Secure Manufacturing
Download
Report
Transcript Secure Manufacturing
Towards a Secure
Internet of Things
Future Internet Assembly Budapest, May 2011
Oscar Garcia-Morchon ([email protected])
Distributed Sensor Systems - Philips Research Europe
Things and the Thing Lifecycle?
Manufactured
Installed
Commissioned
Operational
Reconfiguration
SW Update
Appl Reconfiguration
Removal
Decommissioned
Operational
time
“Ubiquitous computing“
(1991, Mark Weiser)
Future Internet Assembly Budapest, May 2011
Security in the IoT(*)
IoT Domain (e.g,
based on
CoAP/6LoWPAN
or ZigBee)
Gateway
Internet
Security
architecture
Secure
IoT
Guidelines
& Standards
What do we actually need?
System shall/should/may use…?
How does everything work together?
Applications
and Security
Future Internet Assembly Budapest, May 2011
(*) Garcia-Morchon, O., Keoh, SL., Kumar,
S.,Hummen, R., Struik, R.: “Internet Draft:
Security Considerations in the Internet of
Things” CORE, IETF, March 2011.
Security Architecture (1/2)
Configuration entity
IoT Domain (e.g, based on
CoAP/6LoWPAN or ZigBee)
Gateway
Internet
Node B
Future Internet Assembly Budapest, May 2011
Node A
Security Architecture (2/2)
Bootstrapping
Operation
Incremental deployment
Privacy protection
Group creation
Identity and key management
….
End-to-End security
Mobility support
Heterogeneous IoT domains
Group membership
Interactions between tech.
and applications?
E2E Security?
Distributed vs
Centralized ??
Attackers launch
resource
exhaustion attack
IP ↔ IoT
translation
Gateway
Internet
Group
management
and secure
multicast
Future Internet Assembly Budapest, May 2011
IoT Domain (e.g, based on
CoAP/6LoWPAN or ZigBee)
F(ID,y); ID=hash(Entity’s Name)
Topics for discussion…and to keep in mind
Manufactured
Installed
Commissioned
Reconfiguration
SW Update
Removal
Appl Reconfiguration
Operational
Decommissioned
Operational
time
Identity & key management
Incremental deployment
Distributed or centralized
E2E vs local
Bootstrapping & operation
95/46/EC
NISTIR 7628
HIPAA
NIST
FIPS 140-2
Availability
Group security
Mobility
Security
architecture
Secure
IoT
Guidelines &
Standards
Dependability
Privacy-aware design
Confidentiality
Application
and Security
Risk Assessment &
Future Internet Assembly Budapest, May 2011
Design
IDS
Authentication
Integrity
Revocation
Accountability
Freshness
Antivirus (Stuxnet)
Access
control