UoNA-INST560 – Internet of Things (IoT)

Winter 2023
INST560 Internet of
Things

Internet of Things
Analytics and Security
Professor Aliakbar Jalali
aliakbar.jalali@live.uona.edu
Lecture 8
/59
 Contents
UoNA-INST560 – Internet of Things (IoT)

• Introduction

• IoT Major Components

• IoT Data Analytics

• IoT Security

• IoT User Interface

• Conclusion

• References
2 /59
 Introduction: Major Components of IoT + Security
UoNA-INST560 – Internet of Things (IoT)

IoT SECURITY
+
3 /59
 UoNA-INST560 – Internet of Things (IoT)
Introduction: IoT Data Analytics

4 /59
 Introduction: IoT Analytics
UoNA-INST560 – Internet of Things (IoT)

• IoT Analytics is a leading global provider of market

insights and strategic business intelligence for the IoT,
AI, Cloud, Edge and Industry 4.0.

• IoT analytics is the application of data analysis tools

and procedures to realize value from the huge volumes
of data generated by connected Internet of Things
devices.

• The potential of IoT analytics is often discussed in

relation to the Industrial IoT.

• The IIoT makes it possible for organizations to collect

and analyze data from sensors on manufacturing
equipment, pipelines, weather stations, smart meters,
delivery trucks and other types of machinery.
5 /59
 IoT Data Analytics
UoNA-INST560 – Internet of Things (IoT)

• Data analytics in general is important

because it helps businesses optimize their
performances. Implementing it into the
business model means companies can help
reduce costs by identifying more efficient ways
of doing business.

• IoT analytic is important because the additional

data provided by the Internet of Things not
only enables organizations to generate real-
time insights that benefit them in the present,
but also helps them to foresee future business
trends in advance.
6 /59
 UoNA-INST560 – Internet of Things (IoT)
IoT Data Analytics

7 /59
 IoT Data Analytics
UoNA-INST560 – Internet of Things (IoT)

• IoT analytics is the process of

converting analog data from billions of
smart devices and sensors into useful
insights which can be interpreted and
used for detailed analysis.

• Smart analytics solutions are inevitable

for IoT system for management and
improvement of the entire system.

https://www.rfpage.com/what-are-the-major-components-of-internet-of-things/ 8 /59
 IoT Data Analytics
UoNA-INST560 – Internet of Things (IoT)

• One of the major advantages of an

efficient IoT system is real time smart
analytics which helps engineers to find
out irregularities in the collected data
and act fast to prevent an undesired
scenario.

• Service providers can prepare for

further steps if the information is
collected accurately at the right time.
https://www.rfpage.com/what-are-the-major-components-of-internet-of-things/ 9 /59
 IoT Data Analytics
UoNA-INST560 – Internet of Things (IoT)

• Big enterprises use the massive data collected from IoT devices
and utilize the insights for their future business opportunities.

• Careful analysis will help organizations to predict trends in the

market and plan for a successful implementation.

• Information is very significant in any business model and

predictive analysis ensures success in concerned area of
business line.

• The three main classes of IoT analytics: predictive analytics,

real-time analytics and descriptive analytics.
https://www.rfpage.com/what-are-the-major-components-of-internet-of-things/ 10 /59
 Major challenges in IoT data analytics
UoNA-INST560 – Internet of Things (IoT)

• The primary challenge of IoT data

is its real-time nature.

• By 2025, 30% of all data will be

real-time, with IoT accounting for
nearly 95% of it, 20% of all data
will be critical and 10% of all data
will be hypercritical.

• Analytics will have to happen in

real-time for companies to benefit
from these types of data.
11 /59
 3 Major Uses Cases of IoT Analytics
UoNA-INST560 – Internet of Things (IoT)

12 /59
UoNA-INST560 – Internet of Things (IoT)

https://www.rfpage.com/what-are-the-major-components-of-internet-of-things/ 13 /59
 IoT Analytics: Customer Product Utilization Analysis for Marketing
UoNA-INST560 – Internet of Things (IoT)

14 /59
 Topics for Internet of Things Analytics
UoNA-INST560 – Internet of Things (IoT)

• Real-time data processing and analysis for IoT applications

• Machine learning techniques for predicting IoT device failures and

malfunctions

• Data visualization and reporting tools for IoT analytics

• Edge computing and distributed analytics for IoT systems

• Predictive maintenance and quality control in manufacturing using

IoT analytics

• Smart city applications of IoT analytics, such as traffic

management and energy optimization

• Privacy and ethical considerations in IoT analytics

15 /59
 What is "IoT Analytics"
UoNA-INST560 – Internet of Things (IoT)

• IoT Analytics is the practice of collecting, processing,

analyzing, and deriving insights from the data generated by
IoT devices.

