture that includes resilience to targeted DDoS attacks
 Week 4:

Secure design of IoT devices and systems:

only one component in the overarching IoT security lifecycle.

1-Safety Impact Assessment:

Note: 1-Cyber physical systems (CPS):integrate the electronic and the physical worlds
-Use tools and techniques in the electronic world to effect in the physical world
2-Example :An attacker compromise the low-power RF links that allow for management of a pacemaker
3- when we design > Consider the safety ramifications of malicious actions against your IoT systems
4-why? Because a safety impact could be seen through a simple malfunction as well
Privacy Impact 1-Perform during the design stage.
2-Provides information needed to determine mitigations to be included in system designs.
Assessments
Privacy Protected Information (PPI):
(PIA) 1-review by internal audit or compliance should know if there is viable to have PPI data
2-Data stored should be encrypted(strong cryptographic algorithms)
3-Data transmitted should be encrypted(strong cryptographic algorithms)
4- Access(physical and logical) should be restricted to authorized personnel
5-End users should aware to use (transfer, and disposal of PPI and provide positive consent)
Safety Impact 1-Perform it for any IoT system deployment
2-can help security engineer to (Identify risks & Document required safety mitigations)
Assessments
3- example: For Medical systems > separate health impact assessment may also be required
Evaluating the 1-is there anything harmful that could occur if the product stopped working ?
2- there is safety-critical services or other products rely upon the functioning of this product ?
Safety impacts:
3- how to minimized or avoided potential harm?
4-what would happen if an attacker disabled the built-in safety features?
Result: -provide a new information into the malfunctions and misbehaviors that could result from a device
compromise
-Use the outputs from your Safety Impact Assessment to feed into your larger risk management strategy.
2-Processes and Agreements
Note 1-Security not only finding technology > Putting the right processes and procedures in place
2-acquisition process itself is not used as an attack
3- don’t procured rogue devices with malicious software
Establish process across the Enterprise:
1-Establish Governance Functions
2-Establish Policy Management Framework
3-Establish Configuration Control Board (CCB)
4-Establish and enforce agreements with 3rd party organizations:
-Service Level Agreements (SLA)
-Privacy Agreements / Data Sharing
-Information Sharing (For example, threat alert)
1-Establish Governance Functions -Identify who is accountable(safe&secure operation) of IOT
*Should be a senior executive
 * evaluated Budgets > adequate availability(cyber security controls)
-Establish governance principles(flow all IOT )
-Focus { privacy protection }& {defense against threats (both physical and cyber)}
2-Establish Policy Management Framework -Analyze regulations
-Flow down regulations into requirements:
*Privacy requirements
*Incident reporting requirements
*Security testing requirements
*Compliance requirements
3-Establish Configuration Control Board (CCB) -Review and assess any configuration changes
-Direct Updates configurations (modified or new regulations)
-Establish touch point > review required configurations(annually)
4-Establish and enforce agreements with 3rd Data Sharing agreements
-What data can be shared?
-What processes must be put in place to protect data privacy?
-When must data be destroyed?
-Can data be onward transferred?
Cloud Integration
-Availability (SLAs)
-Security mechanisms
-What reporting requirements (event types, timeliness of reporting)
-incident management support (what support is required during an incident?)

IOT Product Acquisition

-Patch updates
3-Technology Selection
Evaluation the -Has the vendor been around a long time?
-Is it an established organization?
Vendor’s
-Approach to firmware and software updates? What about the logging?
History -Do you have physical protections?
-Do they provide you guidance on how to securely configure their products?
-What is the vendors history with regard to security vulnerabilities?
What is your 1-Relationship with the security community
2-Seek engagement from independent security researchers
Vendor’s Track
3-Not willing to accept security researcher inputs
Record? 4-Reporting of an independently identified security vulnerability
5-Actively engaged through bug bounties and other programs
6-Identify vulnerabilities before the bad guys find them
Evaluate 1-Cryptographic protections
2-Best practice guidance
Product
3-Firmware/software update features
Security 4-Logging support
Features 5-Anti-tamper mechanisms
6-Secure configurations
Selecting an microcontrollers (MCUs) paired with transceivers and optionally sensors, and embedded within IoT product.
MCU (Micro How to chose :
Controller) 1-A cryptographic bootloader that leveraged to support secure firmware updates
2-Cryptographic hardware acceleration to support efficient cryptographic processing, and define what
algorithms are supported by the accelerator?
3-Secure memory protection
4-Built-in tamper protection (for example, JTAG security fuses or a tamper- responsive envelope)
5-Protection against reverse engineering
6-Secure mechanisms for cryptographic key storage in nonvolatile memory
Selecting a real- 1-micro-hardware security protections > use of secured operating systems is warranted.
2-IoT devices >require different RTOS solutions example:
time operating
system (RTOS)
 Week 5:

1-Current IoT Security Regulations:

IoT security regulations have lagged behind the technology
New Legislation in United States:
1-2017 IoT Cybersecurity Improvement Act geared towards IoT devices used in federal systems.
2-Specifically call out internet-connected devices
3-Many wireless sensors deployed that fit the model of the IoT
Primary Focus of Legislation = getting vendors to verify through written certification :
1-The device does not contain any known security vulnerabilities
2-The software/firmware can be securely provisioned by the vendor, and the device uses modern protocols and does not include hard-
coded credentials
3-The vulnerability attestation can however be waived under certain circumstances, but the legislation also requires notification of any
security vulnerability discovery by the vendor
Department of Homeland Security (DHS) Issues IoT Security Guiding Principles:
1-Incorporate security at design phase
2-Advance security updates and vulnerability management
3-Build on proven security practices
4-Prioritize security measure according to potential impact
5-Promote transparency across IoT
6-Connect carefully
FDA Published “Postmarket Management of Cyber Security in Medical Devices” principles :
1-Quickly push updates to devices based on identified vulnerabilities
2-No notification or reporting to FDA
3-Devices can be patched more quickly
Example : 4-Maintain good quality software lifecycle processes
5-Including COTS (commercial off-the-shelf) devices
6-Good incident management process
7-Vulnerability disclosure policy and practice procedures

2-Current IoT Privacy Regulations

Issue :
1-Lack of user control on dissemination of personal data
2-Lack of quality user content
3-Concept of inferring information
4-Does the user realize that the inference can occur
5- Intrusive user behavior profiling
6- Creating behavior-based profiles of a user without his or her consent
7- Working party opinion mentioned security risks
European Union (EU) 8- Anonymity
Data Protection Recommendation or Solution:
1-Use of Privacy Impact Assessments(PIA’s)
- Performed at the onset of any IoT effort
- Templates used to create Privacy Impact Assessments
2-Deletion of raw data
3-The use of encryption to protect sensitive information both in storage and in transit
4-Empowerment of users

European General Data Protection Regulation (GDPR):

In Privacy and the IoT
Note: took effect in 2018
1- Breach Notification 2-Right to Access 3- Right to be Forgotten 4- Data Portability 5- Privacy by Design
 3-An Introduction to IoT Security Architecture:

1-Do they support authentication capabilities

2-Monitor transactions
Tiered Devices and Services: 3-Encrypt traffic end-to-end
4-Trusted boot loading
5-Digital signatures
1-Business View – Chief requirements
Concepts of Security 2-Usage Viewpoint
Architecture: 4-Functional Viewpoint – Outlines the main functional blocks
5-Implementation Viewpoint – Implementation
System Concerns: Safety Concerns:

1-Apply controls that support and strengthen the safety of the system
Safety: 2-Do not forget apply security controls
1-Bad actors may purposely take your system offline
Resilience: 2-System responds during the attack of this nature
Points of 1-Are the API’s developed securely
2-Enforce security connectivity
Integration:
Elements of an IoT Protection Architecture:

1-Authenticated communications and transactions

2-Data stores
Cloud Gateways: 3-Log all events and activities
4-Ensure that your infrastructure is up-to-date
 Week 6:

Cryptography
✓ provides a necessary tool set for securing data, transactions, and personal privacy in our so-called information age.
✓ Fundamentally, when properly implemented, cryptography can provide the following security features to any data whether in
transit or at rest:

Cryptography Goals:
1. Confidentiality 2. Authentication
• Others cannot eavesdrop on our sensitive information • Use of Digital Signature algorithms
• Use of encryption algorithms • Convert input to a signed hash data - SHA
• Use of a well vetted algorithm • Include ECDSA or Elliptic Curve Digital Algorithm
• DES (data encryption standards)
• and Triple DES
3. Integrity 4. Non-Repudiation
• Use of Hashing and Digital Signature algorithms • Technical non-repudiation assurances are straightforward
• Message Authentication Code or MAC • Will assurances stand up in the court of law?
• Convert Keys into MAC, for example, HMAC

Cryptography Techniques:
•It is used to protect the confidentiality
of the information from eavesdroppers
and only allow it to be deciphered by
intended parties.
1-Encryption and Decryption
•The unprotected data is called plaintext
and the protected data is called
ciphertext.
•Key Management
•Manage the secure distribution of the
same key to multiple parties
2-Symmetric encryption
•The compromise of a single party’s Key
required the replacement of keys for
everyone involved

•Use of different keys for encryption and

decryption

•Use of recipient’s public key to encrypt

data and the recipient using her private
key to decrypt that data
3-Asymmetric encryption
•it solves the symmetric key distribution
problem

•combination of both asymmetric and

symmetric cryptography is employed
Cryptographic Modes:
1-Block Algorithms 2- Stream Algorithms:
Input fixed blocks into the algorithm, Require padding to Continuously stream data into algorithm. Plain text data is XORd
package blocks appropriately. with a keystream
[output feedback mode (OFB)]: make a block cipher function as a stream cipher
 •information about the original data that was hashed (this is called
resistance to first pre-image attacks)
•They are designed to not allow two different messages to have the same
hash (this is called resistance to second pre-image attacks and collisions)
Hashing Algorithms
•They produce a very random-looking value (the hash)

• Protecting passwords
• Checking the integrity of a large data
Uses of Hashing • Performing asymmetric digital signatures
Algorithms • Providing the foundation for certain message authentication codes
• Performing key derivation
• Generating pseudo-random numbers
•Never give away private key
•Any modification of signature or message is detected by receiver
(verifier)

Digital Signatures

•MAC generation and verification with same key

•Any modification of data D or computed MAC value causes
Message Authentication verification to fail (receiver detects)
Codes (MACs)

•Used for generating UNPREDICTABLE keys

Random Number •needs to be seeded with good entropy source(s)
Generation

Cryptography Module
-establishes the physical bounds of a cryptographic module& all the hardware, software and /or
firmware components of a cryptographic module

Tips:
• Minimize the size of your cryptographic boundary
• Utilize existing modules
• Re-Validate by learning on another product
• Building your own - very specialized and expensive
• Carefully review crypto modules security policy (posted on NIST website)
• Don’t store any UNPROTECTED key material outside of a crypto module
Cryptographic Key Management:
• Many security weakness found in poor implementations of key management
• Do not use cryptographic keys always - keep the keeps updated
• How new keys are generated, agreed upon, transported, and so on is the domain of key management
• Key management include - secret keys, private and public keys, Nonces, initialization vectors
• Even good, vetted cryptographic algorithm fail to protect your data if keys are not managed.
• The IOT make worse the problems such as tracking of SSH keys by adding millions of new devices to the network.
Key Management at Layers
Both types of key management are tightly bounded together.
1-Key management at Module / Embedded Layer 2-Key Management at System Layer
•Algorithms and functions supporting key management •Tracking and management of crypto keys throughout an
operations within an IOT device enterprise
•Updating keys and certificates internally and Zeroization of keys •Includes generation, rotation, distribution, revocation,
destruction

Key Management Operations :

1-Key Transport 2-Key Generation 3-Key Derivation 4-Key Escrow: 5-Key zeroization
transporting keys Generate key not: nvolves deriving one which keys are backed Secure wiping of key
from one system to Poor entropy => poor key from another up / X authentication material
another(AES Key) keys => weak crypto =? (transport,load new keys linked as a tamper
insecure data keys)(update) -Use HSMs response
 -often protocols provide a layer of authentication and encryption
-ZigBee, ZWave, and Bluetooth-LE all have configuration options apply authentication
Implementing Cryptography for IoT: -protocol create wireless networks of IoT devices
-REST-type protocols such as CoAP and publish/subscribe protocols such as MQTT) that
require the services of lower layer security
1-MQTT 2-COAP
•Has no inherent cryptography built into the protocol •Uses DTLS as the underlying, cryptographically-secured transport
•Should absolutely tunnel MQTT through other •PreSharedKey (can also be used for ‘group’ keys)
cryptographically protected tunnels such as TLS, DTLS - uses •Certificate (X.509 credential signed by a common root)
UDP for transport
•MQTT by itself passes the username and password of the
node or broker in cleartext.
Certificates:
• IOT devices/protocols often provide choices wrt credentials
✓ Pre-Shared Symmetric keys, key pairs, certificates
• Many of the IoT protocols provide built-in certificate-based device-to-deive authentication
✓ CoAP, DDS
• Other protocols such as MQQT (and HTTP) rely on TLS as an underlying security mechanism
• TLS supports two-way certificate-based authentication (IoT device/service)
 Week7:

Attack Vector:
1-technique by means of which unauthorized access can be gained to a device or a network by hackers for nefarious (criminal)
purposes (it is used for assaulting or exploiting a network, computer or device.)
2-help unauthorized elements to exploit the vulnerabilities in the system or network, including the human elements.
3-attacks vectors should be actively looked for a remedy.

AirBnB and Lockstate Smart Locks:

1-Things can go wrong even without any malicious intent
Type of problem: 2-There are certain challenges faced in IoT product developers
1-Lockstate had reached an agreement with AirBnB to be featured as part of their Host Assist Program
2-Renters would be given a code to gain access without a physical key
How its work: 3-Without a physical key, renters were locked out
4-Locks were taken offline by the corrupt firmware update
5-Owners had to ship the locks back or wait for new locks to come to remedy the situation
Vendor could have potentially:
1-Include a Rollback Ability
Solution: 2-Make sure the owner is OK with the update
3-Include a factory reset capability

OWSAP IoT Testing Guidance:

1-The Open Web Application Security Project (OWASP) defined IoT Testing Guidance.
2-Test Recommendations based on common IoT vulnerabilities

1-Insecure Web Interfaces

-Use Restful API’s 1-An IoT system uses web applications
-Run on web server infrastructure 2-Security engineers must validate that web infrastructure is
-Include a factory reset capability configured securely
-Interact with backend databases 3-Must test web application and database software / configurations for defects

2-Lack of Transport Encryption

Are communications encrypted between: -Some IoT protocols either
Device → Cloud -Have no encryption built into messaging
Device → Gateway -Have options that can be configured to not
Device → Mobile app encrypt messaging
Device → Device -MQTT
Gateway → Cloud
3-Insufficient Security Configurability
-contributed to the use of IoT devices for DDoS attacks -problem compounded by using the same hardcoded credential
-Hardcoded credentials are often used within IoT devices across a (large) family of devices
-manufacturer assignshardcoded account name and password -worse manufacturer doesn’t allow the hardcoded password to
ever be changed
4-Poor Physical Security
-Need to provide physical protections
-IoT devices are physical devices that often ship with hardware ports, for example USB ports
-Ports can be locked down or restricted, for example disabling or password restricting debug reports
JTAG Security Fuses
-used someone gaining unanticipated access to the devices
-vendor introduce anti-tamper to safeguard sensitive data
-Tamper include tamper evidence or even tamper resistance
-Digitally sign firmware to protect the authenticity and integrity of the data Implement hardware-based boot loaders that
 5-Insufficient Authentication/ Authorization
-Usability versus security
-Bluetooth’s
-Pairing works with no authentication at all
Unauthenticated Messages:
-between IoT devices and gateways or cloud services are another Protocol used:
way that bad actors can compromise a system 1-MQTT 3-Zigbee
2-DDS 4-Zwave
TLS Protocol:
-Implement two-way authenticated TLS transactions(is not necessarily two-way)
-example: The default is simply for the client to authenticate the server
Authentication:
there are still opportunities to get things wrong by:
-Hard code credentials into a device for example
-Identify passwords for all the interconnected devices
Safeguard Root Accounts:
-Devices use Linux base RTOS
-Don’t put a device in the field and then tell all of the technicians to log into that device using the root account
6-Insecure Cloud Interfaces:
-cloud gateways have security controls
-Proper mechanisms in place to secure API’s keys
-not embedded keys in code
-Store that code in public repositories like GitLab
Protect Cloud IoT Services:
-check the syntax of messaging structures
-White Listing for client to get access to backend
-use rate limiting to protect fro DDoS attack
7-Insecure Software and Firmware
-process for firmware and software update
-Provisioning updates to the libraries and OS’
Digitally Signed Distributions:
-Organizations need to secure process for developing and integrating the code
-Distribution(SW) should be digitally signed and encrypted
-Make use of hardware-based roots of trust to decrypt packages and validate image signatures
-Trust boot loaders should be used on IoT devices to support loading of only valid images

