Agenda. Make the Internet of Things Work to Cloud The Risks and Weakness Security on the IoT Building a Secure IoT Path from device to Cloud.
|
|
- Eleanore Richards
- 5 years ago
- Views:
Transcription
1 Secure IoT Connection by Spencer Chang May, 2018
2 2 Agenda Make the Internet of Things Work to Cloud The Risks and Weakness Security on the IoT Building a Secure IoT Path from device to Cloud Amazon AWS Summary
3 The efficient design of the data path for IoT applications 3 Wireless Sense Act Standards & Alliances Browser Cloud Platform
4 What is MCU? (Microcontroller Unit) 4 1. Memory and Flash inside 2. The different Peripheral Low Power for Battery application Low Cost 3. Easy to attach Sensor 4. The different IC Package 5. Quality and Reliability 8/16/32 MCU
5 The efficient design of the data path for IoT applications 5 Wireless Sense Act Standards & Alliances Browser Cloud Platform
6 6 Wireless Technologies 10,000 Primary differentiator is Internet access 1,000 Cellular / Satellite Range (meters) ISM Proprietary MiWi IEEE MiWi ZigBee IEEE IEEE Bluetooth Bluetooth WiBree IEEE Wi-Fi TCP/IP ,000 10, ,000 Data-rate Kbps
7 7 Wireless Technologies CONFIGURATIONS ADVANTAGES DISADVANTAGES Your Wi-Fi Product Router Cloud Existing infrastructure Customer familiarity Power Consumption Limited Range Large Stack Your Bluetooth Product Cell Phone Wi-Fi or Cell Cloud Smartphone availability Low power Easy setup Native security Limited Range Royalties Your ZigBee or Sub-GHz Product Gateway Wi-Fi or Ethernet Router Cloud Light stack Multi-radio support Multi-proto support Good range Very low power Additional concentrator required Your Ethernet Product Router Cloud Plug-and-play Flexible design Max. reliable bandwidth Cost effective Robust Requires wiring Your LoRa ZigBee or Sub-GHz Technology Product Gateway Wi-Fi or Ethernet Router Cloud Low power Long rage (10 miles) Spread spectrum data Bidirectional data path Public network adoption
8 8 WiFi----Network Types Infrastructure Client nodes communicate via an access point Most common, like connecting your PC to a home network Ad-hoc Point-to-Point connections Every node connected to every other node Android unsupported Soft AP Module looks like an Access Point AP module is central coordinator Basic network management DHCP, routing, gateway redirection
9 The efficient design of the data path for IoT applications 9 Wireless Sense Act Standards & Alliances Browser Cloud Platform
10 10 TCP/IP Protocol Stack Application Layer The Application layer is the group of applications requiring network communications. Host A Web Browser Generates the data and requests connections Host B Web Server Transport Layer (TCP/UDP) The Transport layer establishes the connection between applications on different hosts. Establishes connections with remote host Network Layer (IP) The Network layer is responsible for creating the packets that move across the network. Transfers packets with virtual (IP) addresses Data Link Layer (MAC) The Data Link layer is responsible for creating the frames that move across the network. Transfers frames with physical (MAC) addresses Physical Layer The Physical layer is the transceiver that drives the signals on the network. Transmits and receives bits
11 Transmit Data Using Network Layers Application Layer I want to download a web page from this address: Message Transport Layer (TCP/UDP) Source Port = 31,244 Destination Port = 80 Network Layer (IP) I want to download a web page from this address: Segment/Datagram Source IP Addr = Dest IP Addr = Packet Source Port = 31,244 Destination Port = 80 Message Data Link Layer (MAC) Source MAC Addr = 00:12:F1:1E:E8:93 Dest MAC Addr = 00:04:A3:4D:1C:73 Frame Src IP Addr Dest IP Addr Src Port # Dest Port # Message Physical Layer 11
12 Receive Data Using Network Layers Application Layer I want to download a web page from this address: Message Transport Layer (TCP/UDP) Source Port = 31,244 Destination Port = 80 Network Layer (IP) I want to download a web page from this address: Segment/Datagram Source IP Addr = Dest IP Addr = Packet Source Port = 31,244 Destination Port = 80 Message Data Link Layer (MAC) Source MAC Addr = 00:12:F1:1E:E8:93 Dest MAC Addr = 00:04:A3:4D:1C:73 Frame Src IP Addr Dest IP Addr Src Port # Dest Port # Message Physical Layer 12
13 Receive Data Using Network Layers Application Layer I want to download a web page from this address: Message Transport Layer (TCP/UDP) Source Port = 31,244 Destination Port = 80 Match! Network Layer (IP) I want to download a web page from this address: Segment/Datagram Source IP Addr = Dest IP Addr = Match! Packet Source Port = 31,244 Destination Port = 80 Message Data Link Layer (MAC) Physical Layer Source MAC Addr = 00:12:F1:1E:E8:93 Dest MAC Addr = 00:04:A3:4D:1C:73 Match! Frame Src IP Addr Dest IP Addr Src Port # Dest Port # Message 13
14 TCP/IP Protocol Stack (Terminology Reference) Application Layer Transport Layer Network Layer Data Link Layer (MAC) Physical Layer Reference from: 14
15 15 TCP/IP Protocol Stack (Terminology Reference) Layer # Layer Name 5 Application Transport Network or Internet Data Link Protocol HTTP, SMTP, MQTT etc TCP/UDP IP Ethernet, Wi-Fi Protocol Data Unit Messages Segments/ Datagrams Packets Frames 1 Physical 10 Base T, Bits Addressing n/a Port #s IP Address MAC Address n/a
16 TLS Protocol 16
17 17 MQTT Client MQTT a lightweight protocol for IoT messaging Open open sepc,standard 40+ client implementations Lightweight minimal overhead efficient format tiny clients(kb Reliable QoS for reliability on unreliable networks Simple connect+publish+subscribe
18 18 MQTT Communication bi-directional, async push communication
19 19 MQTT and TLS MQTT relies and TCP as transport protocol, which means by default the connection does not use an encrypted communication. To encrypt the whole MQTT communication, most many MQTT brokers like HiveMQ allow to use TLS instead of plain TCP. If you are using the username and password fields of the MQTT CONNECT packet for authentication and authorization mechanisms, you should strongly consider using TLS. Port 8883 is standardized for a secured MQTT connection, the standardized name at IANA is secure-mqtt and port 8883 is exclusively reserved for MQTT over TLS.