• With the rapid proliferation of connected devices, such as

sensors, smart appliances, and wearables, there is an
enormous amount of data being generated in real-time.

• IoT Analytics helps to make sense of this data and extract

valuable insights that can be used to improve business
operations, enhance customer experiences, and drive
innovation.
16 /59
 IoT Analytics Techniques
UoNA-INST560 – Internet of Things (IoT)

• IoT Analytics involves the use of various data analysis

techniques, such as data mining, machine learning, and
artificial intelligence, to identify patterns, detect
anomalies, and make predictions based on the data
collected from IoT devices.

• These insights can be used to optimize performance,

improve efficiency, and reduce costs across a wide
range of industries, including manufacturing,
healthcare, transportation, and energy.
17 /59
 IoT Analytics Platforms
UoNA-INST560 – Internet of Things (IoT)

• IoT Analytics platforms typically provide a range

of tools and capabilities for data collection,
storage, processing, visualization, and
reporting, as well as integration with other
systems and applications.

• Some popular IoT Analytics platforms include

AWS IoT Analytics, Microsoft Azure IoT Analytics,
and IBM Watson IoT Analytics.
18 /59
 What is Real-Time Data Analytics
UoNA-INST560 – Internet of Things (IoT)

• Real-time analytics solutions based on the innovative streaming database

support complex query and analysis operations.

• You can query materialized views with simple SQL statements to gain real-time
data insights, leverage data value, and make instant business decisions.

• Real-time analytics are already being used in a wide range of business

applications, including cracking down on fake news and helping police make
cities safer.

• Real-time applications of IoT are Healthcare, Industrial Use, Smart Homes,

Smart City, Agriculture, Smart Supply Chain, Retail Purpose and Transportation.

• Smart city applications of IoT analytics, such as traffic management and energy
optimization.

• Privacy and ethical considerations in IoT analytics.

https://www.youtube.com/watch?v=kQV8XAPLFxo 19 /59
 How machine learning can be used in
IoT?
UoNA-INST560 – Internet of Things (IoT)

• Machine learning techniques for predicting IoT

device failures and malfunctions.

• Machine learning for IoT can be used to project

future trends, detect anomalies, and augment
intelligence by ingesting image, video and audio.

• Machine learning can help demystify the hidden

patterns in IoT data by analyzing massive volumes
of data using sophisticated algorithms.
20 /59
 How is data visualization used in IoT?
UoNA-INST560 – Internet of Things (IoT)

• IoT visualization tools help humans

comprehend the volume, velocity, variety, and
veracity of IoT data being ingested by IoT
analytics platforms.

• Visual metaphors are an easily consumed,

universal language that is significantly more
effective at conveying information than text
alone. 21 /59
 What is edge analytics in IoT?
UoNA-INST560 – Internet of Things (IoT)

•Edge analytics is the process

of analyzing data and finding
solutions at the edge, where
data is collected via smart
devices and IoT sensors.
22 /59
 Analytical IoT challenges
UoNA-INST560 – Internet of Things (IoT)

• Data Collection: The sheer volume of data generated by IoT devices can be overwhelming,
making it a challenge to collect and store data efficiently.

• Data Quality: The data generated by IoT devices may be incomplete, inaccurate, or
inconsistent.

• Real-Time Analytics: IoT devices generate data in real-time, which means that the analytics
must also be performed in real-time to be effective.

• Security: IoT devices are often connected to a network, which makes them vulnerable to cyber
attacks.

• Integration with Legacy Systems: Many organizations have legacy systems that may not be
compatible with IoT devices or analytical IoT systems.

• Scalability: As the number of IoT devices continues to grow, analytical IoT systems must be
able to scale to accommodate the increasing amount of data generated.

• Interpretation and Visualization: Analyzing large amounts of data generated by IoT devices can
be challenging, and interpreting the data in a meaningful way may require specialized skills.

23 /59
 Introduction: IoT Security
UoNA-INST560 – Internet of Things (IoT)

• IoT security is the practice that keeps your IoT systems

safe.

• IoT security tools protect from threats and breaches,

identify and monitor risks and can help fix vulnerabilities.

• IoT security ensures the availability, integrity, and

confidentiality of your IoT solution.

• All the major components of IoT including hardware,

software and connectivity will all need to be secure for
IoT objects to work effectively.

