Business Finance - Management Assignment 10

profilemepalacios3
Ppt8.pptx

INST560, Internet of Things (IoT)

UNIVERSITY OF NORTH AMERICA

Lecture 8: Winter 2022

Professor Aliakbar Jalali

[email protected]

1

Internet of Things Analytics and Security

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

Contents

2

Introduction

IoT Major Components

IoT Data Analytics

IoT Security

IoT User Interface

Conclusion

References

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

Introduction: Major Components of IoT + Security

+

IoT SECURITY

3

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

Introduction: IoT Data Analytics

4

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

Introduction: IoT Analytics

IoT Analytics is a leading global provider of market insights and strategic business intelligence for the IoT, AI, Cloud, Edge and Industry 4.0. 

IoT analytics is the application of data analysis tools and procedures to realize value from the huge volumes of data generated by connected Internet of Things devices.

The potential of IoT analytics is often discussed in relation to the Industrial IoT.

The IIoT makes it possible for organizations to collect and analyze data from sensors on manufacturing equipment, pipelines, weather stations, smart meters, delivery trucks and other types of machinery.

5

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

IoT Data Analytics

Data analytics in general is important because it helps businesses optimize their performances. Implementing it into the business model means companies can help reduce costs by identifying more efficient ways of doing business.

IoT analytic is important because the additional data provided by the Internet of Things not only enables organizations to generate real-time insights that benefit them in the present, but also helps them to foresee future business trends in advance.

6

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

IoT Data Analytics

7

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

IoT Data Analytics

IoT analytics is the process of converting analog data from billions of smart devices and sensors into useful insights which can be interpreted and used for detailed analysis.

Smart analytics solutions are inevitable for IoT system for management and improvement of the entire system.

https://www.rfpage.com/what-are-the-major-components-of-internet-of-things/

8

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

Why business and organizations are using IoT analytics:

Big enterprises use the massive data collected from IoT devices and utilize the insights for their future business opportunities.

Careful analysis will help organizations to predict trends in the market and plan ahead for a successful implementation.

Information is very significant in any business model and predictive analysis ensures success in concerned area of business line.

All of the above

8

IoT Data Analytics

One of the major advantages of an efficient IoT system is real time smart analytics which helps engineers to find out irregularities in the collected data and act fast to prevent an undesired scenario.  

Service providers can prepare for further steps if the information is collected accurately at the right time.

https://www.rfpage.com/what-are-the-major-components-of-internet-of-things/

9

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

IoT Data Analytics

Big enterprises use the massive data collected from IoT devices and utilize the insights for their future business opportunities.

Careful analysis will help organizations to predict trends in the market and plan for a successful implementation.

Information is very significant in any business model and predictive analysis ensures success in concerned area of business line.

The three main classes of IoT analytics: predictive analytics, real-time analytics and descriptive analytics.

https://www.rfpage.com/what-are-the-major-components-of-internet-of-things/

10

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

Major challenges in IoT data analytics

The primary challenge of IoT data is its real-time nature.

By 2025, 30% of all data will be real-time, with IoT accounting for nearly 95% of it, 20% of all data will be critical and 10% of all data will be hypercritical.

Analytics will have to happen in real-time for companies to benefit from these types of data.

11

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

3 Major Uses Cases of IoT Analytics

12

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

The primary element to apprehend approximately analytics on the Internet of Things is that it includes datasets generated by using sensors, that are now both reasonably-priced and sophisticated sufficient to support a reputedly countless style of use cases.

The capacity of sensors lies in their capability to acquire records approximately the bodily environment, that may then be analyzed or combined with other kinds of information to stumble on styles.

12

https://www.rfpage.com/what-are-the-major-components-of-internet-of-things/

13

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

IoT Analytics: Customer Product Utilization Analysis for Marketing

14

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

The IoT has the potential to completely rewrite how businesses consider their customers.

One way in which this is occurring already is by reading facts approximately. How clients use a commercial enterprise’s internet-connected products.

By using manners, for example, take the subsequent dashboard from birst. A developer of self-carrier and guided analytics solutions:

That connected espresso makers transmit information to the producer about what number of pots of espresso a purchaser is brewing in line with day.

This statistics can then correlate with social media statistics to determine whether or not customers who brew more espresso are more likely to actively discussing the emblem on social media. Additionally, the seller can see whether or not versions in the quantity of espresso brewed by way of clients corresponding to the number of coffee drugs also bought with the aid of the seller.

