Mobile Security Fall 2012
|
|
- Georgiana Greene
- 5 years ago
- Views:
Transcription
1 Mobile Security Fall 2012 Patrick Tague Class #9 The Internet of Things Partial slide credit to L. Zoia and Y. Zhang
2 Announcements If you haven't signed up for a Survey presentation (two teams, you know who you are), please sign up ASAP Very few slots remain, and I'm starting to fill them! I'll be in Pgh on October 3-4 me if you want to schedule a meeting while I'm there HW #2 will be posted by October 3
3 The Internet of Things What is the IoT? Agenda Technologies enabling the IoT Risks, issues, and challenges
4 Internet of Things What is the Internet of Things (IoT)? Originally: IoT = Internet-wide identification of objects using RFID tags, allowing all things to be indexed via the Internet More recently: IoT = Global interconnection of physical and virtual things IoT = Internet-enabled smart control systems IoT = Network of identifiable things with virtual personalities, allowing for smart spaces IoT = Internet-wide connection of objects to the internet using unique IPv6 addresses, allowing all things to be accessed on the Internet
5 PAN + Internet = IoT?
6 Tethered PANs Tethering PAN devices to the Internet via some sort of gateway device allows a broader scale of device-to-device communications Ex: Sensor gateways Ex: UbiPAN [Albert et al., 2010] Extends Bluetooth networks using IP and SIP services But is this the IoT? To quote L. Zoia, this is more like the Internet with Things
7 PAN + Internet IoT?
8 Gateways / Proxies: IoT Enablers Gateway device provides extended connectivity (similar to 3G/4G core gateway for mobile Internet) Gateway devices serve as translators between PAN devices and Internet ZigBee UWB WiFi / ZigBee / UWB Bluetooth / WiFi Internet RFID / NFC ZigBee
9 IoT Enablers Control point / mediator Alternatively, a control point can act simultaneously as a gateway, a switch, and an interaction device Internet
10 IoT Enablers 4G (not 4G ) networking Ubiquitous IPv6-based access using 4G allows arbitrary (permitted) devices to access Internet using numerous access media Internet
11 So, what else is the IoT? PAN, 4G, and IPv6 provide the basic network building blocks, but the IoT requires services
12 Things Need Services In the IoT, every physical object has a virtual component that can produce and consume services
13 Defining the IoT Convergence of computing, communication, and control of physical (not only virtual) processes Translated: Even something as simple as a light bulb could be connected to the Internet [Scientific American, October 2004] Consequence: security infringement can cause safety infringement
14 So, Basically... The IoT is a few order of magnitude expansion of the Internet to include user-less, UI-less, automated, possibly embedded, devices What could go wrong?
15 Scenario Imagine a world where every object is connected to the Internet, most through embedded interfaces, using IPv6 What happens if a malicious/infected device can arbitrarily contact other devices? Does my refrigerator in California really need to communicate with a heating system in Tokyo? How do we impose limitations on access and information leakage?
16 IoT Security Goals Malfunctions, misconfiguration, malicious behavior, etc. in the IoT will outweigh any of the potential benefits Needed: Analysis of current security protocols and mechanisms Decision of whether such approaches are worth integrating into the IoT as is or if modifications or new designs are more beneficial
17 Old and New Threats Billions of intelligent things cooperate with other real and virtual entities in potentially random and unpredictable ways New avenues to exploitation: Easily accessible objects in unprotected zones, such as city streets, are vulnerable to physical harm Lowest barrier to entry just got lower
18 Info & Net Sec Protocols Improving security of easily accessible channels requires re-thought of basic crypto algorithms, key management techniques, and security protocols for secure interconnection and service
19 IoT Security & Privacy In addition to standard IP / web security issues: Device-to-device communication security Secure neighbor and service discovery Addition/deletion of devices and services Usable key management (think WiFi only more) Control signal verification / integrity Privacy of user information in context-aware services and applications...
20 Elements of IoT Security Cryptography is the cornerstone for network and service infrastructure protection Although standards such as AES might work for some IoT devices, others such as passive RFID tags are limited by strict constraints Also... Continually rekeying devices for strong long-term protection is an issue
21 Data and Privacy Along with the IoT comes a massive amount of data, sparking serious privacy concerns
22 Privacy by Design
23 Transparency Transparency is essential Which entities are managing their data? How and when those entities are using their data? Stakeholders such as service providers must be part of this equation, which might eliminate take-it-orleave-it license agreements. Businesses will adjust their services according to the amount of personal data the user provides.