20 The efficient design of the data path for IoT applications 20 Wireless Sense Act Standards & Alliances Browser Cloud Platform
21 Cloud Platform 21
22 22 Agenda Make the Internet of Things Work to Cloud The Risks and Weakness Security on the IoT Building a Secure IoT Path from device to Cloud Amazon AWS Summary
23 Business Security Impact of IoT 23 Your brand Your Company Your Revenue Your IP Your Customers
24 24 Security Classification Data Security Protecting Authenticity and Integrity of communication Malware/Ransomware attacks Secure Key Storage Symmetric/Asymmetric Cryptography Design Security Protection against unauthorized execution Reverse Engineering Root of Trust Secure Boot Secure Field Upgrade Key Provisioning IP Protection Hardware Security Protection Against Proximity/Physical Attacks SPA/DPA Attack Perturbation Attacks Environmental monitors Anti-Tamper
25 25 Level of Security The highest level of security? Yes, but the level of security required is Application and Implementation dependent. mpos Wi-Fi Baby Monitor Required Security How to determine level of Security? Requires Data Security, MCU Security and Chip Security. Requires Data Security and MCU Security.Chip Security is not Mandatory. Risk Assessment is key to Gauge level of Security required for Application. The higher the risk, the higher the level of Security required.
26 The weakness of the data path for IoT applications 26 Wireless Sense Act Standards & Alliances Browser Cloud Platform
27 MCU should protect code 27
28 Key & Code Recovery Can Be Outsourced! 28
29 29 Secure Boot Boot code runs first on power-on Immutable code <- Trusted! Boot code authenticates application code from the SPI flash This code is now trusted Application code authenticates next level code 2nd link in the chain of trust
30 The weakness of the data path for IoT applications 30 Wireless Sense Act Standards & Alliances Browser Cloud Platform
31 31 Wi-Fi / Internet Security Gateway SSL/TLS 1.2 is for end to end encryption Ensures Data Encryption Coming out of the LAN, also Known as Internet Security Cloud Service WPA/WPA2 is for WLAN Ensures Data Encryption within the LAN to avoid intrusion Device Fake Device Authentication used for Anti-cloning, Ecosystem Management, Storage of Keys/Certificates
32 KRACK Wi-Fi WPA2 vulnerability 32 What is KRACK (Key Reinstallation Attack) VU#228519? WPA2 (Wi-Fi Protected Access II) protocol, the standard Wi-Fi security mechanism, has critical security vulnerabilities. WPA2 is widely used in Home Access Point. The vulnerabilities are in the standard definition and not in a specific implementation almost all implementations are affected What is the risk? While Exploiting the vulnerability, hackers can perform: Packet decryption Packet replay TCP connection hijacking HTTP content injection Etc.
33 KRACK Wi-Fi WPA2 vulnerability 33 The bad news Almost all of the Wi-Fi devices in the world from mobile phones to Access Points (AP) and PCs are affected. The good news Using Application level security (i.e. SSL / TLS) ensures the data being sent over the Wi-Fi link is secured. Even better news (for our customers) As security is critical for us and is one of our focus areas, Microchip was one of the first vendors to issue a patch. Updated firmware with fixes for the ATWINC15x0 is available online and other devices are being evaluated / fixed. Microchip web site: KRACK Detailed information:
34 Wireshark Open/WEP/WPA Demo 34
35 The weakness of the data path for IoT applications 35 Wireless Sense Act Standards & Alliances Browser Cloud Platform
36 OpenSSL Heartbleed 36
37 37 CVE The Heartbleed Bug has affected websites, s, and banking institutions utilizing open SSL/TLS encryption. As the story continu to unfold, IT security experts provide their thoughts on the one of t most significant internet security crises to date Private Key Cookie SESSION ID ACCOUNT/PASSWORD PERSON Info/Credit Card Other memory Info
38 HOW THE HEARTBLEED BUG WORKS 38
39 HOW THE HEARTBLEED BUG WORKS 39
40 HOW THE HEARTBLEED BUG WORKS 40
41 HOW THE HEARTBLEED BUG WORKS 41
42 HOW THE HEARTBLEED BUG WORKS 42
43 OpenSSL CVE (Heartbleed) 43
44 How to Hack HTTPS/SSL Secured Websites using MITMF 44
45 The weakness of the data path for IoT applications 45 Wireless Sense Act Standards & Alliances Browser Cloud Platform
46 Do you know DDoS? distributed denial-of-service attack 46
47 Cloud Security 47
48 48 Cloud Security
49 49 Agenda Make the Internet of Things Work to Cloud The Risks and Weakness Security on the IoT Building a Secure IoT Path from device to Cloud Amazon AWS Summary
50 ATECC508A/ ATECC608A Introduction Provides secure storage and execution environment for keys Symmetric (SHA256) Asymmetric (elliptic curve) Supports NIST P-256 curve a.k.a. secp256r1, prime256v1 10.5Kb storage across 16 slots High-quality internal RNG Supports SHA256, ECDSA, and ECDH algorithms 50
51 ATECC508A/ATECC608A/ HW Security 51 Advanced Multi-Level HW Security Active shield over entire chip All memories internally encrypted Data independent execution Internal state consistency checking Power supply tamper protection Temperature lockouts Internal clock generation Secure test methods No die features can be identified No package or die identification Designed to defend against a multitude of attacks Microchip Active Shield Standard uc, logic & memory
52 52 ATECC508A Acceleration ATECC508A versus Cortex M0+ running at 48MHz 6000 H/W vs S/W Benchmark 5000 milliseconds P256 Key Gen ECDSA Sign ECDSA Verify ECDHE ATECC508A Cortex 48MHz Reduces code size (no elliptic curve crypto library)
