Internet of Things

Security

Saad EL JAOUHARI

2021/2022
Table of contents
I. General Introduction
1. Computer security
2. IoT in a nutshell
3. Example of IoT well-known attacks
II. Main Security Concepts/Properties
1. CIA: Confidentiality, Integrity and Availability
2. Other important ones
III. Security Threats
1. Taxonomy and attacks
2. Threat analysis
IV. Security Functionalities
1. Defense-in-depth
2. Data protection (basic cryptography)
3. Hardware security
4. Network security
5. Application-level security
V. ENISA and smart infrastructures security
VI. Summary

2
Recap module: Lectures

3
Recap module: Project

• Practical project → 6 supervised sessions

4
01 Introduction
What is computer security ?
IoT issues ?
Well-known IoT attacks
Introduction: what is security ?

• Security
▪ Oxford The state of being free from danger or threat
▪ Collins Security refers to all the measures that are taken to protect a place, or to ensure
that only people with permission enter it or leave it.

• Security is not safety

▪ Security is highly focused on the deliberate protection actions against malicious actions
toward an individual, organization, or assets.
▪ Safety consists in being sure that nothing goes wrong in absence of malicious person(s)

7
Introduction: what is information security ?

• Information Security (Infosec):

▪ Definition: Infosec refers to all the measures that are taken to protect
information (data) from unauthorized access, use, disclosure, disruption,
modification, or destruction.

▪ Information security = Computer security + Network security

8
What is computer security ?

• Most developers and operators are concerned

with correctness and efficiency:
▪ A working software, website, blog, etc…

• Security is concerned with preventing/protecting

against undesired behavior:
▪ Considers an enemy/opponent/hacker/adversary who
is actively and maliciously trying to get around any
protective measures in place

9
What is computer security ?

• Kinds of undesired behaviors:

▪ Stealing information: confidentiality
o Corporate secrets (product plans, source code, administrative
documents, …)
o Personal information (credit card numbers, SSN, …)

▪ Modifying information or functionality : integrity

o Installing unwanted software (spyware, botnet client, …)
o Destroying records (accounts, logs, plans, …)

▪ Denying access: availability

o Unable to purchase products
o Unable to access baking information

10
Defects and vulnerabilities

• Many breaches begin by exploiting a vulnerability:

▪ This is a security-relevant software defect that can be exploited to provoke an undesired
behavior
• A software defect is present when the software behaves incorrectly, (i.e., it
fails to meet its requirements)
• Defect occur in the software’s design and its implementation
▪ A flaw is a defect In the design
▪ A bug is a defect in the implementation

11
Considering Correctness

• The Flash vulnerability is an implementation bug

▪ All software contain bugs. So what ?

• A normal user never sees most bugs and works around them
▪ Most (post-deployment) bugs due to rare feature interaction of failure to handle edge
cases

• Assessment: would be too expensive to fix every bug before deploying

▪ Companies only fix the ones mostly likely to affect normal users

12
Considering Security

• Key difference: an adversary is not a normal user

• The adversary will actively attempt to find defects in rare features

interactions and edge cases
▪ For a typical user, (accidentally) finding a bug will result in a crash, which he will try to
avoid
▪ An adversary will work to find a bug that leaded to this crash and exploit it to achieve
his goal

13
Considering Security

The main objective of computer security is to ensure security, by

eliminating bugs and design flows and/or to make them harder to exploit

14
Introduction: What is IoT in a nutshell ?

No precise, consensual definition...

• Internet of Things (one possible definition):

▪ Network of devices that are able to connect, interact and exchange data.

• Standard devices: desktops, laptops, smartphones, tablets, …

• But also, any “traditional" object that contains a digital connectable device:
temperature and humidity sensors, domestic appliance, medical device, security
camera, traffic light, ...

15
IoT is Security Critical

What is the difference between security of IoT and information security ?

Not that much, but...

Security is of critical importance for IoT

• Importance of communications (many protocols ! → BLE, Zigbee, Z-wave, NB-IoT,

Lora, …)

• Huge number of connected devices (Heterogeneity !)