24 Data Management Who manages the secrets? Which crypto mechanisms and protocols are used to protect data throughout the service's life cycle? Data management policy will not fit all situations Policy enforcement mechanisms are essential Data management is not trivial Requirement: service-dependent, userdependent, context-dependent interpretation, translation, and reconciliation of rules
25 Identity Management Staggering variety of identity and relationship types An object s identity is not the same as the identity of its underlying mechanisms. An object can have one core identity and several temporary identities that change according to its role. An object can identify itself using its identity or its specific features. Objects know the identity of their owners.
26 ID Example The refrigerator can lock itself after midnight to children or visitors, but remain open for adult residents.
27 ID Issues Must provide an infrastructure that allows mutual object authentication Must balance between centralized management and a distributed, hierarchical approach
28 ID Approaches A promising approach is to combine diverse authentication methods for humans and machines Combining authentication methods can prevent any loss of overall system security. Such combinations typically take the form of What I am + what I know, or What I have + what I know
29 Trust and Governance To define trust in a dynamic, collaborative environment and understand what it means to provide trust throughout an interaction. A governance framework can also help reduce liability. If someone can attribute a malicious action to a particular user or agent On the other hand, it can easily become excessive, fostering an environment in which people are continuously monitored
30 Fault Tolerance The first is to make all objects secure by default. Aside from designing secure protocols and mechanisms, researchers must work on improving software implementation quality, since it might not be feasible to provide a software patch for billions of devices The second effort is to give all IoT objects the ability to know the state of the network and its services. Objects should be able to defend themselves against network failures and attacks. Be able to act quickly to recover from any damage. Such elements can use feedback from other mechanisms.
31 Past and Future Standards
32 There is a lot of active research in progress to address the various aspects of security and privacy in the Internet of Things.
33 Crypto & Protocols ISO/IEC (standards aim to provide light-weight cryptography for constrained devices, including block and stream ciphers and asymmetric mechanisms) Sony s CLEFIA is a novel block cipher that supports 128-bit keys SHA-3 competition (should lay the foundation for more work on a new class of hash functions for long-term security) Another optimization is algorithm management in a crosslayer architecture, where various security mechanisms share one algorithm
34 Identity and Ownership In certain IoT contexts, single-sign-on (SSO) mechanisms can be useful Another approach to verifying device ownership and owner identity is digital shadowing
35 Privacy Protection The delegation mechanism is one privacy preservation proposal Users will want to provide information without revealing too much about themselves Other schemes let users maintain their location privacy even when making location-dependent queries
36 Bottom Line on IoT The IoT offers huge opportunity to integrate systems, mobile devices, etc. into the Internet architecture All of the opportunity comes with a huge risk Standards developers, service providers, application/service developers, manufacturers, and policymakers all have a role in shaping the future of the IoT
37 Next Time NFC and Mobile Payment Survey Presentation by team Gorgeous Grizzly Bears
Mobile Security Fall 2011
Mobile Security 14-829 Fall 2011 Patrick Tague Class #9 Smartphones, PANs, and the IoT Announcements HW #2 will be posted this week Project group meetings: I'd like to schedule a meeting with each group
More informationTechnical Solutions Novel Challenges to Privacy Privacy Enhancing Technologies Examples
Muhammad Eka WIJAYA Technical Solutions Novel Challenges to Privacy Privacy Enhancing Technologies Examples How to Address Privacy in Ubiquitous Work Understand Application Define Problem Know Tools 2
More informationMobile Security Fall 2013