53 53 ATECC508A/ ATECC608A TLS Support Supports authentication (ECDSA) and key exchange (ECDH) Encryption (AES) is still handled by the host MCU. ATECC608A support AES. Protects the device s identity key Accelerate verification and key agreement
54 54 TLS Handshake Mutual Client Random Verify Verify ClientHello ServerHello Certificate ServerKeyExchange Server CertificateRequest ServerHelloDone GenKey Certificate ECDH ClientKeyExchange Sign CertificateVerify ATECC508A ATECC608A Finished Finished
55 55 TLS Handshake One Way Client Random Verify Verify ClientHello ServerHello Certificate ServerKeyExchange Server CertificateRequest ServerHelloDone GenKey Certificate ECDH ClientKeyExchange CertificateVerify ATECC508A ATECC608A Finished Finished
56 56 ATECC508A for AWS IoT (TLS)--Example ATECC508A is very configurable AWS configuration preconfigures for use with AWS IoT Slot 0 Device private key Slots 2 ECDHE private key Slots 10-12,14 Device and signer certificates Other slots pre-configured for common use cases
57 57 ATECC508A Certificate Key ATECC508A stores the device s private key Stored in slot 0 Internally generated by RNG Can t be read, never exposed Public key used in its certificate when provisioned
58 58 ATECC508A Key Agreement Ephemeral private key Helps speed and code size Regenerated for every session Stored in slot 2 Used with ECDH command to generate pre-master secret
59 59 Certificate Storage Certificates are public Store both device certificate and signer certificate Simplifies certificate validation Uses compressed format Dynamic certificate data on ATECC508A Static certificate data in firmware Uses slots 10-12,14 for storage
60 Notes on Microchip s Factory Provisioning 60 Secure Facilities Camera monitored Physical access control Network isolation HSMs in floor secured locked cages Frequent 3 rd party audits Hardware Secure Modules (HSM) Highly secure computers World class certifications FIPS Level 3 CC EAL 4+ Certification U/L 1950 (EN60950) & CSA C22.2 compliant FCC Part 15 - Class B Floor bolted secure cage in a dedicated room BAC and EAC epassport HSM from
61 Secure authentication scheme for IoT and cloud servers 61
62 62 Agenda Make the Internet of Things Work to Cloud The Risks and Weakness Security on the IoT Building a Secure IoT Path from device to Cloud Amazon AWS Summary
63 63 The Chain of Trust HP s AWS Account Amazon Device Certificate Verify OK! HP Material Box) IOT Device Device Certificate
64 issues Get Device Certificate HP 1. A lot of time to register 100K IOT device on cloud and get the 100K Certificate 2. Where and How to store the 100K Certificate and keep them secure? PC? Material Box) IOT Device Device Certificate 3. A lot of Cost to store the 100K Certificate into every Device 4. Where to store the Certificate on Device and keep them secure? FLASH? 64
65 65 The Chain of Trust OEM s AWS Account HP-1 Reject! HP-2 (son) Register! Customer-Specific Production Signers with BYOC (CA provisioning) Device certs Loaded with JITR (Lambda ) Cindy Root of Trust HP-2 (Son) (to Microchip) Customer- Specific Production Signers Root CA (OEM) HP-3 ( 孫 ) (Material Box) IOT Device Device Certificate
66 Amazon AWS IoT Demo 66
67 Amazon Alexa Demo 67
68 Summary
69 69 Vision Be The Very Best Embedded Control Solutions Company Ever
70 70 The Security level of IoT device Networking appliances Smart Home Building Automation Intelligent transportation Intelligent medical Ambient Temperature
71 71 Country Who's responsible for IoT security IC/Solution Provider Division/Marketing/Sales/FAE OEM/ODM/OBM Manufacture User
72 The Regulation of the Internet of Things 72 With the rise of the IoT and related technologies such as robotics, AI and Big Data, new regulatory frameworks are deployed in an age where data is gold. Moreover, the Internet of Things needs specific attention in the scope of, among others, the GDPR and the eprivacy Regulation. IoT and Data Protection Impac Assessments under the GDPR IoT, data breaches and the reporting duty IoT and the challenge of consent and lawful processing
73 73 Guidelines for the Safety of the Internet of Things (1/3) IOT Device Manufacture In November 15,2016, the Department of Homeland Security (DHS) issued a set of Strategic Principles for Securing the Internet of Things (IoT), Version 1.0. These principles highlight approaches and suggested practices to fortify the security of the IoT and will equip stakeholders to make responsible and risk-based security decisions as they design, manufacture, and use internet-connected devices and systems. Incorporate Security at the Design Phase Connect Carefully and Deliberately Promote Security Updates and Vulnerability Management Promote Transparency across IoT Prioritize Security Measures According to Potential Impact Build on Recognized Security Practices
74 74 Guidelines for the Safety of the Internet of Things (2/3) IOT Device Manufacture Promoting New Business Harnessing Secured IoT System Implementing Technological Development and Demonstration Related to IoT Systems Security Creation of Secured IoT Systems Improving Structural Frameworks for IoT systems Security Considering Approaches for Enhanced IoT Systems Security
75 75 State of the Art and Challenges for the Internet of Things(3/3) IETF Security Architecture Security Policies Security Services Security Technical Architecture Security incident handling
76 In the Future
77 AWS GreenGrass and Azure Field Gateway (HW-Based) 77
78 New IoT Gateway Platform (AWS GreenGrass)--MPU 78 MPU AWS GreenGrass Slides ` Microchip s SAMA5D2 family offers full Greengrass compatibility in a low-power, small form factor microprocessor (MPU) targeted at industrial and long-life gateway and concentrator applications in harsh and physically insecure environments.