• IoT devices are used in critical systems (healthcare, industries, smart cars, …)
▪ Failures may involve human, environmental, economical consequences

16
IoT is a Constrained System

IoT devices are often low-cost devices: constrained systems (< 1$ !)

Average costs of industrial Internet of Things
(IoT) sensors from 2004 to 2020 (in U.S. dollars)
• Slow processor

• Small amount of RAM

• Low energy consumption

• Low network bandwidth capacity (and short range for some)

Traditional security solutions cannot be (easily) applied to IoT

17 * https://www.statista.com/statistics/682846/vr-tethered-hmd-average-selling-price/
A few Examples of IoT Security Issues

• 2016 possible to open and start a car by hacking its keyless technology (radio communication)

• 2016 : DDoS (Distributed Denial of Service) attack (Mirai botnet) against the DNS provider Dyn by
using 1.5 millions of connected devices (mostly cameras) to put it out of order

• 2017: IoT Goes Nuclear: Creating a Zigbee Chain Reaction

18
A few Examples of IoT Security Issues

• 2016 possible to open and start a car by

hacking its keyless technology (radio
communication)

Source: https://www.wired.com/2016/08/jeep-hackers-return-high-speed-steering-acceleration-hacks/
19 https://www.youtube.com/watch?time_continue=1&v=MK0SrxBC1xs&feature=emb_title&ab_channel=WIRED
A few Examples of IoT Security Issues

• 2016 possible to open and start a car by

hacking its keyless technology (radio
communication)

• CAN-C is the high-speed bus that connects the engine,

brakes, airbags etc.
• CAN-IHS is a low-speed bus that connects the comfort
systems like radio and climate controls.

* Miller, Charlie, and Chris Valasek. "Remote exploitation of an unaltered passenger vehicle." Black Hat USA 2015.S 91 (2015).
20
A few Examples of IoT Security Issues

• 2016 : DDoS (Distributed Denial of Service) attack (Mirai botnet) against the DNS provider Dyn by
using 1.5 millions of connected devices (mostly cameras) to put it out of order

21
A few Examples of IoT Security Issues

• DDoS Attack in October 2016 → Main Target: DNS provider Dyn

▪ Temporarily crippled several high-profile services such as OVH, Dyn, and Krebs on Security via massive distributed
Denial of service attacks (DDoS)
▪ DDoS attack was staged and launched from IoT devices using the Mirai malware
▪ OVH reported that these attacks exceeded 1 Tbps - the largest on public record
▪ Mirai infected over 600,000 vulnerable IoT devices

• Mirai was designed for two main purposes:

▪ Find and infect IoT devices to grow the botnet
▪ Participate in DDoS attacks based on commands received by remote Command and Control (C&C) infrastructure

• Mirai operates in three stages:

1. Infect the devices
2. Protect itself
3. Launch attack

22
A few Examples of IoT Security Issues

• Stage 1: Infect the devices

▪ Scan for IoT devices that are accessible over the Internet
o Primarily scans for ports 22, 23, 5747, etc., that are open
o Can be configured to scan for others
▪ Once connected → brute-forces usernames and passwords to login to the device
▪ Use the device to scan networks looking for more IoT devices

23
A few Examples of IoT Security Issues

• Stage 2: Protect itself

▪ Kill other process running on infected device (SSH, Telnet, HTTP) to prevent owner from
gaining remote access to device while infected
▪ Note: Rebooting the device can remove the malware, but it can become infected again

• Stage 3: Launch attack

▪ Infected device launches different types of attacks
▪ HTTP floods, SYN floods, etc. → DDoS-based attacks

• **Note: Mirai contained a list of known networks in the U.S. to avoid attacking →
U.S. Postal Service, Department of Defense

24
A few Examples of IoT Security Issues

25 https://www.imperva.com/blog/how-to-identify-a-mirai-style-ddos-attack/
A few Examples of IoT Security Issues

26 https://blog.cloudflare.com/inside-mirai-the-infamous-iot-botnet-a-
retrospective-analysis/
A few Examples of IoT Security Issues

• 2017: IoT Goes Nuclear: Creating a Zigbee Chain

Reaction

• Connected Zigbee lightbulbs → Attack steps:

