5/28/2025

Internet of Things 2

Why IOT Security is Challenging? 4

The Voice of Things

Internet/
Core IP
Network Private/Public
Sensors Cloud
Limited Resources Physical Security of End nodes Hybrid and Ad-hoc nature of the
and Routers Network

Sense Communicate Store Analyze ACT

Ad-hoc IOT Network 6

Wireless Network De facto 7

Security Layers
Cloud Security

Cloud
Network
Security

Mesh Routers Hardware

End Nodes Security
 5/28/2025

8
A Simple Protocol 9

The Definition of Computer Security

• Security is a state of well-being of information and “A” sends message “M” to “B”:
infrastructures in which the possibility of
successful yet undetected theft, tampering, and
M
A B
disruption of information and services is kept low
written as:
or tolerable Message
A  B: M
• Security rests on confidentiality, authenticity, “M” can
integrity, and availability We write down protocols as a list of messages sent be read
between “principals”, e.g. by the
1. A B : “Hello” attacker
2. B  A : “Offer”

Encryption 11
Rule 12

• We can keep our data safe by using • We can use

encryption: – Encryption {M}K, EK(M)
– Signing SignK(M), SK(M), MACK(M)
– Hashing #(M), Hash(M)
{ M }Kab
A B
• We assume that these are prefect
– cannot be broken by brute force.
A  B : { M }Kab
Confidentiality Achieved
 5/28/2025

Rule 18
Rule 21

• We can generate nonces. • The attacker can run multiple rounds of the protocol.
• This is a new random values. • The attacker can
– break up messages,
• If you generate a new nonce for a session – invent new values, keys, nonces,..
you know that all future messages with that – combine any of these into new message.
include that nonce are part of the same
session.

CIA+ Model 23

IEEE 802.15.4 PHY Layer Attacks 24

• Confidentiality - ensuring that information is

accessible only to those authorized to have access
• Integrity – trustworthiness of data or resources in
terms of preventing improper and unauthorized
changes
• Availability - the degree to which a system,
subsystem, or equipment is operable
 5/28/2025

CIA+ Model 25
Security Threats and Attacks 26

• Authenticity - identification and assurance of the origin

• A threat is a potential violation of security
of information
• Accountability and non-repudiation
– Flaws in design, implementation, and operation
– A is accountable to B when A is obliged to inform B about A’s • An attack is any action that violates security
(past or future) actions and decisions, to justify them, and to
– Active adversary
suffer punishment in the case of eventual misconduct
– A service that provides proof of the integrity and origin of data • An attack has an implicit concept of “intent”
– An authentication that with high assurance can be asserted to – Router misconfiguration or server crash can also
be genuine
cause loss of availability, but they are not attacks
• Freshness – insuring delivered data/message is the most recent
• Access control - ability to permit or deny the use of a particular
resource by a particular entity
• Privacy of collected information

Various Types of Security Attacks 27

Attack on Integrity 29

• Virus/Worms
– Triggered by a special event, a malicious program can do harmful things • Integrity is prevention of unauthorized changes
• Trojans
– Stop the flow of the message
– Accessing the device through a back door
• Denial of service – Delay and optionally modify the message
• Physical
– Invasive, non-invasive
– Release the message again
– Side channel – electromagnetic radiation, power/energy consumption, thermal
Intercept messages,
• Software tamper, release again
– Major source of vulnerability and well studied (but very difficult and still largely
unsolved) problem
– Trinity of trouble: complexity, extensibility and connectivity
• Hardware network
– Trusted foundry, Trusted IC

…………………………………………………………..

Source: Shmatikov
 5/28/2025

Attack on Authenticity 30
Attack on Availability 31

• Authenticity is identification and assurance of origin • Availability is ability to use information or resources
of information desired
– Destroy hardware (cutting fiber) or software
– Unauthorized assumption of other’s identity – Modify software in a subtle way (alias commands)
– Generate and distribute objects under this identity – Corrupt packets in transit
– denial of service (DoS)
Overwhelm or crash servers,
disrupt infrastructure

network
network

Source: Shmatikov Source: Shmatikov

Bad News 32
Better News 33

• Security often not a primary consideration • There are a lot of defense mechanisms
– Performance and usability take precedence • It’s important to understand their limitations
• Feature-rich systems may be poorly understood – “If you think cryptography will solve your problem, then
– Higher-level protocols make mistaken assumptions you don’t understand cryptography… and you don’t
• Implementations are buggy understand your problem” -- Bruce Schneier
– Buffer overflows are the “vulnerability of the decade” – Many security holes are based on misunderstanding

• Software, hardware, networks are more open and • Security awareness and user “buy-in” help
accessible than ever • Other important factors: usability and economics
– Increased exposure, easier to cover tracks
• Many attacks are not even technical in nature
– Phishing, impersonation, etc.

Source: Shmatikov Source: Shmatikov

 5/28/2025

Some Common Types of Attack 34

Eavesdropping 35

• Eavesdropping • An Eavesdropping attack only passively

• Modification observe messages.
• Replay / Preplay
• Protocols defend against Eavesdropping
• Man-in-the-Middle attacks by using encryption for
• Reflection confidentiality.
• Denial of Service
• Typing Attack • The attacker is a passive outsider.