79 Thank you
Connecting Securely to the Cloud
Connecting Securely to the Cloud Security Primer Presented by Enrico Gregoratto Andrew Marsh Agenda 2 Presentation Speaker Trusting The Connection Transport Layer Security Connecting to the Cloud Enrico
More informationSecuring IoT devices with STM32 & STSAFE Products family. Fabrice Gendreau Secure MCUs Marketing & Application Managers EMEA Region
Securing IoT devices with STM32 & STSAFE Products family Fabrice Gendreau Secure MCUs Marketing & Application Managers EMEA Region 2 The leading provider of products and solutions for Smart Driving and
More informationEnabling IOT. IQRF Alliance Conference May Harald Weidinger Key Client Manager
Enabling IOT IQRF Alliance Conference May 2016 Harald Weidinger Key Client Manager IQRF Alliance Conference, May 2016 2 Vision, Mission & Goals Vision : Make Microchip a leading provider of IoT ecosystems,
More informationProvisioning secure Identity for Microcontroller based IoT Devices
Provisioning secure Identity for Microcontroller based IoT Devices Mark Schaeffer, Sr. Product Marketing Manager, Security Solutions Synergy IoT Platform Business Division, Renesas Electronics, Inc. May
More informationSecuring IoT applications with Mbed TLS Hannes Tschofenig
Securing IoT applications with Mbed TLS Hannes Tschofenig Part#2: Public Key-based authentication March 2018 Munich Agenda For Part #2 of the webinar we are moving from Pre-Shared Secrets (PSKs) to certificated-based
More informationAtmel Trusted Platform Module June, 2014
Atmel Trusted Platform Module June, 2014 1 2014 Atmel Corporation What is a TPM? The TPM is a hardware-based secret key generation and storage device providing a secure vault for any embedded system Four
More informationSecurity+ SY0-501 Study Guide Table of Contents
Security+ SY0-501 Study Guide Table of Contents Course Introduction Table of Contents About This Course About CompTIA Certifications Module 1 / Threats, Attacks, and Vulnerabilities Module 1 / Unit 1 Indicators
More informationSicherheitsaspekte für Flashing Over The Air in Fahrzeugen. Axel Freiwald 1/2017
Sicherheitsaspekte für Flashing Over The Air in Fahrzeugen Axel Freiwald 1/2017 All OEMs Will Implement Software OTA As Soon As Possible IHS Study Motivation: Save on recalls caused by software bugs Evolution
More informationSecuring IoT devices with Hardware Secure Element. Fabrice Gendreau EMEA Secure MCUs Marketing & Application Manager
Securing IoT devices with Hardware Secure Element Fabrice Gendreau EMEA Secure MCUs Marketing & Application Manager 2 A global semiconductor leader 2016 revenues of $6.97B Listed: NYSE, Euronext Paris
More informationAuth. Key Exchange. Dan Boneh
Auth. Key Exchange Review: key exchange Alice and want to generate a secret key Saw key exchange secure against eavesdropping Alice k eavesdropper?? k This lecture: Authenticated Key Exchange (AKE) key
More informationLaunch Smart Products With End-to-End Solutions You & Your Customers Can Trust
Solution Brief: Launch Smart Products With End-to-End Solutions You & Your Customers Can Trust DeviceTone, our ready to run "connect, manage and enable" solution for product companies, makes secure connectivity,
More informationARCHITECTURING AND SECURING IOT PLATFORMS JANKO ISIDOROVIC MAINFLUX
ARCHITECTURING AND SECURING IOT PLATFORMS JANKO ISIDOROVIC CEO @ MAINFLUX Outline Internet of Things (IoT) Common IoT Project challenges - Networking - Power Consumption - Computing Power - Scalability
More informationMost Common Security Threats (cont.)
Most Common Security Threats (cont.) Denial of service (DoS) attack Distributed denial of service (DDoS) attack Insider attacks. Any examples? Poorly designed software What is a zero-day vulnerability?
More informationBidirectional wireless communication between IBM Cloud and Bluetooth Low Energy peripherals through SimpleLink Wi-Fi
Bidirectional wireless communication between IBM Cloud and Bluetooth Low Energy peripherals through SimpleLink Wi-Fi 30.7B connected devices by 2020, 75.4B by 2025 Top IoT concerns Security Complex standards
More informationSecuring IoT applications with Mbed TLS Hannes Tschofenig Arm Limited
Securing IoT applications with Mbed TLS Hannes Tschofenig Agenda Theory Threats Security services Hands-on with Arm Keil MDK Pre-shared secret-based authentication (covered in webinar #1) TLS Protocol
More informationBlackVault Hardware Security Platform SECURE TRUSTED INTUITIVE. Cryptographic Appliances with Integrated Level 3+ Hardware Security Module
BlackVault Hardware Security Platform SECURE TRUSTED INTUITIVE Cryptographic Appliances with Integrated Level 3+ Hardware Security Module The BlackVault hardware security platform keeps cryptographic material
More informationMulti-Layered Security Framework for Metro-Scale Wi-Fi Networks
Multi-Layered Security Framework for Metro-Scale Wi-Fi Networks A Security Whitepaper January, 2004 Photo courtesy of NASA Image exchange. Image use in no way implies endorsement by NASA of any of the
More informationTLS 1.1 Security fixes and TLS extensions RFC4346
F5 Networks, Inc 2 SSL1 and SSL2 Created by Netscape and contained significant flaws SSL3 Created by Netscape to address SSL2 flaws TLS 1.0 Standardized SSL3 with almost no changes RFC2246 TLS 1.1 Security
More informationWF121: b/g/n module. Product Presentation
WF121: 802.11 b/g/n module Product Presentation Topics Key features Benefits WF121 overview The Wi-Fi software stack Evaluation tools Certifications Use cases Key features WF121: Key features 802.11 b/g/n
More informationSensor-to-cloud connectivity using Sub-1 GHz and
Sensor-to-cloud connectivity using Sub-1 GHz and 802.15.4 Nick Lethaby, IoT, Ecosystem Manager, Texas Instruments Agenda Key design considerations for a connected IoT sensor Overview of the Sub-1 GHz band
More informationTrusted Platform Modules Automotive applications and differentiation from HSM
Trusted Platform Modules Automotive applications and differentiation from HSM Cyber Security Symposium 2017, Stuttgart Martin Brunner, Infineon Technologies Axiom: Whatever is connected can (and will)
More informationeconet smart grid gateways: econet SL and econet MSA FIPS Security Policy
econet smart grid gateways: econet SL and econet MSA FIPS 140 2 Security Policy Level 2 Validation Document Version 0.5 Hardware Versions: ENSL2, ENSL5 and ENMSA2 Firmware Version: 3.2.1 FIPS Nexgrid,