1. Target: Philips Hue lamps using ZigBee wireless
connectivity.
2. Recover the AES-CCM Encryption keys using a side
channel attack (Correlation Power Analysis (CPA))
3. Create a malicious firmware update (a worm)
4. Load it to a Philips Hue light.
5. The worm spreads by jumping directly from one
lamp to its neighbours, using their built-in ZigBee
wireless connectivity and their physical proximity
▪ Range 400m outdoor and 70m indoor

27 * Source image: [13]

A few Examples of IoT Security Issues

Zigbee War Flying Zigbee War Driving

https://www.youtube.com/watch?v=Ed1OjAuRARU&feature=emb_title&ab_channel=seyalr
https://www.youtube.com/watch?v=zcwz-lQtCwM&ab_channel=seyalr
28
IoT Architecture: global view
Finally, at the top of the pyramid, it is a matter of transforming this processed data to give it
meaning and value. Above all, to be able to present it in an understandable and usable
Value interface: for example, the application on your phone that communicates the temperature of
your house via the various thermostats.

Data The 3rd level is the data level. The data arrives in its raw state. It is a
series of information that must be sorted, analyzed and stored.

Connectivity The next level is connectivity, i.e., how this captured data will be communicated
over the Internet. You are probably already familiar with most of the different
connectivity options: your home's WiFi, your phone's cellular network, your car's
Bluetooth, etc.

Devices
The base of the pyramid is made up of sensors (devices), which capture
and collect physical data from the environment. This can be humidity,
temperature, presence, pressure...

29
IoT Architecture: global technical view

30
Security: outline

Broad topic:
we will see most important features,
but we will not cover them in (too much) depth

• Security Properties
• Security Threats
• Security Functionalities

31
 Main security

02 concepts/properties
CIA
Main concepts
Introduction

• Security Concepts/Properties
• Are features that an information system should provide in order to secure it and its users
from attackers.

• These features may vary from one system to another

33
Main concepts
Introduction

• An object (called also asset) is the passive element in a security relationship,

such as files, computers, network connections, and applications .

• A subject is the active element in a security relationship, such as users,

programs, and computers. A subject acts upon or against an object.

34
Main concepts
CIA

• CIA → Confidentiality Integrity and Availability

• Why ?
▪ They are the primary goals and objectives of a security infrastructure.
▪ Security essentials
▪ Most important security principles
▪ They are interdependent

35
Main concepts
CIA

• Security controls are typically evaluated based on the respect of these

principles.

• A complete security solution should adequately address each of these

principles

• Vulnerabilities and risks are also evaluated based on the threat they pose
against one or more of the CIA Triad principles

36
Main concepts
Confidentiality

• Definition:
▪ The insurance of the protection of the secrecy of data, objects and resources.

• Its main objectives:

▪ Prevent or minimize unauthorized access to data
o No one other than the legitimate recipient of a message receives it or is able to read it.

▪ Provides means for authorized users to access and interact with resources

37
Main concepts
Confidentiality

• States of the data:

▪ Creation, use, storage, process and transit
▪ The confidentiality needs to be maintained for all the different states

38
Main concepts
Confidentiality

• Some attacks that aim at violating this principle:

▪ Capturing the network traffic
▪ Stealing passwords
▪ Social engineering
▪ Port scanning
▪ Shoulder surfing
▪ Eavesdropping
▪ Sniffing
▪ Escalation of privileges
▪ Etc.

• But not only

39
Main concepts
Confidentiality

• Unauthorized disclosure of sensitive or confidential information can also be resulted

from:
▪ Human errors
▪ Implementation bugs:
o Failing to properly encrypt a transmission
o Failing to fully authenticate a remote system before transferring data
o Leaving open otherwise secured access points
o Misconfigured security control
o …
▪ lack of user security sensibilization:
o Misrouted faxes
o Important documents left on printers
o Accessing malicious code that opens a back door (via a phishing email)
o Walking away from an access terminal while data is displayed on the monitor
o …

40
Main concepts
Confidentiality

• Some security means to guarantee confidentiality includes, but not limited

to:
▪ Encryption of data
▪ Strict access Control
▪ Rigorous authentication procedures
▪ Personal training
▪ …

41
Main concepts
Confidentiality in IoT

• In-device: The data stored (if any) and the security keys need to be safely stored in the
memory.

