Computer Security Chapter 10: Cloud and IoT Security

Questions and Answers

What is one example of IoT security and privacy issues mentioned in the content?

Insecure Data Transfer and Storage

Which of the following is a potential consequence of 'Insufficient Privacy Protection' in IoT?

Misuse of personal information (correct)

Regular software updates

Secure communication

Data encryption

True or False: Lack of Device Management includes secure decommissioning of devices.

True

Match the IoT security challenge with its description:

Lack of Physical Hardening = Absence of physical security measures to prevent unauthorized access Insecure Default Settings = Devices shipped with insecure configurations or inability to enhance security settings Use of Insecure or Outdated Components = Utilization of deprecated or insecure software or hardware components

What is IoT short for?

Internet of Things

What do IoT devices share the sensor data they collect to?

IoT gateway or other edge device

IoT devices are provided with unique identifiers (UIDs) and have the ability to transfer data over a network with human-to-human interaction.

False

IoT security is concerned with safeguarding connected devices and networks in the Internet of ______.

Things

Match the IoT security measure with its description:

Incorporating security at the design phase = Ensuring security measures are implemented from the early design stages API security = Securing application programming interfaces to prevent unauthorized access Hardware security = Ensuring the physical security of IoT devices Patch management/continuous software updates = Regularly updating software to address security vulnerabilities

Study Notes

What is IoT (Internet of Things)?

• IoT refers to the network of physical devices, vehicles, home appliances, and other items embedded with sensors, software, and connectivity, allowing them to collect and exchange data.
• IoT devices are connected to the internet, transmit data, and can be controlled remotely.

How IoT Works

• IoT ecosystem consists of web-enabled smart devices that use embedded systems such as processors, sensors, and communication hardware to collect, send, and act on data.
• IoT devices share sensor data with IoT gateways or other edge devices, which can be sent to the cloud for analysis or analyzed locally.
• Connectivity, networking, and communication protocols vary depending on the specific IoT application deployed.

IoT Ecosystem and Components

• Endpoint devices:
  • Smart appliances (e.g., air conditioners, vacuum cleaners, TVs)
  • Smartphones (e.g., iPhones, Androids)
  • Smart "things" (e.g., smart watches, lights, medical implants)
• Communications:
  • WiFi, Zigbee, Z-Wave, N RFID, BLE, LoRaWAN, MQTT/SIP/CoAP
• Cloud platform, backend, and services:
  • Data and storage
  • Web-based services (e.g., Amazon Web Services - AWS IoT)
  • Device management (configuration, settings, maintenance, updates)

IoT Applications and Benefits

• Consumer segment:
  • Smart homes, smart thermostats, smart appliances, and connected heating, lighting, and electronic devices can be controlled remotely.
• Wearable devices:
  • Sensors and software can collect and analyze user data.
• Healthcare IoT:
  • Monitoring patients more closely.
• Smart buildings:
  • Reducing energy costs using sensors and adjusting temperature automatically.
• Agriculture:
  • IoT-based smart farming systems monitoring light, temperature, humidity, and soil moisture.

IoT Security and Privacy Issues

• IoT security refers to the technology area concerned with safeguarding connected devices and networks in the IoT.
• Example of IoT BotNet Attack:
  • 2016 Mirai botnet attack infiltrated domain name server provider Dyn, taking down many websites.
  • DDoS attack was staged and launched from IoT devices using Mirai malware.

Case Study: Dyn Botnet DDoS Attack

• DDoS attack on October 2016 targeted DNS provider Dyn using Mirai malware.
• Mirai malware:
  • Finds and infects IoT devices to grow the botnet.
  • Participates in DDoS attacks based on commands received from remote Command and Control (C&C) infrastructure.
• Mirai operates in three stages:
  1. Infect the device.
  2. Protect itself.
  3. Launch attack.

IoT Security Challenges

• Implementing security measures is critical to ensuring the safety of networks with IoT devices connected to them.
• Main challenges:
  • Default passwords.
  • Resource-constrained devices.
  • Lack of industry-accepted standards.
  • Convergence of IT and operational technology (OT).
  • Rise of botnets.
  • More IoT devices.
  • Lack of encryption.
  • Outdated legacy security.

IoT Security Measures

• Incorporating security at the design phase.
• Public key infrastructure (PKI) and 509 digital certificates.
• API security.
• Identity management.
• Hardware security.
• Strong encryption.
• Network security.
• Network access control.
• Security gateways.
• Patch management/continuous software updates.
• Integrating teams.
• Consumer education.

IoT Attack Tools

• Shodan.io:
  • A search engine for IoT devices that can discover devices connected to the internet, their location, and who is using them.
• IP Angry:
  • A freely available IP address and port scanner known for its ease of use, simplicity, and speed.

IoT Security Architecture

• AIOTI High level Architecture functional model.
• FP7-ICT IoT Architecture reference model.
• NIST Network of Things.
• ITU-T IoT Reference Model.
• ISO/IEC CD 30141 Internet of Things Reference Architecture.
• ISACA Conceptual IoT Architecture.
• oneM2M Architecture Model.
• IEEE P2413 – Standard for an Architectural Framework.

Description

This quiz covers the basics of internet of things (IoT), its ecosystem, applications, and security issues. It also explores cloud and IoT security measures, challenges, and tools.