More informationUnderstanding Traffic Decryption
The following topics provide an overview of SSL inspection, describe the prerequisites for SSL inspection configuration, and detail deployment scenarios. Traffic Decryption Overview, page 1 SSL Handshake
More informationCisco Desktop Collaboration Experience DX650 Security Overview
White Paper Cisco Desktop Collaboration Experience DX650 Security Overview Cisco Desktop Collaboration Experience DX650 Security Overview The Cisco Desktop Collaboration Experience DX650 (Cisco DX650)
More informationTransport Layer Security
CEN585 Computer and Network Security Transport Layer Security Dr. Mostafa Dahshan Department of Computer Engineering College of Computer and Information Sciences King Saud University mdahshan@ksu.edu.sa
More informationProtocols, Technologies and Standards Secure network protocols for the OSI stack P2.1 WLAN Security WPA, WPA2, IEEE i, IEEE 802.1X P2.
P2 Protocols, Technologies and Standards Secure network protocols for the OSI stack P2.1 WLAN Security WPA, WPA2, IEEE 802.11i, IEEE 802.1X P2.2 IP Security IPsec transport mode (host-to-host), ESP and
More informationCSCE 715: Network Systems Security
CSCE 715: Network Systems Security Chin-Tser Huang huangct@cse.sc.edu University of South Carolina Web Security Web is now widely used by business, government, and individuals But Internet and Web are
More informationInformation Security CS 526
Information Security CS 526 Topic 14: Key Distribution & Agreement, Secure Communication Topic 14: Secure Communication 1 Readings for This Lecture On Wikipedia Needham-Schroeder protocol (only the symmetric
More informationFrequently Asked Questions WPA2 Vulnerability (KRACK)
Frequently Asked Questions WPA2 Vulnerability (KRACK) Release Date: October 20, 2017 Document version: 1.0 What is the issue? A research paper disclosed serious vulnerabilities in the WPA and WPA2 key
More informationThe following chart provides the breakdown of exam as to the weight of each section of the exam.
Introduction The CWSP-205 exam, covering the 2015 objectives, will certify that the successful candidate understands the security weaknesses inherent in WLANs, the solutions available to address those
More informationNXP MICROCONTROLLER INNOVATION CLOUD CONNECTIVITY WITH AWS & LPC54018
NXP MICROCONTROLLER INNOVATION CLOUD CONNECTIVITY WITH AWS & LPC54018 JUNE 2018 PUBLIC AGENDA MCU Introduction Cloud Connectivity Applications and challenges we re solving together Introducing Amazon FreeRTOS
More informationMarket Trends and Challenges in Vehicle Security
Market Trends and Challenges in Vehicle Security FTF-AUT-F0080 Richard Soja Automotive MCU Systems Engineer A P R. 2 0 1 4 TM External Use Microcontrollers and Digital Networking Processors A Global Leader
More informationLecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005
Firewalls Lecture 33 Security April 15, 2005 Idea: separate local network from the Internet Trusted hosts and networks Intranet Firewall DMZ Router Demilitarized Zone: publicly accessible servers and networks
More informationEDGE COMPUTING & IOT MAKING IT SECURE AND MANAGEABLE FRANCK ROUX MARKETING MANAGER, NXP JUNE PUBLIC
EDGE COMPUTING & IOT MAKING IT SECURE AND MANAGEABLE FRANCK ROUX MARKETING MANAGER, NXP JUNE 6 2018 PUBLIC PUBLIC 2 Key concerns with IoT.. PUBLIC 3 Why Edge Computing? CLOUD Too far away Expensive connectivity
More informationYanzi IoT for Smart Buildings From Sensor to Cloud. Marie Lassborn, VP Cloud Operations Jfokus 2018
Yanzi IoT for Smart Buildings From Sensor to Cloud Marie Lassborn, VP Cloud Operations Jfokus 2018 1 WHAT IS YANZI? Analytics Conversions Storage Cloud Visualizations An IoT Solution for Smart Office Headquarter
More informationCyber security of automated vehicles
Cyber security of automated vehicles B. Steurich Infineon Technologies Conference Sep. 2017, Berlin Building blocks of automated driving: Cooperation of multiple system and disciplines Data Processing
More informationWi-Fi Security for Next Generation Connectivity. Perry Correll Aerohive, Wi-Fi Alliance member October 2018
Perry Correll Aerohive, Wi-Fi Alliance member October 2018 1 Value of Wi-F1 The value Wi-Fi provides to the global economy rivals the combined market value of Apple Inc. and Amazon. The fact that Wi-Fi
More informationKenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data
Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V3.0, MAY 2017 Multiple Layers of Protection Overview Password Salted-Hash Thank you
More informationTransport Layer Security
Transport Layer Security TRANSPORT LAYER SECURITY PERFORMANCE TESTING OVERVIEW Transport Layer Security (TLS) and its predecessor Secure Sockets Layer (SSL), are the most popular cryptographic protocols
More informationStandard For IIUM Wireless Networking
INTERNATIONAL ISLAMIC UNIVERSITY MALAYSIA (IIUM) Document No : IIUM/ITD/ICTPOL/4.3 Effective Date : 13/11/2008 1.0 OBJECTIVE Standard For IIUM Wireless Networking Chapter : Network Status : APPROVED Version
More informationThe Internet of Things. Steven M. Bellovin November 24,
The Internet of Things Steven M. Bellovin November 24, 2014 1 What is the Internet of Things? Non-computing devices...... with CPUs... and connectivity (Without connectivity, it s a simple embedded system)
More informationCISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline
CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker Learn to find security vulnerabilities before the bad guys do! The Certified Ethical Hacker (CEH) class immerses students in an interactive environment
More informationAN12120 A71CH for electronic anticounterfeit protection
Document information Info Keywords Abstract Content Security IC, IoT, Product support package, Secure cloud connection, Anti-counterfeit, Cryptographic authentication. This document describes how the A71CH
More informationNetwork Security. Thierry Sans
Network Security Thierry Sans HTTP SMTP DNS BGP The Protocol Stack Application TCP UDP Transport IPv4 IPv6 ICMP Network ARP Link Ethernet WiFi The attacker is capable of confidentiality integrity availability
More informationPayment Card Industry (PCI) PIN Transaction Security (PTS) Hardware Security Module (HSM) Evaluation Vendor Questionnaire Version 2.