Mobile Security 14-829 Fall 2013 Patrick Tague Class #7 Personal Area Networks Early Project Tasks Topic Survey Presentation Background summary of your topic area Not too broad, and not too specific to
More informationRegulation and the Internet of Things
Regulation and the Internet of Things 15 th Global Symposium for Regulators (GSR15) Prof. Ian Brown The views expressed in this presentation are those of the author and do not necessarily reflect the opinions
More informationWireless Network Security Spring 2013
Wireless Network Security 14-814 Spring 2013 Patrick Tague Class #4 Wireless Systems II Project proposals: Announcements Written proposal due in 1 week Presentation in class in 1 week Contact me to discuss
More informationWireless Network Security Spring 2011
Wireless Network Security 14-814 Spring 2011 Patrick Tague Feb 8, 2011 Class #9 Link/MAC layer security Announcements HW #1 is due on Thursday 2/10 If anyone would like Android phones for their course
More information9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers
Cryptography Basics IT443 Network Security Administration Slides courtesy of Bo Sheng Basic concepts in cryptography systems Secret cryptography Public cryptography 1 2 Encryption/Decryption Cryptanalysis
More informationMASP Chapter on Safety and Security
MASP Chapter on Safety and Security Daniel Watzenig Graz, Austria https://artemis.eu MASP Chapter on Safety & Security Daniel Watzenig daniel.watzenig@v2c2.at Francois Tuot francois.tuot@gemalto.com Antonio
More informationCryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng
Cryptography Basics IT443 Network Security Administration Slides courtesy of Bo Sheng 1 Outline Basic concepts in cryptography systems Secret key cryptography Public key cryptography Hash functions 2 Encryption/Decryption
More informationConnecting Securely to the Cloud
Connecting Securely to the Cloud Security Primer Presented by Enrico Gregoratto Andrew Marsh Agenda 2 Presentation Speaker Trusting The Connection Transport Layer Security Connecting to the Cloud Enrico
More informationSecuring Internet of things Infrastructure Standard and Techniques
Securing Internet of things Infrastructure Standard and Techniques Paper Author : Zubair A. Baig Name: Farooq Abdullah M.Sc Programming and Networks University of Oslo. Security internet of Things Standards
More informationSecurity in NFC Readers
Security in Readers Public Content and security, a different kind of wireless Under the hood of based systems Enhancing the security of an architecture Secure data exchange Information security goals Cryptographic
More informationNRENs and IoT Security: Challenges and Opportunities. Karen O Donoghue TICAL 2018 Cartagena 4 September 2018
NRENs and IoT Security: Challenges and Opportunities Karen O Donoghue TICAL 2018 Cartagena 4 September 2018 The number of IoT devices and systems connected to the Internet will be more than 5x the global
More informationSecurity improvement in IOT based on Software
International Journal of Scientific & Engineering Research, Volume 8, Issue 4, April-2017 122 Security improvement in IOT based on Software Raghavendra Reddy, Manoj Kumar, Dr K K Sharma Abstract With the
More informationWireless Network Security Spring 2011
Wireless Network Security 14-814 Spring 2011 Patrick Tague Jan 18, 2011 Class #3 Wireless vulnerabilities and threats Announcement: Agenda 6 remaining survey slots, 12 students yet to sign up Vulnerabilities,
More informationInternet of Things. Internet of Everything. Presented By: Louis McNeil Tom Costin
Internet of Things Internet of Everything Presented By: Louis McNeil Tom Costin Agenda Session Topics What is the IoT (Internet of Things) Key characteristics & components of the IoT Top 10 IoT Risks OWASP
More informationMobile Security Fall 2011
Mobile Security 14-829 Fall 2011 Patrick Tague Class #17 Location Security and Privacy HW #3 is due today Announcements Exam is in-class on Nov 9 Agenda Location security Location privacy Location, Location,
More informationIntroduction and Overview. Why CSCI 454/554?
Introduction and Overview CSCI 454/554 Why CSCI 454/554? Get Credits and Graduate Security is important More job opportunities More research funds 1 Workload Five homework assignments Two exams (open book
More informationSecuring IoT with the ARM mbed ecosystem