• Device to Device: protecting the data exchanges between IoT devices.

• Device to Gateway: protecting the data exchanges between the IoT device and the
corresponding gateway.

• Device to Cloud: protecting the data exchanges between the IoT device and the cloud.

• E.g.,: via data or traffic encryption.

42
Main concepts
Integrity

• Definition:
▪ Is the concept of protecting the reliability and the correctness of the data.

• Main objectives:
▪ Prevents unauthorized subjects from making modifications on an object
▪ Prevents authorized subjects from making unauthorized modifications (to avoid
mistakes)
▪ Ensures that the object remains correct, unaltered and preserved in most of the states
of the object (data)

43
Main concepts
Integrity

• Some attacks that aim at violating this principle:

▪ Viruses
▪ Malwares
▪ Errors in coding and applications
▪ Man in the Middle
▪ …

• But not only

44
Main concepts
Integrity

• Human errors
▪ Modifying or deleting files
▪ Entering invalid data
▪ Altering configurations
▪ …
• Oversight
• Implementation bugs :
▪ Including errors in commands, cods and scripts
▪ Using old / vulnerable cryptographic algorithms to hash/encrypt/secure data
▪ Using unsecure transmission protocols
▪ …
• lack of user security sensibilization
▪ Accessing malicious code that opens a back door (via a phishing email)
▪ …

45
Main concepts
Integrity

• Some security means to guarantee integrity includes, but not limited to:
▪ Encryption of data
▪ Strict access Control
▪ Rigorous authentication procedures
▪ Data/Object Encryption
▪ Using robust hash functions
▪ Personal training
▪ …

46
Main concepts
Integrity for IoT

• Crowded frequency bands cause missed packets:

▪ Transmitting devices can interfere with nearby receiving devices.

• Corrupted memory can lead to unexpected outcomes:

▪ Both flash and non-volatile memory can occasionally become corrupted.
▪ Unintended or intentionally through malicious hardware hacking or malwares.
▪ Regardless of the mechanism, it is imperative that microcontrollers are equipped with the necessary integrity features
to identify when a device has been corrupted.
▪ Once identified, the microcontroller can either correct the error or shut the device down, appropriately ensuring that
the security of the wider system is not breached.

• Sensor’s data integrity:

▪ How to guarantee the integrity of the data in transit from the sensor to the end user ?

• In every stage of the IoT data life cycle from sensing and measuring, to interpreting and connecting the
data, the quality and integrity of the information needs to be guaranteed. → E.g., via hash function

47
Main concepts
Availability

• Definition:
▪ Authorized subject are granted timely and uninterrupted access to objects

• Its main objectives:

▪ High level of assurance that the objects are accessible to authorized subjects and an
acceptable level of performance
▪ Prevention of Denial of Service (DoS)
▪ Quick handling of interruption (fault tolerance)

48
Main concepts
Availability

• Some attacks that aim at violating this principle:

▪ These include device failure
▪ DoS attacks,
▪ Object destruction
▪ Communication interruptions or jamming
▪ …

• But not only

49
Main concepts
Availability

• Human errors
▪ Accidentally deleting files
▪ Overutilizing a hardware or software component
▪ …
• Environmental issues
▪ Heat
▪ static,
▪ Flooding
▪ power loss
▪ …
• Implementation Bugs:
▪ Software errors and crashes (in particular in the already deployed ones)
▪ Under-allocating resources,
▪ Mislabeling or incorrectly classifying objects
▪ …

50
Main concepts
Availability

• Some security means to guarantee availability includes, but not limited to:
▪ Providing redundancy mechanisms for critical systems
▪ Maintaining reliable backups
▪ Prevent data loss or destruction
▪ Monitoring performance and network traffic
▪ Using firewalls and IDS/IPS to prevent DoS/DDoS
▪ Following a Business Continuity Planning (BCP) (in case of a disaster for instance)
▪ Fault tolerance at the various levels of access/storage/security
▪ Eliminating single points of failure (SPoF) to maintain availability of critical systems
▪ …

51
Main concepts
Availability in IoT

• Ensuring that critical IoT devices are always operational

▪ E.g., IoT monitoring sensors in healthcare or Industrial sensors
▪ Quick detection and correction
▪ Fault tolerance (redundant sensors !)