Payment Card Industry (PCI) PIN Transaction Security (PTS) Hardware Security Module (HSM) Evaluation Vendor Questionnaire Version 2.0 May 2012 Document Changes Date Version Author Description April 2009
More informationInternet security and privacy
Internet security and privacy SSL/TLS 1 Application layer App. TCP/UDP IP L2 L1 2 Application layer App. SSL/TLS TCP/UDP IP L2 L1 3 History of SSL/TLS Originally, SSL Secure Socket Layer, was developed
More informationSharkFest 17 Europe. SSL/TLS Decryption. uncovering secrets. Wednesday November 8th, Peter Wu Wireshark Core Developer
SharkFest 17 Europe SSL/TLS Decryption uncovering secrets Wednesday November 8th, 2017 Peter Wu Wireshark Core Developer peter@lekensteyn.nl 1 About me Wireshark contributor since 2013, core developer
More informationDemonstration Lecture: Cyber Security (MIT Department) Trusted cloud hardware and advanced cryptographic solutions. Andrei Costin
Demonstration Lecture: Cyber Security (MIT Department) Trusted cloud hardware and advanced cryptographic solutions Topic Prerequisites Security concepts Security-related concepts (e.g., entropy) Virtualization
More informationmbed OS Update Sam Grove Technical Lead, mbed OS June 2017 ARM 2017
mbed OS Update Sam Grove Technical Lead, mbed OS June 2017 ARM mbed: Connecting chip to cloud Device software Device services Third-party cloud services IoT device application mbed Cloud Update IoT cloud
More informationSecuring Internet of things Infrastructure Standard and Techniques
Securing Internet of things Infrastructure Standard and Techniques Paper Author : Zubair A. Baig Name: Farooq Abdullah M.Sc Programming and Networks University of Oslo. Security internet of Things Standards
More informationInternet Security. - IPSec, SSL/TLS, SRTP - 29th. Oct Lee, Choongho
Internet Security - IPSec, SSL/TLS, SRTP - 29th. Oct. 2007 Lee, Choongho chlee@mmlab.snu.ac.kr Contents Introduction IPSec SSL / TLS SRTP Conclusion 2/27 Introduction (1/2) Security Goals Confidentiality
More informationSecurity SSID Selection: Broadcast SSID:
69 Security SSID Selection: Broadcast SSID: WMM: Encryption: Select the SSID that the security settings will apply to. If Disabled, then the device will not be broadcasting the SSID. Therefore it will
More informationDefeating All Man-in-the-Middle Attacks
Defeating All Man-in-the-Middle Attacks PrecisionAccess Vidder, Inc. Defeating All Man-in-the-Middle Attacks 1 Executive Summary The man-in-the-middle attack is a widely used and highly preferred type
More informationFrom wired internet to ubiquitous wireless internet
WlanSmartcard.org Technical Committee Wireless LAN A primer guide. Paris, February 5 th Pascal.Urien@enst.fr From wired internet to ubiquitous wireless internet 1 Classical intranet. Network access is
More informationCrypto meets Web Security: Certificates and SSL/TLS
CSE 484 / CSE M 584: Computer Security and Privacy Crypto meets Web Security: Certificates and SSL/TLS Spring 2016 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann,
More informationSSL/TLS Security Assessment of e-vo.ru
SSL/TLS Security Assessment of e-vo.ru Test SSL/TLS implementation of any service on any port for compliance with industry best-practices, NIST guidelines and PCI DSS requirements. The server configuration
More informationResilient IoT Security: The end of flat security models
Resilient IoT Security: The end of flat security models Xiao Sun Senior Application Engineer ARM Tech Symposia China 2015 November 2015 Evolution from M2M to IoT M2M Silos of Things Standards Security
More informationLogitech Advanced 2.4 GHz Technology With Unifying Technology
Logitech Advanced 2.4 GHz Technology Revision 070709 December 8, 2009 TABLE OF CONTENTS 1 INTRODUCTION: THE MOVE TO WIRELESS PERIPHERALS IN BUSINESS... 3 2 SYSTEM OVERVIEW... 4 2.1 NETWORK TOPOLOGY...4
More informationSSL/TLS Server Test of
SSL/TLS Server Test of www.rotenburger-gruene.de Test SSL/TLS implementation of any service on any port for compliance with PCI DSS requirements, HIPAA guidance and NIST guidelines. WWW.ROTENBURGER-GRUENE.DE
More informationChapter 5 Local Area Networks. Computer Concepts 2013
Chapter 5 Local Area Networks Computer Concepts 2013 5 Chapter Contents Section A: Network Building Blocks Section B: Wired and Wireless Technologies Section C: Network Setup Section D: Sharing Files Section
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet. SSL ensures the secure transmission of data between a client and a server through
More informationChapter 4: Securing TCP connections
Managing and Securing Computer Networks Guy Leduc Chapter 5: Securing TCP connections Computer Networking: A Top Down Approach, 6 th edition. Jim Kurose, Keith Ross Addison-Wesley, March 2012. (section
More informationSecure, cloud-based workflow, alert, and notification platform built on top of Amazon Web Services (AWS)
Technical Overview Secure, cloud-based workflow, alert, and notification platform built on top of Amazon Web Services (AWS) Copyright 2017 by Bluetooth SIG, Inc. The Bluetooth word mark and logos are owned
More informationWF-2402 Quick Installation Guide
WF-2402 Quick Installation Guide Netis 150Mbps Wireless-N Broadband Router 1. Check Your Package Contents The following items should be found in your package: 150Mbps Wireless-N Broadband Router Power
More informationA71CH for secure connection to AWS