Securing IoT with the ARM mbed ecosystem Xiao Sun / Senior Applications Engineer / ARM ARM mbed Connect / Shenzhen, China December 5, 2016 Lots of interest in IoT security Researchers are looking into
More informationAn Overview of Smart Sustainable Cities and the Role of Information and Communication Technologies (ICTs)
An Overview of Smart Sustainable Cities and the Role of Information and Communication Technologies (ICTs) Sekhar KONDEPUDI Ph.D. Vice Chair FG-SSC & Coordinator Working Group 1 ICT role and roadmap for
More informationUses of Cryptography
Uses of Cryptography What can we use cryptography for? Lots of things Secrecy Authentication Prevention of alteration Page 1 Cryptography and Secrecy Pretty obvious Only those knowing the proper keys can
More informationRetail Security in a World of Digital Touchpoint Complexity
Retail Security in a World of Digital Touchpoint Complexity Author Greg Buzek, President of IHL Services Sponsored by Cisco Systems Inc. Featuring industry research by Previously in part 1 and part 2 of
More informationIEEE 2013 JAVA PROJECTS Contact No: KNOWLEDGE AND DATA ENGINEERING
IEEE 2013 JAVA PROJECTS www.chennaisunday.com Contact No: 9566137117 KNOWLEDGE AND DATA ENGINEERING (DATA MINING) 1. A Fast Clustering-Based Feature Subset Selection Algorithm for High Dimensional Data
More informationAnnouncements. me your survey: See the Announcements page. Today. Reading. Take a break around 10:15am. Ack: Some figures are from Coulouris
Announcements Email me your survey: See the Announcements page Today Conceptual overview of distributed systems System models Reading Today: Chapter 2 of Coulouris Next topic: client-side processing (HTML,
More informationSDLC Maturity Models
www.pwc.com SDLC Maturity Models SecAppDev 2017 Bart De Win Bart De Win? 20 years of Information Security Experience Ph.D. in Computer Science - Application Security Author of >60 scientific publications
More informationOWASP Top 10 The Ten Most Critical Web Application Security Risks
OWASP Top 10 The Ten Most Critical Web Application Security Risks The Open Web Application Security Project (OWASP) is an open community dedicated to enabling organizations to develop, purchase, and maintain
More informationNational Institute of Standards and Technology
National Institute of Standards and Technology April 2017 1 ITL Mission ITL promotes U.S. innovation and industrial competitiveness by advancing measurement science, standards, and related technology through
More informationDNS Cache Poisoning Looking at CERT VU#800113
DNS Cache Poisoning Looking at CERT VU#800113 Nadhem J. AlFardan Consulting Systems Engineer Cisco Systems ANOTHER BORING DNS ISSUE Agenda DNS Poisoning - Introduction Looking at DNS Insufficient Socket
More informationCIP-014. JEA Compliance Approach. FRCC Fall Compliance Workshop Presenter Daniel Mishra
CIP-014 JEA Compliance Approach FRCC Fall Compliance Workshop Presenter Daniel Mishra Acronyms & Terminologies DHS Department of Homeland Security JEA It s not an acronym JSO Jacksonville Sheriff's Office
More informationOWASP TOP Release. Andy Willingham June 12, 2018 OWASP Cincinnati
OWASP TOP 10 2017 Release Andy Willingham June 12, 2018 OWASP Cincinnati Agenda A quick history lesson The Top 10(s) Web Mobile Privacy Protective Controls Why have a Top 10? Software runs the world (infrastructure,
More informationENCRYPTION IN USE FACT AND FICTION. White Paper
White Paper Table of Contents The Case for Encryption... Encryption in Use Not Some Kind of Magic... Evaluating Encryption in Use Claims... 3 4 4 The Vaultive Approach... 5 2 Risk-conscious enterprises
More informationSecurity Fundamentals
COMP 150-IDS: Internet Scale Distributed Systems (Spring 2015) Security Fundamentals Noah Mendelsohn Tufts University Email: noah@cs.tufts.edu Web: http://www.cs.tufts.edu/~noah Copyright 2012 & 2015 Noah
More informationSMart esolutions Information Security
Information Security Agenda What are SMart esolutions? What is Information Security? Definitions SMart esolutions Security Features Frequently Asked Questions 12/6/2004 2 What are SMart esolutions? SMart
More informationCIS 5373 Systems Security
CIS 5373 Systems Security Topic 4.1: Network Security Basics Endadul Hoque Slide Acknowledgment Contents are based on slides from Cristina Nita-Rotaru (Northeastern) 2 Network Security INTRODUCTION 3 What
More informationA TRUST-BY-DESIGN FRAMEWORK FOR THE INTERNET OF THINGS