14

Topics for Internet of Things Analytics

Real-time data processing and analysis for IoT applications

Machine learning techniques for predicting IoT device failures and malfunctions

Data visualization and reporting tools for IoT analytics

Edge computing and distributed analytics for IoT systems

Predictive maintenance and quality control in manufacturing using IoT analytics

Smart city applications of IoT analytics, such as traffic management and energy optimization

Privacy and ethical considerations in IoT analytics

15

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

What is "IoT Analytics"

IoT Analytics is the practice of collecting, processing, analyzing, and deriving insights from the data generated by IoT devices.

With the rapid proliferation of connected devices, such as sensors, smart appliances, and wearables, there is an enormous amount of data being generated in real-time.

IoT Analytics helps to make sense of this data and extract valuable insights that can be used to improve business operations, enhance customer experiences, and drive innovation.

16

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

IoT Analytics Techniques

IoT Analytics involves the use of various data analysis techniques, such as data mining, machine learning, and artificial intelligence, to identify patterns, detect anomalies, and make predictions based on the data collected from IoT devices.

These insights can be used to optimize performance, improve efficiency, and reduce costs across a wide range of industries, including manufacturing, healthcare, transportation, and energy.

17

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

IoT Analytics Platforms

IoT Analytics platforms typically provide a range of tools and capabilities for data collection, storage, processing, visualization, and reporting, as well as integration with other systems and applications.

Some popular IoT Analytics platforms include AWS IoT Analytics, Microsoft Azure IoT Analytics, and IBM Watson IoT Analytics.

18

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

What is Real-Time Data Analytics

Real-time analytics solutions based on the innovative streaming database support complex query and analysis operations.

You can query materialized views with simple SQL statements to gain real-time data insights, leverage data value, and make instant business decisions.

Real-time analytics are already being used in a wide range of business applications, including cracking down on fake news and helping police make cities safer.

Real-time applications of IoT are Healthcare, Industrial Use, Smart Homes, Smart City, Agriculture, Smart Supply Chain, Retail Purpose and Transportation.

Smart city applications of IoT analytics, such as traffic management and energy optimization.

Privacy and ethical considerations in IoT analytics.

19

https://www.youtube.com/watch?v=kQV8XAPLFxo

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

How machine learning can be used in IoT?

Machine learning techniques for predicting IoT device failures and malfunctions.

Machine learning for IoT can be used to project future trends, detect anomalies, and augment intelligence by ingesting image, video and audio.

Machine learning can help demystify the hidden patterns in IoT data by analyzing massive volumes of data using sophisticated algorithms.

20

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

How is data visualization used in IoT?

IoT visualization tools help humans comprehend the volume, velocity, variety, and veracity of IoT data being ingested by IoT analytics platforms.

Visual metaphors are an easily consumed, universal language that is significantly more effective at conveying information than text alone.

21

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

What is edge analytics in IoT?

Edge analytics is the process of analyzing data and finding solutions at the edge, where data is collected via smart devices and IoT sensors.

22

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

Analytical IoT challenges

Data Collection: The sheer volume of data generated by IoT devices can be overwhelming, making it a challenge to collect and store data efficiently.

Data Quality: The data generated by IoT devices may be incomplete, inaccurate, or inconsistent.

Real-Time Analytics: IoT devices generate data in real-time, which means that the analytics must also be performed in real-time to be effective.

Security: IoT devices are often connected to a network, which makes them vulnerable to cyber attacks.

Integration with Legacy Systems: Many organizations have legacy systems that may not be compatible with IoT devices or analytical IoT systems.

Scalability: As the number of IoT devices continues to grow, analytical IoT systems must be able to scale to accommodate the increasing amount of data generated.

Interpretation and Visualization: Analyzing large amounts of data generated by IoT devices can be challenging, and interpreting the data in a meaningful way may require specialized skills.

23

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

Introduction: IoT Security

IoT security is the practice that keeps your IoT systems safe.

IoT security tools protect from threats and breaches, identify and monitor risks and can help fix vulnerabilities.

IoT security ensures the availability, integrity, and confidentiality of your IoT solution.

All the major components of IoT including hardware, software and connectivity will all need to be secure for IoT objects to work effectively.

Without security for IoT, any connected object, from refrigerators to manufacturing bots, can be hacked. main

24

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

Major Components of Internet of Things

+

IoT SECURITY

25

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

Introduction: IoT Security

The U.S. Department of Defense has promulgated the Five Pillars of Information Assurance model that includes the protection of confidentiality, integrity, availability, authenticity, and non-repudiation of user data.

