tsensors - munich sept. 15-17, 2014 - bhide-samani
TRANSCRIPT
-
8/17/2019 Tsensors - Munich Sept. 15-17, 2014 - Bhide-Samani
1/25
.
Intel Corporation, Sandhiprakash (Sandhi) Bhide, Raj Samani, Tsensor Summit, Sept. 15-17, 2014
.
Raj Samani, EMEA CTO McAfeeSandhiprakash Bhide, Director of Innovation, Future IOT Solutions,Application Ready Platform Division, IOT Group
Building a secure futureCybersecurity and the Internet of Things
-
8/17/2019 Tsensors - Munich Sept. 15-17, 2014 - Bhide-Samani
2/25
.
Intel Corporation, Sandhiprakash (Sandhi) Bhide, Raj Samani, Tsensor Summit, Sept. 15-17, 2014
The Connected Home – The Last Decade
2
-
8/17/2019 Tsensors - Munich Sept. 15-17, 2014 - Bhide-Samani
3/25
-
8/17/2019 Tsensors - Munich Sept. 15-17, 2014 - Bhide-Samani
4/25
.
Intel Corporation, Sandhiprakash (Sandhi) Bhide, Raj Samani, Tsensor Summit, Sept. 15-17, 2014
Typical Connected Home, Year 2000
4
-
8/17/2019 Tsensors - Munich Sept. 15-17, 2014 - Bhide-Samani
5/25
.
Intel Corporation, Sandhiprakash (Sandhi) Bhide, Raj Samani, Tsensor Summit, Sept. 15-17, 2014
Typical Connected Home, Year 2000
5
-
8/17/2019 Tsensors - Munich Sept. 15-17, 2014 - Bhide-Samani
6/25
.
Intel Corporation, Sandhiprakash (Sandhi) Bhide, Raj Samani, Tsensor Summit, Sept. 15-17, 2014
Typical Connected Home, Year 2000
6
-
8/17/2019 Tsensors - Munich Sept. 15-17, 2014 - Bhide-Samani
7/25
-
8/17/2019 Tsensors - Munich Sept. 15-17, 2014 - Bhide-Samani
8/25
.
Intel Corporation, Sandhiprakash (Sandhi) Bhide, Raj Samani, Tsensor Summit, Sept. 15-17, 2014
Typical Connected Home, Year 2000
8
-
8/17/2019 Tsensors - Munich Sept. 15-17, 2014 - Bhide-Samani
9/25
.
Intel Corporation, Sandhiprakash (Sandhi) Bhide, Raj Samani, Tsensor Summit, Sept. 15-17, 2014
Typical Connected Home, Year 2000
9
-
8/17/2019 Tsensors - Munich Sept. 15-17, 2014 - Bhide-Samani
10/25
.
Intel Corporation, Sandhiprakash (Sandhi) Bhide, Raj Samani, Tsensor Summit, Sept. 15-17, 2014
Typical Connected Home, Year 2000
10
-
8/17/2019 Tsensors - Munich Sept. 15-17, 2014 - Bhide-Samani
11/25
.
Intel Corporation, Sandhiprakash (Sandhi) Bhide, Raj Samani, Tsensor Summit, Sept. 15-17, 201411
50B Devices will connect to Internet by the end of the decade.
They are unprotected and can be hacked loss of economic value & loss ofinnocence (opt-in w/o knowing consequences)
-
8/17/2019 Tsensors - Munich Sept. 15-17, 2014 - Bhide-Samani
12/25
.
Intel Corporation, Sandhiprakash (Sandhi) Bhide, Raj Samani, Tsensor Summit, Sept. 15-17, 2014
New Security Threats to Personal IOT Devices
12
Baby Monitor: Hacker takes over baby monitor and shouts obscenities
at sleeping child. ABC. 13 Aug 2013)
Fridge sending out spam after web attack compromised gadgets. One
of > than 100K devices used in spam campaign. (BBC News. Jan 2014)
“Wearable Computing Equals New Security Risks”, (InformationWeek.13 Jan 2013)
Medical Devices: We’re starting to attach medical devices to electronic
health records, and they’re not secure.' (Healthcare IT News. May 2013)
Credit Card Information System: “Target Confirms Point-of-Sale
Malware Was Used in Attack” (Security Week. 13 Jan 2014)
-
8/17/2019 Tsensors - Munich Sept. 15-17, 2014 - Bhide-Samani
13/25
.
Intel Corporation, Sandhiprakash (Sandhi) Bhide, Raj Samani, Tsensor Summit, Sept. 15-17, 2014
What is security and implications of not havingsecurity?
13
-
8/17/2019 Tsensors - Munich Sept. 15-17, 2014 - Bhide-Samani
14/25
.
Intel Corporation, Sandhiprakash (Sandhi) Bhide, Raj Samani, Tsensor Summit, Sept. 15-17, 2014
Anonymized data may not be as anonymous as isbelieved. Or it may be now, but not in the future
14
How To Track Vehicles
Using Speed Data Alone
Carmakers keep data ondrivers' locations
FTC Hearing IoT PrivacyConcerns
Connected Home
Invasion: The Methods
Car insurance companies reduce the cost of insurance
by gathering data about a customer's driving practices.