52
Main concepts
Other important notions

• Identification: Claiming to be an identity when attempting to access a secured area or system

▪ Providing an identity may involve: typing in a username; swiping a smart card; waving a proximity device; speaking a
phrase; or biometrics or scanning device

• The AAA service :

▪ Authentication: Proving that the provided identity is valid
o The most common form of authentication is using a password, or by comparing one or more factors
o against the database of valid identities (authentication factors)

▪ Authorization: Defining the permissions (i.e., allow/grant and/or deny) of a resource and object access for a specific
identity
o It ensures that the requested activity or access to an object is possible given the rights and privileges assigned to the
authenticated identity (via access control)

▪ Accounting (aka accountability): Reviewing log files to check for compliance and violations in order to hold subjects
accountable for their actions
o Monitoring : the subject’s actions are tracked and recorded for the purpose of holding the subject accountable for their actions
while authenticated on a system

53
Main concepts
Other important notions

• Non-repudiation the emitter/receiver of an object cannot deny having

emitted/received it (anytime after emitting/receiving it).
• non-repudiation is also a legal concept

54
 Main concepts
The concept of identity
Entities Have Identities Consist of Attributes

Systems

Persons Names,
Identifiers,
Characteristics,
etc.

Organizations

55
Main concepts
Concepts related to identity

• Entity:
▪ A person, organization, agent, system (IoT sensor/actuator, server, computer, …), session, process, etc.
• Identity:
▪ A set of names / attributes of entity in a specific domain.
▪ An entity may have identities in multiple domains.
▪ An entity may have multiple identities in one domain.
• Digital identity:
▪ Digital representation of names / attributes in a way that is suitable for processing by computers.
• Attributes of entity:
▪ Can be unique or ambiguous within a domain.
▪ Transient or permanent, self defined or defined by authority, interpretation by humans and/or
computers, etc.

56
03 Security Threats
Taxonomy
Threat analysis
Security Threats
Definitions

• Security Threat: is anything that could cause something bad to an

information system.

• Attack: consists in intentionally making bad things happening.

• Vulnerability: is a weakness that enables an attack.

• Exploit: is an implementation of an attack

58
Security Threats
Definitions

• A threat has the potential to exploit a vulnerability of the system to turn it into an
attack

• A threat might or might not happen

• An attack may break (at least) one security property/concept

• The consequence of breaking security properties may be huge (even possibly

destroying the system physically)

• An exploit typically uses (at least) one vulnerability

59
Security Threats
Taxonomy

• 9 main kinds of threats according to ENISA

• ENISA = European Union Agency for Network and Information Security4

• During the reporting period (April 2020 to July 2021), the prime threats identified
include:
1. Ransomware;
2. Malware;
3. Cryptojacking;
4. E-mail related threats; (e.g., phishing)
5. Threats against data;
6. Threats against availability and integrity;
7. Disinformation – misinformation;
8. Non-malicious threats;
9. Supply-chain attacks

60 https://www.enisa.europa.eu/topics/threat-risk-management/threats-and-trends
Security Threats
Taxonomy

• Threats may be distinguished by:

▪ Their sources:
o Accidental or intentional, internal or external, low or high capacity
o Depend on the context (e.g., a company with temporary workers using IoT objects
connected to its servers might consider extra external sources)

▪ Their targets:
o Sensors, servers, databases, networks, software, users, ...

▪ Their operational modes:

o Modification of usage, overstepping of functional limits, deterioration, destruction, spying, ...