A TRUST-BY-DESIGN FRAMEWORK FOR THE INTERNET OF THINGS ESR3 - Davide Ferraris PhD Student @ University of Malaga, NICS lab Tutors: Prof. Javier Lopez, Dr. Carmen Fernandez Gago 1 Contents Introduction
More information18-642: Security Pitfalls
18-642: Security Pitfalls 4/18/2018 "On two occasions I have been asked [by members of Parliament]: 'Pray, Mr. Babbage, if you put into the machine wrong figures, will the right answers come out?' I am
More informationFAQ: Privacy, Security, and Data Protection at Libraries
FAQ: Privacy, Security, and Data Protection at Libraries This FAQ was developed out of workshops and meetings connected to the Digital Privacy and Data Literacy Project (DPDL) and Brooklyn Public Library
More informationHow to Create, Deploy, & Operate Secure IoT Applications
How to Create, Deploy, & Operate Secure IoT Applications TELIT WHITEPAPER INTRODUCTION As IoT deployments accelerate, an area of growing concern is security. The likelihood of billions of additional connections
More informationCryptography and Network Security. Prof. D. Mukhopadhyay. Department of Computer Science and Engineering. Indian Institute of Technology, Kharagpur
Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Module No. # 01 Lecture No. # 38 A Tutorial on Network Protocols
More informationPreempting Cyber Fraud: SWIFT Threat Indicator Sharing Tool. Cyber Security 3.0 Better Together August 18, 2017
Preempting Cyber Fraud: SWIFT Threat Indicator Sharing Tool Cyber Security 3.0 Better Together August 18, 2017 Research Overview Problem Statement Research Goals & Methodology Defining Insider Cashout
More informationThe University of Queensland
UQ Cyber Security Strategy 2017-2020 NAME: UQ Cyber Security Strategy DATE: 21/07/2017 RELEASE:0.2 Final AUTHOR: OWNER: CLIENT: Marc Blum Chief Information Officer Strategic Information Technology Council
More informationSecurity and Privacy. SWE 432, Fall 2016 Design and Implementation of Software for the Web
Security and Privacy SWE 432, Fall 2016 Design and Implementation of Software for the Web Today Security What is it? Most important types of attacks Privacy For further reading: https://www.owasp.org/index.php/
More informationCrypto Background & Concepts SGX Software Attestation
CSE 5095 & ECE 4451 & ECE 5451 Spring 2017 Lecture 4b Slide deck extracted from Kamran s tutorial on SGX, presented during ECE 6095 Spring 2017 on Secure Computation and Storage, a precursor to this course
More informationStandardized M2M Software Development Platform Contents
White Paper Standardized Service Platform Service-Oriented RESTful Architecture Scalable IP-based End-to-End Solution Flexible Application API Accelerating Growth of M2M Service Applications and Deployment
More informationCYBERSECURITY AND SERVICE STATIONS
CYBERSECURITY AND SERVICE STATIONS Hocine AMEUR and Simon Elrharbi hocine.ameur@coessi.fr simon.elrharbi@coessi.fr 1 AGENDA 1. WHO WE ARE 2. IoT and Security 3. Connected service stations security 4. How
More informationInternet of Things: Driving the Transformation
Internet of Things: Driving the Transformation Annabel Nickles, PhD, MBA Director, Emerging Platform Solutions Integrated Computing Research Intel Labs 1 What Are People Saying about IOT? Vol. 12345 Nr.001
More informationA Data Collecting and Caching Mechanism for Gateway Middleware in the Web of Things
A Data Collecting and Caching Mechanism for Gateway Middleware in the Web of Things Xuchao Chang, Chunhong Zhang, Li Sun Beijing University of Posts and Telecommunications, Beijing, 100876, China E-mail:
More informationWireless Network Security Spring 2011
Wireless Network Security 14-814 Spring 2011 Patrick Tague Feb 17, 2011 Class #12 Network layer security Announcements No more scheduled office hours after today Email or call me to make an appointment
More informationCSCI 420: Mobile Application Security. Lecture 7. Prof. Adwait Nadkarni. Derived from slides by William Enck, Patrick McDaniel and Trent Jaeger
CSCI 420: Mobile Application Security Lecture 7 Prof. Adwait Nadkarni Derived from slides by William Enck, Patrick McDaniel and Trent Jaeger 1 cryptography < security Cryptography isn't the solution to
More informationCOOPERATIVE ITS SECURITY STANDARDIZATION AND ACTIVITIES ON EUROPEAN C ITS TRUST MODEL AND POLICY
COOPERATIVE ITS SECURITY STANDARDIZATION AND ACTIVITIES ON EUROPEAN C ITS TRUST MODEL AND POLICY ETSI IoT Security WORKSHOP, 13 15 June 2016 Brigitte LONC, RENAULT ETSI TC ITS WG 5 Chairman ETSI 2016.