It is important to not only secure the endpoints & networks but also the data which is transferred across the network by creating a security paradigm.

To protect IoT devices and platforms, security technologies will be required for both information attacks and physical damaging, to encrypt their communications, and to address new challenges.

The business world of tomorrow needs IoT Data Analytics.

26

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

Introduction to IoT Security (1/6)

27

https://docs.paloaltonetworks.com/iot/iot-security-admin/iot-security-overview/introduction-to-iot-security

IoT Security is an on-demand cloud subscription service designed to discover and protect the growing number of connected “things” on your network.

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

Introduction to IoT Security (2/6)

IoT security is the practice that keeps your IoT systems safe.

IoT security tools protect from threats and breaches, identify and monitor risks and can help fix vulnerabilities.

IoT security ensures the availability, integrity, and confidentiality of your IoT solution.

Unlike IT devices such as laptop computers that perform a wide variety of tasks, IoT devices tend to be purpose-built with a narrowly defined set of functions.

As a result, IoT devices generate unique, identifiable patterns of network behavior.

Using machine learning and AI, IoT Security recognizes these behaviors and identifies every device on the network, creating a rich, context-aware inventory that’s dynamically maintained and always up to date.

28

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

Introduction to IoT Security (3/6)

After it identifies a device and establishes a baseline of its normal network activities, it continues monitoring its network activity so it can detect any unusual behavior indicative of an attack or breach.

If it detects such behavior, IoT Security notifies administrators through security alerts in the portal and, depending on each administrator’s notification settings, through email and SMS notifications.

IoT Security also uses those behaviors and device identities to automatically generate security policy rule recommendations that allow IoT devices to continue doing normal network activities and block them from doing anything unusual.

Panorama or next-generation firewalls can then import these policy rules and enforce them.

29

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

Introduction to IoT Security (4/6)

The firewall collects metadata from the network traffic of IoT devices, generates Enhanced Application logs (EALs), and forwards them to the logging service.

The IoT Security cloud then extracts metadata from these logs for analysis and employs AI and machine-learning algorithms to detect and identify IoT devices using its patented three-tier deep-learning engine:

Tier 1: Device category

IoT Security first identifies the category to which an IoT device belongs. For example, it might identify network behaviors common to all security cameras.

30

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

Introduction to IoT Security (4/6)

Tier 2: Device profile

IoT Security next constructs a profile of the device, learning its vendor, make, and model. For example, it might discover that the camera behaves in ways that uniquely identify it, such as checking a particular server for software updates for example.

Tier 3: Device instance

IoT Security continues its analysis until it discerns behaviors unique to a specific instance of the identified security camera.

31

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

Introduction to IoT Security (5/6)

IoT Security looks at over 200 parameters in network traffic metadata, including DHCP option 55 parameter lists, HTTP user agent IDs, protocols, protocol headers, and a host of others.

It matches the network traffic patterns of new devices with those of previously identified devices to identify the same types or similar types of devices, even those it is encountering for the first time.

Depending on various factors such as how much network traffic IoT devices generate and how varied their behavior patterns are, IoT Security typically identifies most IoT devices with a high level of confidence during the first day it starts accessing metadata from the logging service.

After that, IoT Security continues to increase the number of confidently identified devices until it identifies all or nearly all of them.

During this time, you can log in to the IoT Security portal to check that the device inventory is being populated and monitor its progress.

32

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

Introduction to IoT Security (6/6)

In addition to using machine learning (ML) to observe network traffic and extract various attributes to identify devices and detect anomalous behaviors, IoT Security employs an ML-based model to check for SQL content injected into HTTP URLs, a technique commonly used in SQL vulnerability exploits.

By using an ML-based model instead of a model based on rules, IoT Security can find certain patterns of injected SQL content even without specific signatures.

33

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

Topics for Internet of Things Security

Best practices for securing IoT devices and networks

Secure communication protocols for IoT systems

Authentication and access control mechanisms for IoT devices

Cyber threat detection and prevention in IoT systems

IoT security in healthcare applications, such as patient monitoring and medical devices

Legal and regulatory frameworks for IoT security and privacy

The role of blockchain in securing IoT systems.

34

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

What is "IoT Security"

IoT security refers to the practice of safeguarding the connected devices, networks, and data involved in IoT systems from cyber threats and unauthorized access.

With the proliferation of IoT devices in homes, workplaces, and public spaces, the need for robust security measures to protect sensitive information and prevent cyber-attacks has become increasingly critical.