61
Security Threats
Taxonomy

• Some threats related to IoT:

▪ Vulnerabilities
▪ Malwares (ransomwares;)
▪ Botnets
▪ Denial of services (Threats against availability and integrity;)
▪ Physical attacks (threats against data; Threats against availability and integrity;)
▪ Information theft and unknown exposure (threats against data;)
▪ Device mismanagement and misconfiguration
▪ Lack of encryption (Threats against availability and integrity;)
▪ Firmware updates Missing
▪ …

62
Security Threats
Taxonomy: Vulnerabilities

• Vulnerability: is a weakness in the software/firmware or hardware which

allows an attack.

• One of the main reasons IoT devices are vulnerable is because they lack the
computational capacity for built-in security.

• Another reason that vulnerabilities can be so pervasive is the limited budget

for developing and testing secure firmware, which is influenced by the price
point of devices and their very short development cycle.

63
Security Threats
Taxonomy: Vulnerabilities

• Vulnerable standard components also affect millions of devices, as

demonstrated by Ripple20 and URGENT/11.
• Ripple20: are vulnerabilities rooted in software developed (lightweight TCP/IP stack)by American
company Treck Inc. It is a group of 19 hackable bugs that, if successfully exploited, could allow
an attacker to run code arbitrarily on vulnerable devices they can connect to [14].
• URGENT/11: Vulnerabilities Affecting Medical Devices and Hospital Networks. It is comprised of six
critical flaws that allow Remote Code Execution (RCE) and five that are classified as denial of
service (DoS) and logical flaws [15].
• FreeRTOS: In 2018, 13 bugs in the FreeRTOS TCP/IP stack put IoT devices in homes and in critical
infrastructure at risk.

• Aside from the devices themselves, vulnerabilities in web applications and

related software for IoT devices can lead to compromised systems.

64
Security Threats
Taxonomy: Malwares

• Definition: Malicious Code or Malware is the generic term for any type of harmful
software that attacks an application or system.
• There are many types of malicious codes:
▪ Viruses
▪ Worms
▪ Trojans
▪ Rootkit
▪ Logic bombs
• They can cause damage to targeted systems.
• Zero-day exploits are malicious code (a threat) for which there is no vendor
supplied patch (i.e., unpatched vulnerability).

65
Security Threats
Taxonomy: Malwares

• Virus: Are malware that does not spread automatically: they require a carrier
(usually a human).
▪ They frequently spread via portable USB (Universal Serial Bus) or, SD (Secure Digital) memory
card.
▪ These devices may be physically carried and inserted into multiple computers.

• Worm: Are very similar to viruses both are designed to replicate quickly, but worms
don’t attach themselves to programs the way viruses do.
▪ They are malware that self-propagates (spreads independently) without human intervention
▪ They propagate by spreading copies of itself from computer to computer and by attacking
known weaknesses on computer systems
▪ They have control and destructive capabilities on the infected system

66
Security Threats
Taxonomy: Malwares

• Trojans: (also called a Trojan horse) is malware that performs two functions: one
benign (such as a game), and one malicious.
▪ The term derives from the Trojan horse described in Virgil’s poem The Aeneid.
▪ They try to appeal to and interest the user with some useful functionality to entice the user to
run the program
▪ Sometimes real tools were Trojanized by hackers to camouflage their malicious activities,
especially the ones downloaded from third-party websites
▪ Once activated, Trojans can allow cybercriminals to spy, steal sensitive data and access
systems using a backdoor

• Ransomware: is a type of malware that prevents or limits users from accessing their
system, either by locking the system's screen or by locking the users' files until a
ransom is paid
▪ Might spread though viruses, worms or trojans.

67
Security Threats
Taxonomy: Botnets

• A botnet is a (usually large) number of connected devices, each of them

running one (or several) bot(s).
▪ Any device connected to internet may be used, including virtual machines and IoT
devices
▪ Botnets may be used for DDoS attacks or propagating ransomwares
▪ Botnets may also be used for building fake popularity in order to attack users who want
to pay for advertising (e.g., in 2017, Twitter discovered 350,000 fake accounts which
were part of the same botnet)

• Example: Mirai botnet (2016) was a botnet of 1.5 millions of devices that
performed several DDoS attacks