More informationData Security and Privacy. Topic 14: Authentication and Key Establishment
Data Security and Privacy Topic 14: Authentication and Key Establishment 1 Announcements Mid-term Exam Tuesday March 6, during class 2 Need for Key Establishment Encrypt K (M) C = Encrypt K (M) M = Decrypt
More informationeguide: Designing a Continuous Response Architecture 5 Steps to Reduce the Complexity of PCI Security Assessments
eguide: Designing a Continuous Response Architecture 5 Steps to Reduce the Complexity of PCI Security Assessments Today s PCI compliance landscape is one of continuing change and scrutiny. Given the number
More informationBrowsing the World in the Sensors Continuum. Franco Zambonelli. Motivations. all our everyday objects all our everyday environments
Browsing the World in the Sensors Continuum Agents and Franco Zambonelli Agents and Motivations Agents and n Computer-based systems and sensors will be soon embedded in everywhere all our everyday objects
More informationSystem Challenges for Pervasive and Ubiquitous Computing
System Challenges for Pervasive and Ubiquitous Computing 18 th Roy Want Intel Research May 2005, ICSE 05 St. Louis th May 2005, ICSE What is Ubiquitous Computing? The most profound technologies are those
More informationHyperledger Quilt and Interledger Protocol. Nathan Aw - Technical Ambassador Edmund To - Organizer of Hyperledger Meetup Hong Kong
Hyperledger Quilt and Interledger Protocol Nathan Aw - Technical Ambassador Edmund To - Organizer of Hyperledger Meetup Hong Kong Housekeeping Road Map of 2018 - More meet ups! Thank you to our sponsor
More informationSecurity+ SY0-501 Study Guide Table of Contents
Security+ SY0-501 Study Guide Table of Contents Course Introduction Table of Contents About This Course About CompTIA Certifications Module 1 / Threats, Attacks, and Vulnerabilities Module 1 / Unit 1 Indicators
More informationFuture and Emerging Threats in ICT
Future and Emerging Threats in ICT www.ict-forward.eu Edita Djambazova Institute for Parallel Processing Bulgarian Academy of Sciences 1 Description ICT-FORWARD is a Coordination Action that aims at promoting
More informationTim moves to accept, Chris Z seconds. No objections or comments.
Minutes for PKCS 11 TC weekly concall 5-Feb-2014 1 Opening remarks (co-chairs) 2 Roll call taken by Bob Griffin. Quorum achieved. 3 Review / approval of the agenda Proposed Agenda: 1 Opening remarks (co-chairs)
More informationG/On OS Security Model
Whitepaper G/On OS Security Model Technical Whitepaper with Excitor comments on CESG Guidance 1 About this document This document describes the security properties of G/On OS, which is a Linux based, client
More informationMoB: A Mobile Bazaar for Wide Area Wireless Services. R.Chakravorty, S.Agarwal, S.Banerjee and I.Pratt mobicom 2005
MoB: A Mobile Bazaar for Wide Area Wireless Services R.Chakravorty, S.Agarwal, S.Banerjee and I.Pratt mobicom 2005 What is MoB? It is an infrastructure for collaborative wide-area wireless data services.
More informationegov & PKI By: Alaa Eldin Mahmoud Aly YOUR LOGO
egov & PKI By: Alaa Eldin Mahmoud Aly YOUR LOGO e-government Survey 2014 United Nations Page 2 EGDI: E-Government Development Index National ID & Digital Signature Estonian Prime Minister Andrus Ansip
More informationSTRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE
STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE By the authority vested in me as President by the Constitution and the laws of the United States of America, it is hereby
More informationBrian Russell, Chair Secure IoT WG & Chief Engineer Cyber Security Solutions, Leidos
Brian Russell, Chair Secure IoT WG & Chief Engineer Cyber Security Solutions, Leidos Cloud Security Alliance, 2015 Agenda 1. Defining the IoT 2. New Challenges introduced by the IoT 3. IoT Privacy Threats
More informationPCI PA-DSS Implementation Guide
PCI PA-DSS Implementation Guide For Atos Worldline Banksys XENTA, XENTEO, XENTEO ECO, XENOA ECO YOMANI and YOMANI XR terminals using the Point BKX Payment Core Software Versions A05.01 and A05.02 Version
More informationCSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L
CS 3461/5461: Introduction to Computer Networking and Internet Technologies Network Security Study: 21.1 21.5 Kannan Srinivasan 11-27-2012 Security Attacks, Services and Mechanisms Security Attack: Any
More informationInternet 3.0: Ten Problems with Current Internet Architecture and a Proposal for the Next Generation
Internet 3.0: Ten Problems with Current Internet Architecture and a Proposal for the Next Generation Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@wustl.edu These slides are
More information5G-ENSURE Workshop, ETSI Security Week Sophia Antipolis, 16 June Mike Surridge, University of Southampton IT Innovation Centre
5G-ENSURE (Project Number 671562) A Trust Model for 5G 5G-ENSURE Workshop, ETSI Security Week Sophia Antipolis, 16 June 2017 Mike Surridge, University of Southampton IT Innovation Centre ms _at_ it-innovation.soton.ac.uk
More informationCritical Information Infrastructure Protection Law
Critical Information Infrastructure Protection Law CCD COE Training 8 September 2009 Tallinn, Estonia Maeve Dion Center for Infrastructure Protection George Mason University School of Law Arlington, Virginia.