Document information Info Content Keywords Security IC, IoT, PSP, AWS, Secure authentication Abstract This document describes how the A71CH security IC can be used to establish a secure connection with
More informationSeminar: Mobile Systems. Krzysztof Dabkowski Supervisor: Fabio Hecht
Personal Area Networks Seminar: Mobile Systems November 19th 2009 Krzysztof Dabkowski Supervisor: Fabio Hecht Agenda Motivation Application areas Historical and technical overview Security issues Discussion
More informationSecurity Setup CHAPTER
CHAPTER 8 This chapter describes how to set up your bridge s security features. This chapter contains the following sections: Security Overview, page 8-2 Setting Up WEP, page 8-7 Enabling Additional WEP
More informationSecurity Engineering. Lecture 16 Network Security Fabio Massacci (with the courtesy of W. Stallings)
Security Lecture 16 Network Security Fabio Massacci (with the courtesy of W. Stallings) Lecture Outline Network Attacks Attive Attacks Passive Attacks TCP Attacks Contermeasures IPSec SSL/TLS Firewalls
More informationAuthentication Technology for a Smart eid Infrastructure.
Authentication Technology for a Smart eid Infrastructure. www.aducid.com One app to access all public and private sector online services. One registration allows users to access all their online accounts
More informationSECURITY ON AWS 8/3/17. AWS Security Standards MORE. By Max Ellsberry
SECURITY ON AWS By Max Ellsberry AWS Security Standards The IT infrastructure that AWS provides has been designed and managed in alignment with the best practices and meets a variety of standards. Below
More informationThis ethical hacking course puts you in the driver's seat of a hands-on environment with a systematic process.
EC Council Certified Ethical Hacker V9 This ethical hacking course puts you in the driver's seat of a hands-on environment with a systematic process. Here, you will be exposed to an entirely different
More informationInternet of Things: Latest Technology Development and Applications
Internet of Things: Latest Technology Development and Applications Mr UY Tat-Kong Assistant Vice President Network Evolution Planning & Development 22 August 2014 Agenda Communication Technologies Development
More informationCourse 831 EC-Council Certified Ethical Hacker v10 (CEH)
Course 831 EC-Council Certified Ethical Hacker v10 (CEH) Duration: 5 days What You Get: CEH v10 Certification exam voucher 5 days of high quality classroom training 18 comprehensive modules 40% of class
More informationCoSign Hardware version 7.0 Firmware version 5.2
CoSign Hardware version 7.0 Firmware version 5.2 FIPS 140-2 Non-Proprietary Security Policy Level 3 Validation July 2010 Copyright 2009 AR This document may be freely reproduced and distributed whole and
More informationNew STM32WB Series MCU with Built-in BLE 5 and IEEE
New STM32WB Series MCU with Built-in BLE 5 and IEEE 802.15.4 Make the Choice of STM32WB Series The 7 keys points to make the difference 2 Open 2.4 GHz radio Multi-protocol Dual-core / Full control Ultra-low-power
More informationNetwork Security and Cryptography. 2 September Marking Scheme
Network Security and Cryptography 2 September 2015 Marking Scheme This marking scheme has been prepared as a guide only to markers. This is not a set of model answers, or the exclusive answers to the questions,
More informationWHITE PAPER. Secure communication. - Security functions of i-pro system s
WHITE PAPER Secure communication - Security functions of i-pro system s Panasonic Video surveillance systems Table of Contents 1. Introduction... 1 2. Outline... 1 3. Common security functions of the i-pro
More informationSSL/TLS Server Test of grupoconsultorefe.com
SSL/TLS Server Test of grupoconsultorefe.com Test SSL/TLS implementation of any service on any port for compliance with PCI DSS requirements, HIPAA guidance and NIST guidelines. GRUPOCONSULTOREFE.COM FINAL
More informationTinySec: A Link Layer Security Architecture for Wireless Sensor Networks. Presented by Paul Ruggieri
TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Chris Karlof, Naveen Sastry,, David Wagner Presented by Paul Ruggieri 1 Introduction What is TinySec? Link-layer security architecture
More informationVendor: HP. Exam Code: HP2-Z32. Exam Name: Implementing HP MSM Wireless Networks. Version: Demo
Vendor: HP Exam Code: HP2-Z32 Exam Name: Implementing HP MSM Wireless Networks Version: Demo QUESTION 1 A network administrator deploys several HP MSM APs and an HP MSM Controller. The APs discover the
More informationThe dark side of IOT. Francesco Zucca. Automation Instrumentation Summit Wireless Expert
Automation Instrumentation Summit - 2017 The dark side of IOT Francesco Zucca Wireless Expert 1 Agenda Introduction IIOT How to work WSN Typical hacker attack in WSN Issue with Drones Security Countermeasures
More informationCourse overview. CompTIA Security+ Certification (Exam SY0-501) Study Guide (G635eng v107)
Overview This course is intended for those wishing to qualify with CompTIA Security+. CompTIA's Security+ Certification is a foundation-level certificate designed for IT administrators with 2 years' experience
More informationPremiertek AP Mbps Wireless-N Broadband Router Quick Installation Guide
Premiertek AP2402 150Mbps Wireless-N Broadband Router Quick Installation Guide V1.0.8.11 1. Check Your Package Contents The following items should be found in your package: 150Mbps Wireless-N Broadband
More informationOverview of SSL/TLS. Luke Anderson. 12 th May University Of Sydney.
