Internet of Things Security Challenges & Risk Management Col Inderjeet Singh Director Smart Cities, Scanpoint Geomatics 12 May 2017
Progressing technologies toward 5G We are driving 4G and 5G in parallel to their fullest potential Advanced MIMO Carrier aggregation FeICIC Unlicensed spectrum 256QAM Enhanced CA Internet of Things FDD-TDD CA Massive/FD-MIMO 5G CoMP Device-to-device Shared broadcast SON+ Dual connectivity V2X Low latency Further backwards-compatible 4G enhancements Rel-10/11/12 LTE Advanced LTE Advanced Pro 2015 2020+ Note: Estimated commercial dates. Not all features commercialized at the same time 2
Scaling to connect the Internet of Things Scaling up in performance and mobility Scaling down in complexity and power LTE Advanced >10 Mbps LTE Cat-1 Up to 10 Mbps emtc (Cat-M1) Up to 1 Mbps NB-IOT (Cat-M2) 10s of kbps to 100s of kbps n x 20 MHz 20 MHz 1.4 MHz narrowband 180 khz narrowband LTE Advanced (Today+) LTE IoT (Release 13+) Mobile Video security Wearables Object Tracking Utility metering Environment monitoring Connected car Energy Management Connected healthcare City infrastructure Smart buildings Significantly widening the range of enterprise and consumer use cases 3
New NB-IOT design also part of 3GPP Release 13 Global standard for Low Power Wide Area applications based on licensed spectrum Scales even further in cost and power Narrower bandwidth (180 khz) Various potential deployment options incl. in-band within LTE deployment 1 Addresses a subset of IoT use cases Low data rate Up to 100s of kbps Higher density Massive number (10s of thousands) of low data rate things per cell Delay tolerant Seconds of latency Longer battery life Beyond 10 years of battery life for certain use cases Nomadic mobility No handover; cell reselection only Lower device cost Comparable to GPRS devices Sample use cases Extended coverage Deep indoor coverage, e.g. for sensors located in basements (>164 db MCL) Remote sensors Object Tracking Utility metering Smart buildings 4
Enhanced mobile broadband Ushering in the next era of immersive experiences and hyper-connectivity 3D/UHD video telepresence Tactile Internet UHD video streaming Demanding conditions, e.g. venues Higher throughput multi-gigabits per second Broadband fiber to the home Lower latency Significantly reduced e2e latency Virtual reality Uniform experience with much more capacity 5
Wide area Internet of Things Optimizing toward the goal to connect anything, anywhere Smart cities Smart homes Utility metering Wearables / Fitness Power efficient Multi-year battery life Remote sensors / Actuators Lower complexity Lower device and network cost Object tracking Longer range Deeper coverage 6
Higher reliability control Enabling new services with more reliable, lower latency communication links Autonomous vehicles Robotics Energy / Smart grid Industrial automation Higher reliability Significantly reduced packet loss rate Aviation Lower latency Significantly reduced e2e latency Medical Higher availability Multiple links for failure tolerance and mobility 7
IoT Changes Everything Driverless Cars Power by the Hour Contracts Connected Medicine Traffic Management Earthquake Detection Water Quality Monitoring Smart Power Grid Security and Access Control Fleet Management Electronic Payments Keyless Entry Connected Appliances Adaptive Shopping Experiences Agriculture Monitoring Machine to Machine Connection
Security as a % of IT Budget 2% 4% 7% 20 Billion+ devices? Source: Gartner: 2005 to 2015 2020
Customers looking for IoT security services #RSAC Source: Fortinet, May 2016
Threat Agents in the IoT Criminals Hacktivists Industrial Spies Nation States Terrorists Insiders Chaotic Actors & Vigilantes Regulators
Top Threats to the IoT (the short list) Regulatory and Legal Competitive Financial Internal Policy Privacy Data assurance Resource allocation Audit failures Skills shortages Failure to use big data effectively Market disruptors Unstable suppliers and partners Subscriber fraud and theft of service Social engineering (accounts info) Fines (regulatory vs SLA) Liability and insurance Standards vacuum
Evolving IoT Infrastructure #RSAC
Evolving IoT Infrastructure with Security #RSAC Micro-segmentation (by subscriber) Form factor: Virtual Micro-segmentation (by in-home service) Form factor: Virtual IoT wireless protocols are potentially vulnerable to following attacks: Sniffing network traffic Injection Tampering/forging Jamming Exhaustion of battery Collision and Unfairness (link layer) Greed, homing, misdirection, black holes (network layer) Flooding, desynchronization (transport layer)
IoT Attack Surface Area
IoT Security Requirements Authenticate to multiple networks securely. Ensure that data is available to multiple collectors. Manage the contention between that data access. Manage privacy concerns between multiple consumers. Provide strong authentication and data protection (integrity and confidentiality) that are not easily compromised. Maintain availability of the data or the service. Allow for evolution in the face of unknown risks.
IoT Transaction Use-case Energy Spot-market settlement Fuel currencies Micro-payments for utilities Food ordering Stored value and loyalty Pay as you go feed stock by inventory managers Automated prescription fulfillment P2P lending
Big Threat #1 Device to Device Attacks Infected/ compromised devices attack internally and externally Infected device enters the home and attacks adjacent devices which in turn launch attacks
Big Threat #2 IoT as the Weakest Link Social engineering in the IoT Compromise of one device leads to all adjacent systems Sabotage or privacy invasions Attack on information-rich devices Fetch patches = malware Personally Identifiable Info Malware Drop Messages pushed to device manager Upgrade now for your own safety Man-in-the-Middle or compromise Cloud IoT Cloud services
Big Threat #3 Interdependency and Complexity IoT ecosystem has many stakeholders and service providers at each point in the architecture Gateway Cascading impacts almost impossible to project or monitor Assumptions will fail Network Service function owner Gateway owner Gateway manager Gateway maker Supply chain 4 1 2 Network provider Network owner Network manager Cloud / DC Service tenant Equipment maker Supply chain Platform vendor End point Device user(s) 3 Software owner Software manager Infrastructure owner Infrastructure manage Device owner Device manager Device maker Supply chain Software vendor Platform owner Platform manager Infrastructure vendors Supply chain
#RSAC PARTIALLY WITH THE IOT DEVICES THEMSELVES. BUT MOSTLY WITH THE NETWORK. WHERE DO THE IOT SECURITY ANSWERS LIE?
End-to-End: IoT Security Reference Model #RSAC Control & Visibility End point Gateways Network Data Center and Cloud ViSercuritytServuices & Framewolrk ization Distributed Network Function Virtualization (D-NFV) Network Function Virtualization (NFV)
Thank You Contact Me on Social Media: Facebook: Technology Evangelist Twitter Handle: @InderBarara LinkedIn: InderBarara Blog: https://technologyevaneglist.wordpress.com/ Mobile: +919818005945 Email: inderjit.barara@gmail.com