More informationCryptanalysis of a Markov Chain Based User Authentication Scheme
Cryptanalysis of a Markov Chain Based User Authentication Scheme Ruhul Amin, G.P. Biswas Indian School of Mines, Dhanbad Department of Computer Science & Engineering Email: amin ruhul@live.com, gpbiswas@gmail.com
More informationIoT Security and Risk Management
SESSION ID: GPS1-R03 IoT Security and Risk Management Tyson Macaulay Chief Security Strategist, Fortinet IoT Security is a BIG STORY! Security as a % of IT Budget 4% 7% 20 Billion+ devices? 2% Source:
More informationEnabling Smart Energy as a Service via 5G Mobile Network advances. The Energy as a Service: when the Smart Energy uses the 5G technology
Enabling Smart Energy as a Service via 5G Mobile Network advances The Energy as a Service: when the Smart Energy uses the 5G technology Ljubljana, 5G PPP Phase 3 Stakeholders Info day October 17 2017 Fiorentino
More informationACS / Computer Security And Privacy. Fall 2018 Mid-Term Review
ACS-3921-001/4921-001 Computer Security And Privacy Fall 2018 Mid-Term Review ACS-3921/4921-001 Slides Used In The Course A note on the use of these slides: These slides has been adopted and/or modified
More informationPreserving Data Privacy in the IoT World
MASSACHUSETTS INSTITUTE OF TECHNOLOGY Preserving Data Privacy in the IoT World Thomas Hardjono Alex Sandy Pentland Connection Science & Engineering Massachusetts Institute of Technology July 2016 connection.mit.edu
More informationNational Cybersecurity Challenges and NIST. Matthew Scholl Chief Computer Security Division
National Cybersecurity Challenges and NIST Matthew Scholl Chief Computer Security Division National Archives The Importance of Standards Article I, Section 8: The Congress shall have the power to fix the
More informationPrivacy Challenges in Big Data and Industry 4.0
Privacy Challenges in Big Data and Industry 4.0 Jiannong Cao Internet & Mobile Computing Lab Department of Computing Hong Kong Polytechnic University Email: csjcao@comp.polyu.edu.hk http://www.comp.polyu.edu.hk/~csjcao/
More informationPRIVACY POLICY CHILDREN S PRIVACY
PRIVACY POLICY The Community Foundation of Greater Memphis (referenced herein as Foundation, we or us ) respects the privacy of visitors to our website. Please read this Privacy Policy carefully so that
More informationPrincipals of Blockchain technology - Digital Business Ecosystem Kick of meeting Helsinki
Principals of Blockchain technology - Digital Business Ecosystem Kick of meeting 25.2.2016 Helsinki Dr. Kari Korpela, Information Logistics Integration School of Business and Management Lappeenranta University
More informationGovernance Ideas Exchange
www.pwc.com.au Anatomy of a Hack Governance Ideas Exchange Robert Di Pietro October 2018 Cyber Security Anatomy of a Hack Cyber Security Introduction Who are the bad guys? Profiling the victim Insights
More informationCristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.
CS355: Cryptography Lecture 17: X509. PGP. Authentication protocols. Key establishment. Public Keys and Trust Public Key:P A Secret key: S A Public Key:P B Secret key: S B How are public keys stored How
More informationInternet 3.0: Ten Problems with Current Internet Architecture and Solutions for the Next Generation
Internet 3.0: Ten Problems with Current Internet Architecture and Solutions for the Next Generation Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu These slides are
More informationMedical Device Vulnerability Management
Medical Device Vulnerability Management MDISS / NH-ISAC Process Draft Dale Nordenberg, MD June 2015 Market-based public health: collaborative acceleration Objectives Define a trusted and repeatable process
More informationSecurity Solutions. End-to-end security. Protecting your physical access control system.
Security Solutions End-to-end security Protecting your physical access control system. www.nedapsecurity.com security common practice Bringing IT best practices to physical security Often, companies don
More informationWhy the cloud matters?