35

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

What is "IoT Security"

Some of the main challenges in implementing effective IoT security include the large number of diverse devices, the lack of standardization in security protocols, and the difficulty of updating and patching devices with security vulnerabilities.

As a result, there is a growing need for industry-wide collaboration and standardization in IoT security practices and technologies to ensure that IoT systems can be trusted and secure.

36

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

IoT Security Technologies

IoT security involves a range of technologies and practices aimed at protecting IoT devices, networks, and data from a wide range of cyber threats, including malware, phishing attacks, denial-of-service attacks, and hacking attempts.

These measures can include secure communication protocols, encryption, access control, user authentication, intrusion detection and prevention systems, and regular software updates.

37

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

Best practices to improve your IoT security

Track and manage your devices.

Consider patching and remediation efforts.

Update passwords and credentials.

Use up-to-date encryption protocols.

Conduct penetration testing or evaluation.

Understanding your endpoints.

Segment your network.

Use multi-factor authentication.

38

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

What are the protocols for secure communications?

Maintaining the communication secure and reliable, there is a need of identifying the protocols against the requirement of the application and attacks on IoT devices and most important producing a defense mechanism against them.

For maintaining and building this complex network, there is a requirement of architecture.

Cryptographic protocols provide secure connections, enabling two parties to communicate with privacy and data integrity.

The Transport Layer Security (TLS) protocol evolved from that of the Secure Sockets Layer (SSL).

39

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

What are the authentication mechanisms for IoT devices?

For servers, the answer is to program their firmware with an endpoint to which IoT devices will connect and a public certificate for either the server itself or an appropriate CA.

The IoT devices are then programmed to trust this server certificate.

40

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

What are threats and security in IoT?

This could include accessing private information, stealing money or data, or attacking critical infrastructure systems.

IoT security threats come in a variety of forms, from simple password breaches to more sophisticated attacks that exploit vulnerabilities in IoT devices.

41

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

What is privacy and security in IoT?

Internet of Things privacy is the special considerations required to protect the information of individuals from exposure in the IoT environment, in which almost any physical or logical entity or object can be given a unique identifier and the ability to communicate autonomously over the Internet or similar network.

42

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

What are IoT Security challenges

IoT challenges" refer to the various difficulties and obstacles that arise during the implementation, deployment, and operation of IoT systems including Security, Interoperability, Scalability, Power Consumption, Data Management, Privacy, Cost and Regulatory Compliance.

43

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

IoT Security

The Internet of Things has immense potential to change the world, but its design is full of flaws that put at risk security and privacy.

As all-new areas of life are connected to digital networks, those areas are exposed to cyberattacks from entirely new angles.

However, that immense potential carries with its immense risk, much research has been done to identify these weaknesses.

44

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

IoT Security

In order to prevent these harms and bring the potential gains into reality, significant effort must be put into protecting security and privacy.

We should know the nature of security and privacy, the current weaknesses in the IoT field, real-world security and privacy.

45

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

IoT Security/Privacy Weaknesses

Poor Cybersecurity Design

More and more devices are gaining network functionality that were nowhere near the Internet before. While this creates immense potential for gains, it also means that many IoT devices are being built by companies with little to no cybersecurity experience.

The result, as expected for beginners, is a host of severe fundamental cybersecurity flaws:

Unnecessary Open Ports

No Transport Encryption

Backdoors

Insecure Root Accounts

No Strong Password Mandate or even Password Change Mandate

46

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

IoT Security/Privacy Weaknesses

Limited Resources

IoT devices are not meant to perform the tasks of a full computer but connect to a network & enhance the device’s primary functionality.

As a result, IoT devices are built with far less processing power, energy, memory, and communications bandwidth than traditional computers.

While it’s obviously unreasonable to expect smart lightbulbs to have the capacity of a desktop tower, the current situation renders many standard cybersecurity techniques effectively unusable

Traditional cybersecurity strategies were developed with resource-rich standard computers in mind.

IoT devices and cybersecurity must meet in the middle, improving hardware and developing lighter weight variants of cybersecurity mainstays.

47

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

IoT Security/Privacy Weaknesses

Financial Incentives

IoT device developers may have significant financial incentive not to make the needed improvements; security costs money, which raises the price of their products, meaning their competitors can undercut them.

It’s in their interest to reduce the complexity and time-to-market of their devices, especially low-margin high-volume devices, such as smart lightbulbs.

Security and privacy can be selling points, but that requires a certain level of security consciousness in the general public, which is often lacking for new fields like IoT; after all, who ever heard of hacking a lightbulb?