8-Privacy Concerns
-Access to data is often a bad actors goal
-first knowing what data is being collected
-impact how the data is collected or how long it is stored
-example:Voice Assistant Products: record voice or video
Inform Your Stakeholders:
-Once you know what data you are collecting, it is important to inform your stakeholders
-If the data could be sensitive
-For example – Health care, blood pressure
Safeguard the Data:
Once you know what sensitive data is collected you need to:
1-Encrypted storage
2-Agreements between a data collector and third party organizations
9-Insecure Mobile Interfaces:
Oftentimes, you see that consumer IoT devices pair with smart phone apps. In these instances, the app may ask for the homes’ wifi
key. It’s important to make sure that the app stored that information securely.
10-Insecure Network Services:
-Lateral movement throughout a network: Bad actors gain a foothold and then begin their exploration by jumping from
one device to another
-solution : Own subnets and different subnets from traditional computing equipment
 Week8:
IoT lifecycle : Security must be addressed by it

Security Requirements on IOT System Layers:

Sensing layer:
integrated with end components of IoT to sense and acquire the information of devices;
The security in sensing layer. :
• Devices authentication
• Trusted devices
• Leveraging the security controls and availability of infrastructures in sensing layer.
• In terms of software update, how the sensing devices receive software updates or security patches in a timely manner
without impairing functional safety or incurring significant recertification costs every time a patch is rolled out.
Requirements:
The security requirements at IoT end-node: The security requirements in sensing layer:
physically security protection, access control, authentication, confidentiality, data source authentication, device
nonrepudiation, confidentiality, integrity, availability, and privacy. authentication, integrity, availability, and timeless

Securing the sense Layer

1. Implement security standards for IoT and ensure all devices are produced by meeting specific security standards;
2. Build trustworthy data sensing system and review the security of all devices/components;
3. Forensically identify and trace the source of users;
4. Software or firmware at IoT end-node should be securely designed
Network layer:
the infrastructure to support wireless or wired connections among things;
Requirements:
Overall security requirements, including confidentiality, integrity, privacy protection, authentication, group authentication, keys
protection, availability, etc.
Privacy leakage: Since some IoT devices physically located in untrusted places, which cause potential risks for attackers to physically
find the privacy information such as user identification, etc.
Communication security: It involves the integrity and confidentiality of signaling in IoT communications.
Overconnected: The overconnected IoT may run risk of losing control of the user. Two security concerns may be caused: (1) DoS attack,
the bandwidth required by signaling authentication can cause network congestion and further cause DoS; (2) Keys security, for the
overconnected network, the keys operations could cause heavy network resources consumption.
MITM attack: The attacker makes independent connections with the victims and relays messages between them, making them believe
that they are talking directly to each other over a private connection, when in fact the attacker controls the entire conversation.
Fake network message: Attackers could create fake signaling to isolate/misoperate the devices from the IoT.
Service layer:
provide and manage services required by users or applications
Requirements:
Authorization, service authentication, group authentication, privacy protection, integrity, security of keys, nonrepudiation, availability,
Privacy leakage. The main concern in this layer involves privacy leakage and malicious location tracking.
Service abuses. In IoT the service abuse attack involves: (i) illegal abuse of services; (ii) abuse of unsubscribed services.Node identify
masquerade.DoS attack.
Replay attack, the attacker resends the data.
Service information sniffer and manipulation.
Repudiation in service layer, it includes the communication repudiation and services repudiation.
Application–interfaces layer:
consists of interaction methods with users or applications.
Requirements:
Remote safe configuration, software downloading and updating, security patches, administrator authentication, unified security
platform, etc.