Report finds automakers keeping info about driver’slocation. Owners can’t demand that info is destroyed
Anyone concerned about privacy would be well advisedto weigh in on this before the issue is taken over.
No incentive to secure products. With resources better
off spending on the features that consumers want
-
8/17/2019 Tsensors - Munich Sept. 15-17, 2014 - Bhide-Samani
15/25
.
Intel Corporation, Sandhiprakash (Sandhi) Bhide, Raj Samani, Tsensor Summit, Sept. 15-17, 2014
Data Storage requirements
May 16, 201615
-
8/17/2019 Tsensors - Munich Sept. 15-17, 2014 - Bhide-Samani
16/25
.
Intel Corporation, Sandhiprakash (Sandhi) Bhide, Raj Samani, Tsensor Summit, Sept. 15-17, 2014
Security Connected
May 16, 201616
-
8/17/2019 Tsensors - Munich Sept. 15-17, 2014 - Bhide-Samani
17/25
.
Intel Corporation, Sandhiprakash (Sandhi) Bhide, Raj Samani, Tsensor Summit, Sept. 15-17, 2014
User’s Perspective of SecurityDepends end user and the app
17
Person remainsanonymous unless
opted-in
Privacy
Release ofsensitive/ personal
info withoutconsent
SafetyData Protection
Does not cause anyharm to people
Data safe from
theft or alteration
Identity
US
-
8/17/2019 Tsensors - Munich Sept. 15-17, 2014 - Bhide-Samani
18/25
.
Intel Corporation, Sandhiprakash (Sandhi) Bhide, Raj Samani, Tsensor Summit, Sept. 15-17, 2014
Security necessarily segments the IOT market
• Different usages require different security mechanisms
• Cost sensitivity implies different security controls for different IOT
segments, i.e., smart meters
Three types of security technical issues for IOT devices
• How to secure communications?
• How to detect and recover from malware?
• How to defend the physical security of low cost devices?
IOT Security
-
8/17/2019 Tsensors - Munich Sept. 15-17, 2014 - Bhide-Samani
19/25
.
Intel Corporation, Sandhiprakash (Sandhi) Bhide, Raj Samani, Tsensor Summit, Sept. 15-17, 2014
Sensor Security Challenge #1Software-based sensor attack rates rising
• Sensor data left unprotected:
1. By APIs;
2. In system memory (buffers)
• Once access to sensor data is obtained, information can be
directly or indirectly inferred
Source: TapLogger: Inferring User Inputs on Smartphone Touchscreens Using On-boardMotion Sensors, WiSec’12, April, 2012.
http://www.cse.psu.edu/~szhu/papers/taplogger.pdf
Source: PlaceRaider: Virtual Theft in Physical Spaces with Smartphones,Sept 27, 2012. http://arxiv.org/pdf/1209.5982v1.pdf
-
8/17/2019 Tsensors - Munich Sept. 15-17, 2014 - Bhide-Samani
20/25
.
Intel Corporation, Sandhiprakash (Sandhi) Bhide, Raj Samani, Tsensor Summit, Sept. 15-17, 2014
Sensor Security Challenge #2• Users can’t tell if sensors are on/off and cannot control use
• Sensor data can be faked -- not certified as authentic --allowing
attacks on sensor-data-based uses
-
8/17/2019 Tsensors - Munich Sept. 15-17, 2014 - Bhide-Samani
21/25
-
8/17/2019 Tsensors - Munich Sept. 15-17, 2014 - Bhide-Samani
22/25
.
Intel Corporation, Sandhiprakash (Sandhi) Bhide, Raj Samani, Tsensor Summit, Sept. 15-17, 2014
1. Sensor data is protected at the source and remainssecure during processing.
2. Provide user an easy to use environment with policies to
control sensor data processing and use.3. Address problem in a way that is scalable (platform &
sensor types)
Protected Sensor Data Goals
-
8/17/2019 Tsensors - Munich Sept. 15-17, 2014 - Bhide-Samani
23/25
.
Intel Corporation, Sandhiprakash (Sandhi) Bhide, Raj Samani, Tsensor Summit, Sept. 15-17, 2014
What about today?
May 16,23
Security. Unlike PC-based SCADA systems that are vulnerable to
virus and malware attacks, our system is housed on cloud based
servers. These servers are overseen by highly skilled techniciansnegating the need for anti-virus updates and continuous security
vulnerability patches required by PC-based solutions
-
8/17/2019 Tsensors - Munich Sept. 15-17, 2014 - Bhide-Samani
24/25
.
Intel Corporation, Sandhiprakash (Sandhi) Bhide, Raj Samani, Tsensor Summit, Sept. 15-17, 2014
For more information
• White Paper: http://www.mcafee.com/hk/resources/white-papers/wp-smart-grid-cyber-security.pdf
@Raj_Samani & @CyberGridBook
-
8/17/2019 Tsensors - Munich Sept. 15-17, 2014 - Bhide-Samani
25/25
.
Intel Corporation, Sandhiprakash (Sandhi) Bhide, Raj Samani, Tsensor Summit, Sept. 15-17, 2014
Q&A