Unfortunately, public security consciousness usually only increases after a highly public security breach.

48

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

IoT Security/Privacy Weaknesses

Frustrating Security Management

Not only do many IoT devices have insufficient security, but they also often make it overly difficult to manage the security they do have.

Many IoT devices offer users little ability to see “backstage” and review its functionality.

This makes it difficult to keep track of data collection or the warning signs of a compromise.

Devices have also been built in a way that makes updating or upgrading almost impossible.

Example: Fiat issued a recall of 1.4 million cars due to a security flaw.

The bug could only be patched by either taking the car to the dealership or doing it yourself with a USB.

This no doubt led many to simply ignore it, as nothing was visibly wrong with the car.

49

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

IoT Security/Privacy Weaknesses

IoT Heterogeneity

IoT is a relatively young field, with several technical factors that prevent direct importation of proven cybersecurity standards.

This lack of standards has resulted in a vast, incoherent patchwork of different IoT hardware and software, impeding the development of effective security solutions.

Further, the lack of standards has led to a wide array of closed-source “black box” systems, creating more security development problems as well as encouraging “security through obscurity” policies, which have long been discredited.

Mismatching systems also compromise security due to overlaps and unnecessary ports increasing the attack surface.

50

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

IoT Security/Privacy Weaknesses

Insufficient Privacy Focus

IoT devices have unprecedented omnipresence and reach, making them massive potential threats to privacy. Despite this, there is not enough emphasis on privacy protection in the field today.

This is not a IoT specific issue; many tech engineers neglect privacy or don’t consider it part of their job.

It’s particularly dangerous in IoT, however, because IoT has so much potential as a threat to privacy.

IoT must embrace privacy by design, where privacy is considered from day one and privacy-enhancing measures are built into the foundations.

51

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

What is trust in IoT?

Trust is the oxygen which will breathe life into the internet of things.

Industry needs to show data is safe and that it is properly treated.

Otherwise, we endanger the potential of the IoT

52

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

Security Best Practices (1/4)

Securing the network involves all the protocols, technologies, devices, tools, and techniques that secure data and mitigate threats.

Network security is largely driven by the effort to stay one step ahead of ill-intentioned hackers.

Just as medical doctors attempt to prevent new illnesses while treating existing problems, network security professionals attempt to prevent potential attacks while minimizing the effects of real-time attacks. Networks are routinely under attack.

53

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

Security Best Practices (2/4)

It is common to read in the news about yet another network that has been compromised.

Security policies, procedures, and standards must be followed in the design of all aspects of the entire network.

This should include the cables, data in transit, stored data, networking devices, and end devices.

Some security best practices are listed in the next slide.

54

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

Security Best Practices (3/4)

55

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

Security Best Practices (4/4)

56

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

Physical Security (1/3)

Today’s data centers store vast quantities of sensitive, business-critical information; therefore, physical security is an operational priority.

Physical security not only protects access to the premises, but also protects people and equipment.

For example, fire alarms, sprinklers, seismically-braced server racks, and redundant heating, ventilation, and air conditioning (HVAC) and UPS systems are in place to protect people and equipment.

57

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

Physical Security (2/3)

Figure one shows a representation of a data center.

Physical security within the data center can be divided into two areas, outside and inside.

Outside perimeter security - This can include on-premise security officers, fences, gates, continuous video surveillance, and security breach alarms.

Inside perimeter security - This can include continuous video surveillance, electronic motion detectors, security traps, and biometric access and exit sensors.

Security traps provide access to the data halls

Figure one

58

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

Physical Security (3/3)

Security traps provide access to the data halls where data center data is stored. As shown in Figure 2, security traps are like an air lock. A person must first enter the security trap using their badge ID proximity card. After the person is inside the security trap, facial recognition, fingerprints, or other biometric verifications are used to open the second door. The user must repeat the process to exit the data hall.

Figure 3 displays the biometric requirements at the Cisco Allen Data Center, in Allen, Texas.

Figure 3

Figure 2

59

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

Data Center Physical Security

60

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

Challenges of Securing IoT devices (1/2)

IoT devices are developed with the necessary network connectivity capabilities but often do not implement strong network security.

Network security is a critical factor when deploying IoT devices. Methods must be taken to ensure the authenticity, integrity, and security of the data, the path from the sensor to the collector, and the connectivity to the device.

Click the plus signs to learn more about the factors that impact network security in the IoT.