68
Security Threats
Taxonomy: Denial of Service (DoS)

• A Denial of Service (DoS) is a type of cyber attack designed to disable, shut down
or disrupt a network, website or service.
• DoS may be used to mask other attacks
• DoS might be performed by malwares:
• A malware can be used to interrupt or inhibit the normal flow of data into and out of a
system to render the target useless or inaccessible for a certain period
• Distributed Denial of Service (DDoS) uses a large number of connected devices for
flooding the host’s bandwidth
• DDoS is harder to block than DoS
• DDoS directly comes from improperly secured IoT devices
• Example: Mirai attack
• IoT devices might also be target to DoS and DDoS attacks (not only a source)

69
Security Threats
Taxonomy: Physical attacks

• A physical attack is a threat that directly targets equipment or individuals.

▪ They include physical manipulations, damages, thefts, losses
o Side channel attacks: is a security exploit that attempts to extract secrets from a chip or
a system.
o This can be achieved by measuring or analyzing various physical parameters.
o Examples include supply current, execution time, and electromagnetic emission.
▪ They are not necessarily caused by a cyberattack but by a physical access to
the equipment/an individual
▪ Is an Important threat for IoT devices that are deployed in an open/untrusted
context
▪ Worst if the IoT device is insecure (e.g., no built-in security mechanisms)
▪ Example: attacks on Philips Hue bulbs

70
Security Threats
Taxonomy: Others

• Information theft and unknown exposure:

▪ As with anything dealing with the internet, connected devices increase the chances of
exposure online.
▪ Important technical and even personal information can be unknowingly stored and
targeted in these devices.

• Device mismanagement and misconfiguration:

▪ Security oversights, poor password hygiene, and overall device mismanagement can
assist in the success of these threats.
▪ Users may also simply lack the knowledge and the capability to implement proper
security measures, wherein service providers and manufacturers may need to help their
customers achieve better protection.

71
Security Threats
Taxonomy: Others

• Lack of encryption
▪ The lack of encryption on regular transmissions is one of the biggest IoT security issues.
▪ Many IoT devices do not encrypt the data they transfer, which means that if someone
breaks into the network, they can capture passwords and other sensitive information sent to
and from the device.

• Firmware updates Missing

▪ Another major IoT security issue is if devices are deployed with a bug that creates
vulnerabilities.
▪ Whether they originate from your own or third-party generated code, manufacturers need
to be able to upgrade their firmware, to avoid these hazardous conditions.
▪ This should ideally take place remotely, but that isn’t always possible.
▪ If a network’s data transmission speeds are too low or its messaging capabilities are limited,
you may need to physically contact the device to issue the update.

72
Security Threats
Attacks

73 * Source image: [9]

Security Threats
Attacks

* Source image: [10]

74
Security Threats
Threat analysis: key questions ?

• What are your assets?

▪ which of them do you need to protect?
▪ which of them can you afford to lose?

• Who are the stakeholders?

▪ Who would want to do something bad to your system and why?
▪ take care of insiders

• What are the threats?

▪ How serious are they?

• What is the risk?

75
Security Threats
Threat analysis: Risk Assessment

• Prioritize risks
• Risk assessment is a subjective activity
▪ Quantitative measure (hard)
o risk = probability of attack x cost of damage (in euros)
o risk ∈ [0; 1]
▪ Qualitative measure (easier)
o risk ∈ { low; medium; high }
• Build a risk assessment model, e.g., DREAD
▪ Damage → how much does an attack costs?
▪ Reproducibility → how reliable is the impact of an attack?
▪ Exploitability → how much work to implement the attack?
▪ Affected → Users how many people are impacted by an attack?
▪ Discoverability → how likely is an attacker to discover a vulnerability?

76
Security Threats
Threat analysis: be careful !

• A threat analysis helps to deal with threats, but offers no guarantee of finding them all (not
even to find the most important ones)

• Different kinds of expertise are required in order to understand the threats of a system. For
IoT:
• Security at Hardware level experts
• Network experts (Lora, 6Lowpan, BLE, Zigbee, lightweight TCP IP stacks, …)
• Software security experts (firmware, applications, …)
• Compliance experts
• Use case specifics threats (Healthcare, Industry 4.0, …)
• Etc.

• Must understand threats before applying security functionalities

77