Why the cloud matters? Speed and Business Impact Expertise and Performance Cost Reduction Trend Micro Datacenter & Cloud Security Vision Enable enterprises to use private and public cloud computing with
More informationTest Conditions. Closed book, closed notes, no calculator, no laptop just brains 75 minutes. Steven M. Bellovin October 19,
Test Conditions Closed book, closed notes, no calculator, no laptop just brains 75 minutes Steven M. Bellovin October 19, 2005 1 Form 8 questions I m not asking you to write programs or even pseudo-code
More informationRelay Attacks on Secure Elementenabled
Relay Attacks on Secure Elementenabled Mobile Devices Virtual Pickpocketing Revisited Michael Roland University of Applied Sciences Upper Austria,, Austria SEC2012 IFIP International Information Security
More informationCSE 127: Computer Security Cryptography. Kirill Levchenko
CSE 127: Computer Security Cryptography Kirill Levchenko October 24, 2017 Motivation Two parties want to communicate securely Secrecy: No one else can read messages Integrity: messages cannot be modified
More informationSystem models for distributed systems
System models for distributed systems INF5040/9040 autumn 2010 lecturer: Frank Eliassen INF5040 H2010, Frank Eliassen 1 System models Purpose illustrate/describe common properties and design choices for
More informationThe onem2m standard Horizontal Service Layer
The onem2m standard Horizontal Service Layer June 8 th 2017, Bordeaux Nicolas Damour, Chairman of the onem2m WG2-Architecture group ndamour@sierrawireless.com Sierra Wireless is building the Internet of
More informationIT risks and controls
Università degli Studi di Roma "Tor Vergata" Master of Science in Business Administration Business Auditing Course IT risks and controls October 2018 Agenda I IT GOVERNANCE IT evolution, objectives, roles
More informationA Layered Protocol Architecture for Scalable Innovation and Identification of Network Economic Synergies in the Internet of Things
A Layered Protocol Architecture for Scalable Innovation and Identification of Network Economic Synergies in the Internet of Things Tilman Wolf 1 and Anna Nagurney 2 1 Department of Electrical and Computer
More informationC1: Define Security Requirements
OWASP Top 10 Proactive Controls IEEE Top 10 Software Security Design Flaws OWASP Top 10 Vulnerabilities Mitigated OWASP Mobile Top 10 Vulnerabilities Mitigated C1: Define Security Requirements A security
More informationChallenges. Distribution. Discovery. Security. Usability. Governance. Unreliable messaging. Physical objects. Dealing with places.
Unreliable messaging Distribution Discovery Physical objects Asynchrony Dealing with places Delay tolerance Challenges Power source? Data services Security Identifying Integrity Autonomy Usability Provenance
More informationA Secure and Dynamic Multi-keyword Ranked Search Scheme over Encrypted Cloud Data
An Efficient Privacy-Preserving Ranked Keyword Search Method Cloud data owners prefer to outsource documents in an encrypted form for the purpose of privacy preserving. Therefore it is essential to develop
More informationThe Cryptographic Sensor
The Cryptographic Sensor Libor Dostálek and Václav Novák {libor.dostalek, vaclav.novak}@prf.jcu.cz Faculty of Science University of South Bohemia České Budějovice Abstract The aim is to find an effective
More informationPoint ipos Implementation Guide. Hypercom P2100 using the Point ipos Payment Core Hypercom H2210/K1200 using the Point ipos Payment Core
PCI PA - DSS Point ipos Implementation Guide Hypercom P2100 using the Point ipos Payment Core Hypercom H2210/K1200 using the Point ipos Payment Core Version 1.02 POINT TRANSACTION SYSTEMS AB Box 92031,
More informationCisco 5921 Embedded Services Router
Data Sheet Cisco 5921 Embedded Services Router The Cisco 5921 Embedded Services Router (ESR) is a Cisco IOS software router application. It is designed to operate on small, low-power, Linux-based platforms
More informationONE IMPLEMENTATION OF A PROTOCOL FOR GENERATION AND DISTRIBUTION OF CRYPTOGRAPHIC KEYS
INFORMATION SECURITY AND DATA SCIENCE ONE IMPLEMENTATION OF A PROTOCOL FOR GENERATION AND DISTRIBUTION OF CRYPTOGRAPHIC KEYS Dalibor Marijančević*, Saša Adamović, Milan Milosavljević Singidunum University,
More informationIs Your Web Application Really Secure? Ken Graf, Watchfire
Is Your Web Application Really Secure? Ken Graf, Watchfire What we will discuss today Pressures on the application lifecycle Why application security defects matter How to create hacker resistant business
More informationAn improved security model for identity authentication against cheque payment fraud in Tanzanian banks
An improved security model for identity authentication against cheque payment fraud in Tanzanian banks Feno Heriniaina, R. 1 * Kitindi, Edvin 2 1. College of Computer Science, Chongqing University, Chongqing-
More informationCisco 5921 Embedded Services Router
Data Sheet Cisco 5921 Embedded Services Router The Cisco 5921 Embedded Services Router (ESR) is a Cisco IOS software router. It is designed to operate on small, low-power, Linux-based platforms to extend
More information