61

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

Challenges of Securing IoT devices (2/2)

62

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

Safe Wi-Fi Usage (1/3)

Wireless networks are popular in all types and sizes of businesses because they are easy to set up and convenient to use. For employees and guests, the company needs to deliver a wireless experience that enables mobility and security.

If a wireless network is not properly secured, hackers within range can access it and infiltrate the network.

The figure outlines the steps to take to help to protect a wireless network. Select each step for more information.

63

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

Safe Wi-Fi Usage (2/3)

64

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

Safe Wi-Fi Usage (3/3)

65

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

Protected Devices (1/2)

66

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

Protected Devices (2/2)

67

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

Top 10 IoT vulnerabilities

Weak, guessable, or hardcoded passwords. ...

Insecure network services. ...

Insecure ecosystem interfaces. ...

Lack of secure update mechanisms. ...

Use of insecure or outdated components. ...

Insufficient privacy protection. ...

Insecure data transfer and storage. ...

Lack of device management.

Insecure default settings

Lack of physical hardening

networkworld.com/article/3332032/top-10-iot-vulnerabilities.html

68

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

Security in IoT vs IT

IoT applications require a stricter security due to potential to cause injury and drastic accidents leading to fatalities.

69

https://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/

https://www.forbes.com/sites/leemathews/2021/02 /15/florida-water-plant-hackers-exploited-oldsoftware-and-poor-password-habits/

https://courses.sidnlabs.nl/ssi-2022/slides/lecture2.pdf

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

Components of IoT Security

70

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

IoT Security Challenges

Several of the areas within the topic of security that the Internet of Things intersects, there's of course, cyber security related to the IoT devices themselves.

Trying to secure those devices from intrusion and trying to secure networks from the IoT devices that are connected to them.

Both IoT device manufacturers and network operators consider how to reduce and secure their attack surfaces or entry points.

They also consider how to mitigate attack vectors or paths that an attacker might take once compromising an initial system.

Then how devices on the network might interact with one.

71

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

IoT Security Challenges

Another topic is data privacy and sovereignty this touches upon keeping valuable information out of the wrong hands.

This of course overlaps with Regulatory Compliance issues which are increasingly on people's minds today.

IoT devices themselves might need to be secured from theft or they are often used to secure other assets from theft.

So, we think of like asset trackers or vehicle trackers things like that, those are trying to secure other assets from theft.

Additionally, IoT devices often play a role in securing a physical premises we think.

72

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

IoT Security Challenges

We can think of Access Control Systems alarm systems Etc.

Moreover, there are sometimes inner various interactions between these different areas of security.

For example, an IoT device that uses a GPS receiver or camera for assisting with asset security, might necessitate certain privacy requirements because of the sensitive nature of some of the data that's being gathered, and the premises that's protected by an Internet connected device might be concerned with the cyber security of, for example, the door access or alarm systems.

73

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

IoT Security Challenges

You know, nobody wants like in the movies a theatrical hacker bank heist to come in and take down their business's physical security.

So, these because of IoT’s role in some of these systems, and some of the unique aspects of IoT, often there are interactions between these various areas.

So, because of some of the uniqueness of IoT, there are various challenges and opportunities.

74

Components of Security

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

IoT Security Challenges

So compared to Conventional Computer and Network Security, the Internet of Things is unique in several security topics, but other topics become basically magnified in their importance because of IoT.

There are several challenges that people face when it comes to IoT security.

This is what we often hear about too everyone's talking about how bad IoT security is, or whatever, and have been for years.

75

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

IoT Security Challenges

So, let's talk about some of these challenges.

Sometimes devices are resource constrained, or they have intermittent connectivity, or are in even remote locations, these can make it very difficult to be able to update devices with security patches.

If a device isn't always connected and the latest patch comes out or if it's in a remote location or connected for a few seconds, it can be hard to roll out some sort of a software update.

76

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

IoT Security Challenges

Additionally, IoT devices are often running software much different than a conventional computer or mobile device and their use cases present unique needs and unique risks.

So. Network operators can often be unaware of the nuances of the individual IoT devices that are on their networks, and IoT device manufacturers do not always know about other systems that will be present on the same network as their devices.

This lack of understanding and coordination between like IoT device makers, Network operators, other IoT device makers that might be on the same network, that can really undermine a security program ultimately.

77

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

IoT Security Challenges

In the case of wearables, devices are always on, and they're always on you, and they're Gathering potentially sensitive data such as location, Health vitals notifications Etc.