Overview of SSL/TLS Luke Anderson luke@lukeanderson.com.au 12 th May 2017 University Of Sydney Overview 1. Introduction 1.1 Raw HTTP 1.2 Introducing SSL/TLS 2. Certificates 3. Attacks Introduction Raw
More informationVMware, SQL Server and Encrypting Private Data Townsend Security
VMware, SQL Server and Encrypting Private Data Townsend Security 724 Columbia Street NW, Suite 400 Olympia, WA 98501 360.359.4400 Today s Agenda! Compliance, standards, and best practices! Encryption and
More informationAchieving a legacy cellular security level. Sonia CORRARD Avnet Silica Romain Tesnière Avnet Silica
Achieving a legacy cellular security level Sonia CORRARD Avnet Silica Romain Tesnière Avnet Silica The IoT Opportunity - Highest Growth in Industrial Building & Home Automation Industrial Automation Fire
More informationSecurity Specification
Security Specification Security Specification Table of contents 1. Overview 2. Zero-knowledge cryptosystem a. The master password b. Secure user authentication c. Host-proof hosting d. Two-factor authentication
More informationPCI DSS Compliance. White Paper Parallels Remote Application Server
PCI DSS Compliance White Paper Parallels Remote Application Server Table of Contents Introduction... 3 What Is PCI DSS?... 3 Why Businesses Need to Be PCI DSS Compliant... 3 What Is Parallels RAS?... 3
More informationSecuring IoT with the ARM mbed ecosystem
Securing IoT with the ARM mbed ecosystem Xiao Sun / Senior Applications Engineer / ARM ARM mbed Connect / Shenzhen, China December 5, 2016 Lots of interest in IoT security Researchers are looking into
More informationUNIK Building Mobile and Wireless Networks Maghsoud Morshedi
UNIK4700 - Building Mobile and Wireless Networks Maghsoud Morshedi IoT Market https://iot-analytics.com/iot-market-forecasts-overview/ 21/11/2017 2 IoT Management Advantages Remote provisioning Register
More informationMTAT Applied Cryptography
MTAT.07.017 Applied Cryptography Transport Layer Security (TLS) Advanced Features University of Tartu Spring 2016 1 / 16 Client Server Authenticated TLS ClientHello ServerHello, Certificate, ServerHelloDone
More informationCIS Controls Measures and Metrics for Version 7
Level 1.1 Utilize an Active Discovery Tool 1.2 Use a Passive Asset Discovery Tool 1.3 Use DHCP Logging to Update Asset Inventory 1.4 Maintain Detailed Asset Inventory 1.5 Maintain Asset Inventory Information
More informationInternet of Things. Internet of Everything. Presented By: Louis McNeil Tom Costin
Internet of Things Internet of Everything Presented By: Louis McNeil Tom Costin Agenda Session Topics What is the IoT (Internet of Things) Key characteristics & components of the IoT Top 10 IoT Risks OWASP
More informationIoT & SCADA Cyber Security Services
RIOT SOLUTIONS PTY LTD P.O. Box 10087 Adelaide St Brisbane QLD 4000 BRISBANE HEAD OFFICE Level 22, 144 Edward St Brisbane, QLD 4000 T: 1300 744 028 Email: sales@riotsolutions.com.au www.riotsolutions.com.au
More informationComing of Age: A Longitudinal Study of TLS Deployment
Coming of Age: A Longitudinal Study of TLS Deployment Accepted at ACM Internet Measurement Conference (IMC) 2018, Boston, MA, USA Platon Kotzias, Abbas Razaghpanah, Johanna Amann, Kenneth G. Paterson,
More informationMAXIMIZE YOUR IOT INVESTMENT WITH SCALABLE SOLUTIONS FROM AWS AND NXP
MAXIMIZE YOUR IOT INVESTMENT WITH SCALABLE SOLUTIONS FROM AWS AND NXP APR 2018 MARC GEBERT EMEA IOT SECURITY BD LEAD SENIOR DIRECTOR Secure Connections for the Smarter World Everything Smart Everything
More informationRenesas Synergy MCUs Build a Foundation for Groundbreaking Integrated Embedded Platform Development
Renesas Synergy MCUs Build a Foundation for Groundbreaking Integrated Embedded Platform Development New Family of Microcontrollers Combine Scalability and Power Efficiency with Extensive Peripheral Capabilities
More informationCourse 831 Certified Ethical Hacker v9
Course 831 Certified Ethical Hacker v9 Duration: 5 days What You Get: CEH v9 Certification exam voucher 5 days of high quality classroom training 18 comprehensive modules 40% of class hours dedicated to
More informationE-commerce security: SSL/TLS, SET and others. 4.1
E-commerce security: SSL/TLS, SET and others. 4.1 1 Electronic payment systems Purpose: facilitate the safe and secure transfer of monetary value electronically between multiple parties Participating parties:
More informationSmart Grid Embedded Cyber Security: Ensuring Security While Promoting Interoperability
Smart Grid Embedded Cyber Security: Ensuring Security While Promoting Interoperability Communications and Embedded Systems Department Southwest Research Institute Gary Ragsdale, Ph.D., P.E. August 24 25,
More information