IoT security
communication layer protocols
Thread TCP UDP RPL IPv6 6LoWPAN
STRIDE
provides a set of categories that are very helpful for identifying potential threats in IoT systems. It is used in the vulnerability identification phase of the threat modeling process
security hardening
- Make sure the new IoT device can be easily updated. - Check for updates regularly. - Buy from a reputable manufacturer. - Default usernames/passwords must be changed - Limit management access devices to trusted sources - Turn off all unnecessary services
steps of threat model analysis
1. Identify security objectives 2. Document the IoT System Architecture 3. Decompose the IoT System 4. Identify and Rate Threats 5. Recommend Mitigation
IoT reference model
7. Collaboration & Processes 6. Application 5. Data Abstraction 4. Data Accumulation 3. Edge (Fog) Computing 2. Connectivity 1. Physical Devices & Controllers
IoT security model
Application Communication Device
CIA triad
Confidentiality, Integrity, Availability
Cross-Site Scripting (XSS)
An attack that injects scripts into a Web application server to direct attacks at clients.
encryption in constrained devices
Due to the nature and size of IoT devices, they usually have a limited amount of resources. A consequence of this is that most IoT devices do not have the processing power or resources necessary for the more robust encryption algorithms. Because encryption is still a necessary component for their functionality, lightweight encryption algorithms could be used.
data an password security
Encryption is the mechanism that is used to ensure data confidentiality. IoT devices are especially vulnerable to threat actors because many older IoT devices currently in production do not support encryption.
device layer protocols
IEEE 802.15.4 BLE (Bluetooth low energy) Wi-fi NFC (near field communication) Cellular LoRaWAN, Sigfox, NB-IoT
operational technology
Includes industrial control systems, supervisory control and data acquisition systems, and all the devices that connect to these systems.
information technology
Includes devices in the data center, in the cloud, bring your own device (BYOD)
encryption methods
Modular arithmetic Kerckhoff's principle RSA Diffie-Hellman key Exchange
OWASP IoT project
Non profit initiative, focused on improving software security.
IoT CPU types
RISC and CISC
risk control strategies
Terminate Transfer Threat Tolerate
threat modeling
The process of analyzing in a structured way the weaknesses of a system from the point of view of a potential attacker. Helps identifying risks, quantifying their probability and severity, and prioritizing. There are several methodologies: STRIDE, Open threat taxonomy, ENISA and OWASP.
threat modelling
The process of analyzing in a structured way the weaknesses of a system from the point of view of a potential attacker. Helps identifying risks, quantifying their probability and severity, and prioritizing. There are several methodologies: STRIDE, Open threat taxonomy, ENISA and OWASP.
device layer attack surface
The vulnerabilities described by OWASP are hardware sensors, device memory, device physical interfaces, device firmware and firmware update mechanism
communication layer attack surface
Vulnerabilities this layer is device network services and network traffic. Data in motion can be intercepted, damaged, or altered. In addition, because the purpose of much of the IoT is data collection, attacks on the systems that carry data can bring down an entire IoT system.
Application layer protocols
Zigbee HTTP/HTTPS MQTT CoAP
risk register
a description of each identified risk, probability or frequency of the risk concurring, steps to mitigate, rank each risk, exposure cost
application layer attack surface
any weakness that a threat actor could use to compromise the security of that application. He can then use specific tools and methods to discover application vulnerabilities such as application penetration testers, port scanners, and code checkers.
Constained devices
device usually has very limited power, memory, and processing cycles. Communication capabilities are also limited. Where communication is available it is unlikely that encryption is implemented due to the limited processing power of these devices. . Lack of encryption is one of the vulnerabilities listed by OWASP
Iot attack surface
devided into device, communication and application layer attack surface.
authentication security issues
eavesdropping DoS Trojan horse Replay
IoT devices identity management
in the world of IoT, it refers to the identification of a wide range of IoT devices and managing their access to data.
operational technology OT
includes industrial control systems, supervisory control and data acquisition systems. and all the devices that connect to these systems.
risk analysis
involves the identification and assessment of the potential risks.
risk management
involves the identification, selection and adoption of security measures to eliminate or reduce risks to acceptable levels.
digital signature
is a mathematical scheme for demonstrating authenticating digital information. cannot be copied because it is always different.
CVSS
is a risk assessment designed to convey the common attributes and severity of vulnerabilities in computer hardware and software systems
risk
is where threat and vulnerability overlap. Threat + asset + vulnerability = ___
access control
must be implemented by an organisation that protects its network resources, information system resources and information.
Threat model analysis
primarily a tool used to conduct tasks for risk management and vulnerability assessments. Threat modeling is a structured approach for analyzing the security and vulnerability of a system, whether that system be a device's hardware, software, or the networks used to communicate with other devices.
Information security is achieved
products people procedures derived from plans and policies
constrained devices
usually has very limited power, memory, and processing cycles. Communication capabilities are also limited. it is unlikely that encryption is implemented due to the limited processing power of these devices. devices are smart sensors, embedded devices and prototyping.
firmware vulnerabilities
vulnerabilities include default login credentials, DDoS attacks, out-of-date firmware, buffer overflow attacks and backdoor installation.
questions thinking about risks
who are the threat actors who want to attack us? what vulnerabilities can threat actors exploit? how would the system be affected by successful attacks? what is the likelihood that different attacks will be successful? how can the organization address the risk?
the public key infrastructure PKI
with its Certificate Authority (CA) is needed to support large-scale distribution and identification of public encryption keys.
Common ip vulnerabilities
· DoS attacks · DDoS attacks · ICMP attacks (for the purpose of reconnaissance) · Addressing spoofing attacks · Man-in-the-middle attacks · Session hijacking
One-time programmable memory OTP
· Permanently programmed memory cells (state-of the-art today) · Hard to reverse engineering · Programmed during IC system manufacturing. · Possible to destroy stored keys in response to tamper attempts. · Security may be maximized if the IC generates its own keys using hardware designed into the device.
vulnerabilities for constrained devices
· Theft of the device. · Physical damage to the device. · Disabling the device, removing power source. Disabling communication, disconnecting cables or other means of disruption