This makes the data potentially very personal that device is collecting and that's traversing the network it's connected to, and unlike conventional computers that you know maybe collect dust on a desk somewhere connected vehicles and Internal medical devices present unique security challenges and considerations, because human safety is also affected by their unimpeded operation and integrity.

So, when your heart know is connected to the internet, hackers hacking your bank, might be the least of your worries because your kind of walking around thinking is this device inside of me secure, and what happens if it gets intruded.

78

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

IoT Security Challenges

Connected home devices, you know, these could become something almost like a big brother, they could be listening in, or they could give hackers control of heating systems appliances security systems, door locks Etc.

So, with IoT we're essentially connecting a computer to some sort of an actuator that allows the computer to act upon people or the physical environments around.

So, we need to consider that those actuators could become the hands and feet of an attacker and that's essentially the gist of why there are some unique considerations with IoT security, because IoT security really intersects physical security and sometimes human safety.

79

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

IoT Security Challenges

An example of IoT becoming an attack Vector, for further attacks, for instance occurred when one retail Giant, had their credit card data stolen from their cash registers, after hackers had first obtained unauthorized access to their HVAC system.

So, you know I bet you that the credit card processor and the HVAC company both claimed very much surprised, that their equipment existed on the same score networks, and were exposed to one another, and probably we're trying to point fingers at each other too, about how they could have secured the devices better.

So, that kind of gets into just one of the aspects of IoT device security that I think is important to keep in mind.

80

HVAC (Heating, Ventilation, and Air Conditioning)

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

IoT Security Challenges

That is isolation, is an important goal, isolating IoT devices from other devices on a network, Including other IoT devices is important for reducing these attack vectors.

The problem is that this can really require significant coordination and mutual understanding between vendors and IT, in the cases of general purpose hardwired or inbuilding wireless networks.

You can tack on intrusion detection systems on these networks to try to detect anomalies, but at the end of the day, if the network operator doesn't understand it has a general-purpose Network, that's largely wide open, and doesn't understand the unique needs of the IoT devices.

81

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

IoT Security Challenges

The IoT device manufacturers aren't communicating those back, that can be a problem.

So of course, purpose-built cellular IoT networks can be a solution that can be a great way to basically take your devices, isolate them, place them on networks that are purpose built for IoT, and not put them on general purpose, like local building networks.

If a device has its own cellular connectivity bundled inside of it for example, the IT departments and IoT device manufacturers don't necessarily have to trust one another, because they're not using the same networks to begin with.

82

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

IoT Security Challenges

So, that kind of takes us into other areas for opportunities, for Innovation, unfortunately you know as we usually hear about these worst-case scenarios, the badness of IoT security, or the challenges.

Those conversations don’t really do IoT justice, for how IoT can actually play an important role in enhancing the lives of people.

This includes enhancing their security and safety.

The ubiquity of IoT, which can present security challenges also means that IoT has a unique viewpoint on our environments, and lives.

83

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

IoT Security Challenges

For example, connected alarms connected smoke detectors, these are simple examples, but you know it's very easy to imagine how these improve lives Safety.

Security they can automatically dispatch Emergency Services shave off critical response times Etc.

So, you know these are examples that were really used to.

They're common examples in our environments of IoT, even though it's a connected device, it's in our environment, it's enhancing our Lives, we might not even think of those at times.

84

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

IoT Security Challenges

Moreover at least, once you get past, like basic level security like firewalling, isolation keeping systems patched, things like that, many cyber security incidents, can actually be prevented if there’s additional context available during authentication and authorization.

So, everyone's probably familiar with like two-factor authentication for example, where we're using our phone, or a little code generator, and when we log into a bank, we log into our email, we're presented with a prompt for a password, but also this two-factor auth code right, that's a perfect example of this idea of having additional context.

So, in the case of two-factor authentication, you pair something you know like a password with something you have like a phone or a code generator.

So that A system can differentiate between a mirror imposter, who stole your password from the actual you, okay.

So, kind of taking this a little further and back to IoT, here's a really interesting example that I like.

85

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

IoT Security Challenges

So, from at least, as back as at least as early as 2016 possibly, a little bit earlier than that, some banks started looking at consumer cellular providers, to see if they could coordinate their data, their intense amounts of data, about consumer Behavior, to help prevent credit card fraud.

They realized that, can the consumer usually have their phone on them, or near them, and that even knowing that Rough Country, or rough area of a cell tower that a person's phone was connected to, at the time of a credit card transaction.