Top 10 Vulnerabilities in IoT

 Week9:

Attack Categories against Enterprise

1-Wireless Reconnaissance and -Scanning attacks (ZigBee protocol scanner)
Mapping -Successful attacks may open your garage door, lock your front door, turn lights on and off
2-Protocol Security Attacks -lack configuration for security
-Understanding the limitations of protocols is critical to add security control
3-Physical Security Attacks -Attackers physically penetrate
-Tamper evidence controls, tamper response mechanisms etc.
4-Application Security Attacks -Insecure application endpoints
-Reverse engineering can expose hardcoded keys, passwords etc.

attack modeling attacker-focused and designed to show details of how vulnerabilities may be exploited.

Threat Modeling
• a methodical approach to performing a security evaluation of an IoT system
• develop a thorough understanding of the actors, entry points, and assets within a system.
• provides a detailed view of the threats
• larger exercise of identifying threats & threat sources
Example : Evaluate Threats:
1-Consumer- customers determine vacancy status & pricing for nearby
facing service parking spots
2-Payment accept multiple forms of payment
flexibility
3-Entitlement -Track date of (purchased,expired,overstayed)
enforcement -communicate the violation
4-Trend analysis Collect historical parking data and provide trend reports
to parking managers
5-Demand- change pricing depending on the demand for each space
response pricing:
6-Security Goals •confidentiality of sensitive data within the system
• integrity of all data collected within the system
• availability of the system as a whole and each of its
individual components

threat modeling process:

Step 1: Identifying (and documenting) Information Assets
-Identifying assets
-most important security requirement for the asset (confidentiality, integrity, availability)?
-Who owns the asset
-Do any external actors have access to the asset?
Populating the Asset Example :
Table

Step 2: Steps to Create a System Architecture

• documenting expected functionality Include :
• Create an architectural diagram ● Consumer Facing Functions
• Identify technologies used within the IoT system o Vacancy Status
o Payment Options
Example (Identify Technologies):
 Step 3: Starting the Decomposition Process
• the life cycle of data as it flows
• entry points for data(sensors, gateways, or control, and management computing resources)
• Trace the flow of data
• Identify high profile targets for attackers
1-System Process(parking example ) 2-Define Your System Entry Points
-What information is valuable to an attacker? • Where can a malicious actor enter your system?
-Payment data? • Once inside, can they jump to other components?
-License plate data? • System security only as strong as weakest link in system
-Raw video?
Entry Points(parking example )

Step 4: Identify Threats

STRIDE model(parking example )

Step 5: Documenting the Threats

Step 6: Rating Threats

-A quantitative assessment
-Risks can be prioritized according to the context of organization drivers
asks basic questions for each level of risk and then assigns a score
The DREAD model
(1 – 10)
Damage: The amount of damage incurred by a successful attack
Reproducibility: What level of difficulty is involved in reproducing the attack?
Exploitability: Can the attack be easily exploited by others?
Affected Users: What percentage of a user/stakeholder population would be affected given a successful attack?
Discoverability: Can the attack be discovered easily by an attacker?

Example :
 Week 10:

Requirements for Trust in IoT System

To avoid attacks trust tokens are exchanged and validated, or new session tokens are created (i.e., session keys derived
from a master key).
Following requirements must be fulfilled:
➢ Data: Confidentiality
➢ Data: Integrity
➢ Peer: Authenticity
➢ Peer: Proof of authorization
➢ Communication: Service and system availability
➢ Communication: Non-repudiation

Data:
Data Confidentiality -provided via encryption (with the Advanced Encryption Standard [AES] algorithm as a de facto
industry standard)
-Implemented directly in hardware
Data Integrity -The assurance provides trustworthiness in the data a node sends or receives.
-provided via message authentication codes or cryptographic hashes that are attached to the data
payload.

Peer:
Peer: Authenticity -how a peer can validate another peer’s identity before a communication link is established.

Peer: Proof of provides assurance that a peer has the authority to

-communicate with another peer and
authorization -conduct a certain action

Communication:
Communication: -Peer authenticity can go hand in hand with system availability.

Service and System For example, denial-of-service (DoS)-style attacks are typically external attacks ( they are launched by
availability external nodes outside the jurisdiction of an IoT deployment),

The ability to qualify and if necessary to discard data or connection requests at an early stage can help
to eliminate such attacks
Communication: the ability to ensure that communicating peers cannot deny the authenticity of their action—is linked
back to peer tokens.
Non-repudiation