Challenges arise with more and more long-life, resource-constrained devices coming online, and the need to update their firmware as vulnerabilities are found and exposed.
One way that some manufacturers deal with this is to simply transmit as little data and as little potentially sensitive information as possible over the network as power constraints loosen and processing power increases. They opt to do processing and pre-processing of data locally in the nodes, before submitting higher-level information over the network.
Emilie Barse, PhD
Security testing the Internet-of-things
Security in internet-of-things is still an immature and fascinating field for a security researcher. The state of security in this kind of devices is varying between non-existent and reasonably good.
Even though these devices most often do not have a user interface and may look harder to crack, the security testing methodology is not very different from testing a web application or computer network. You cannot rely on security by obscurity when building such devices, since there are many curious people out there and information is spreading like wildfire on the Internet and on the Darknet.
I will talk about security testing methodology and how it can be applied when testing internet-of-thing devices and give some examples of security research in this area, including hacking cars, keyboards and home automation systems.
Emilie Barse has worked in the information security field since 1999. She has been a consultant for 10 years, working with different aspects of information security with focus on security testing, code review and log management and analysis. She is now at NTT Com Security. She has a PhD in Computer Engineering from Chalmers University of Technology.
Only authorized people, machines and services should be able to communicate with each other in a connected world. Erik Wahlström from neXus will present a list of "5 things you should be doing” to build connected and secure devices."
Erik Wahlström works as a product strategist at neXus. He oversees the software portfolio at neXus that secures banks, corporations, physical and digital things.
Shahid Raza, PhD
The future Internet will be an IPv6 network interconnecting traditional computers and a large number of smart objects or networks. This Internet of Things (IoT) will be the foundation of many services and our daily life will depend on its availability and reliable operations. Therefore, among many other issues, the challenge of implementing secure communication in the IoT must be addressed. Providing security is challenging in the Internet and in tradition resource-constrained Wireless Sensor Networks (WSNs). It is even more challenging to enable security services in the IoT. This is because the IoT inherits the attributes of both WSNs (limited energy, processing and storage resources, lossy wireless links, unguarded deployments, and multi-hop communication) and of the Internet (globally accessibility, unique identity, scalability, etc.). This talk will discuss these challenges and address solutions to overcome these challenges.
Shahid Raza is a senior researcher at the SICS Swedish ICT Stockholm where he has been working since 2008. Shahid works on cyber security issues in wireless sensor networks in general and the Internet of Things (IoT) in particular. His research interests include but are not limited to security and privacy in IPv6-connected IoT, interconnection of computing clouds and IoT, WirelessHART, the smart grid, and storage security.
Shahid has completed his industrial PhD from the SICS Swedish ICT Stockholm and the Mälardalen University Västerås in 2013. He also holds a Technology of Licentiate degree from the Mälardalen University Västerås and a Master of Science degree from KTH The Royal Institute of Technology, Stockholm.
See more at http://www.ShahidRaza.info
We are again kindly hosted by THINGS. Thanks also to neXus who provide us with drinks and snacks for the evening!
Anders, Sophie and Daniel