Having that information, it could be very useful context, with that additional location context, Banks could compare that to the location of a merchant, and basically get a very good sense of if this transaction looked like that of a stolen card, or card number or is it occurring somewhere in the vicinity of where this consumer is located.

86

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

IoT Security Challenges

So that's like a simple example its more consumer based.

Let's think of what IoT devices offer us Beyond location awareness.

So even just with location awareness a lot of security enhancements can be made.

A home can know if its owner has returned, and a stolen vehicle can be located easily but IoT devices often collect other types of data from various onboard sensors.

IoT is ubiquitous, and IoT is collecting vast amounts of data, and that's only increasing, so the amount of data that IoT generates on us our environments, used intelligently presents a huge opportunity to enhance security and safety by adding this contextual awareness, by knowing what's going on in an environment or with an individual, we can build solutions that improve and enhance lives.

Anomalous Behavior can be better detected with this context, which can be used to help detect and mitigate even zero-day vulnerabilities, emergent threats that are not yet discovered.

87

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

Major Components of IoT – User Interface

+

IoT SECURITY

88

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

IoT User interfaces

User interfaces are the visible, tangible part of the IoT system which can be accessible by users.

Designers will have to make sure a well-designed user interface for minimum effort for users and encourage more interactions.

https://www.rfpage.com/what-are-the-major-components-of-internet-of-things/

89

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

User interfaces aren’t the visible, tangible part of the IoT system which can be accessible by users.

True

False

89

User interfaces

Modern technology offers much interactive design to ease complex tasks into simple touch panels controls.

Multicolor touch panels have replaced hard switches in our household appliances and the trend is increasing for almost every smart home devices.

https://www.rfpage.com/what-are-the-major-components-of-internet-of-things/

90

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

User interfaces

User interface design has higher significance in today’s competitive market, it often determines the user whether to choose a particular device or appliance.

Users will be interested to buy new devices or smart gadgets if it is very user friendly and compatible with common wireless standards.

https://www.rfpage.com/what-are-the-major-components-of-internet-of-things/

91

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

Users will be interested to buy new devices or smart gadgets if it is very

User friendly

Compatible with common wireless standards

user friendly and compatible with common wireless standards

None of the above

Which one is NOT an example of user interface?

Smartphone

www - web pages

Gateway

Your PC

91

Conclusions

The IoT will fundamentally reshape our lifestyles and social relationships.

The effect on the economy is already tangible, even if the IoT is still in its infancy.

The task for policymakers is thus to create an environment which helps the IoT realize its full potential for the benefit of the whole of society.

The correct solutions for IoT security and privacy depends on the size of ecosystems that you are designing and what kind of connections, data and devices are involved.

Use secured connections if the IoT data in ecosystem is sensitive.

This present is focused with fundamental aspects of the privacy and security issues in IoT Ecosystems.

92

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

References and Videos

Model-driven development of user interfaces for IoT systems via domain-specific components and patterns

https://jisajournal.springeropen.com/articles/10.1186/s13174-017-0064-1

IoT Security Challenges (12 min)

https://www.youtube.com/watch?v=zl2ZbdSeQVY&t=171s

IoT Security Is Still Way Behind(22 min)

https://www.youtube.com/watch?v=pKfDqI92hws

Fredric Paul, ”Top 10 IoT vulnerabilities”, Network World, 2019 https://networkworld.com/article/3332032/top-10-iot-vulnerabilities.html

Help Net Security, “Flaws in the design of IoT devices”, May 7, 2019 https://www.helpnetsecurity.com/2019/05/07/iot-design-flaws-identified/

Lecture #2: IoT security risks and challenges

https://courses.sidnlabs.nl/ssi-2022/slides/lecture2.pdf

93

/59

UoNA-ST560-Winter - 2023, Internet of Things (IoT)

image1.png

image2.png

image3.png

image4.jpeg

image5.png

image6.jpeg

image7.jpeg

image8.jpeg

image9.png

image10.jpeg

image11.jpeg

image12.jpeg

image13.jpeg

image14.png

image15.png

image16.png

image17.png

image18.png

image19.jpeg

image20.jpeg

image21.png

image22.png

image23.png

image24.png

image25.png

image26.png

image27.png

image28.png

image37.png

image38.png

image39.png

image40.png

image29.png

image30.png

image31.png

image32.png

image33.png

image34.png

image35.png

image36.png

image41.png

image42.png

image43.png

image44.png

image45.png

image46.png

image47.png

image48.png

image49.png

image50.png

image51.png

image52.png

image53.png

image54.png

image55.png

image56.png

image57.png

image58.png

image59.png