• Without security for IoT, any connected object, from

refrigerators to manufacturing bots, can be hacked. main

24 /59
 Major Components of Internet of Things
UoNA-INST560 – Internet of Things (IoT)

IoT SECURITY
+
25 /59
 Introduction: IoT Security
UoNA-INST560 – Internet of Things (IoT)

• The U.S. Department of Defense has promulgated the

Five Pillars of Information Assurance model that includes
the protection of confidentiality, integrity, availability,
authenticity, and non-repudiation of user data.

• It is important to not only secure the endpoints &

networks but also the data which is transferred across
the network by creating a security paradigm.

• To protect IoT devices and platforms, security

technologies will be required for both information
attacks and physical damaging, to encrypt their
communications, and to address new challenges.

• The business world of tomorrow needs IoT Data

Analytics.

26 /59
 Introduction to IoT Security (1/6)
UoNA-INST560 – Internet of Things (IoT)

IoT Security is an
on-demand cloud
subscription
service designed
to discover and
protect the
growing number
of connected
“things” on your
network.
https://docs.paloaltonetworks.com/iot/iot-security-admin/iot-security-overview/introduction-to-iot-security 27 /59
 Introduction to IoT Security (2/6)
UoNA-INST560 – Internet of Things (IoT)

• IoT security is the practice that keeps your IoT systems safe.

• IoT security tools protect from threats and breaches, identify and monitor risks
and can help fix vulnerabilities.

• IoT security ensures the availability, integrity, and confidentiality of your IoT
solution.

• Unlike IT devices such as laptop computers that perform a wide variety of tasks,
IoT devices tend to be purpose-built with a narrowly defined set of functions.

• As a result, IoT devices generate unique, identifiable patterns of network

behavior.

• Using machine learning and AI, IoT Security recognizes these behaviors and
identifies every device on the network, creating a rich, context-aware inventory
that’s dynamically maintained and always up to date.
28 /59
 Introduction to IoT Security (3/6)
UoNA-INST560 – Internet of Things (IoT)

• After it identifies a device and establishes a baseline of its normal network

activities, it continues monitoring its network activity so it can detect any
unusual behavior indicative of an attack or breach.

• If it detects such behavior, IoT Security notifies administrators through

security alerts in the portal and, depending on each administrator’s
notification settings, through email and SMS notifications.

• IoT Security also uses those behaviors and device identities to

automatically generate security policy rule recommendations that allow IoT
devices to continue doing normal network activities and block them from
doing anything unusual.

• Panorama or next-generation firewalls can then import these policy rules

and enforce them.
29 /59
 Introduction to IoT Security (4/6)
UoNA-INST560 – Internet of Things (IoT)

• The firewall collects metadata from the network

traffic of IoT devices, generates Enhanced Application
logs (EALs), and forwards them to the logging
service.

• The IoT Security cloud then extracts metadata from

these logs for analysis and employs AI and machine-
learning algorithms to detect and identify IoT devices
using its patented three-tier deep-learning engine:

• Tier 1: Device category

• IoT Security first identifies the category to which an

IoT device belongs. For example, it might identify
network behaviors common to all security cameras.

30 /59
 Introduction to IoT Security (4/6)
UoNA-INST560 – Internet of Things (IoT)

• Tier 2: Device profile

• IoT Security next constructs a profile of the

device, learning its vendor, make, and model.
For example, it might discover that the camera
behaves in ways that uniquely identify it, such
as checking a particular server for software
updates for example.

• Tier 3: Device instance

• IoT Security continues its analysis until it

discerns behaviors unique to a specific
instance of the identified security camera.
31 /59
 Introduction to IoT Security (5/6)
UoNA-INST560 – Internet of Things (IoT)

• IoT Security looks at over 200 parameters in network traffic metadata, including DHCP
option 55 parameter lists, HTTP user agent IDs, protocols, protocol headers, and a host of
others.

• It matches the network traffic patterns of new devices with those of previously identified
devices to identify the same types or similar types of devices, even those it is
encountering for the first time.

• Depending on various factors such as how much network traffic IoT devices generate and
how varied their behavior patterns are, IoT Security typically identifies most IoT devices
with a high level of confidence during the first day it starts accessing metadata from the
logging service.

• After that, IoT Security continues to increase the number of confidently identified devices
until it identifies all or nearly all of them.

• During this time, you can log in to the IoT Security portal to check that the device
inventory is being populated and monitor its progress.
32 /59
 Introduction to IoT Security (6/6)
UoNA-INST560 – Internet of Things (IoT)

• In addition to using machine learning (ML) to observe

network traffic and extract various attributes to
identify devices and detect anomalous behaviors, IoT
Security employs an ML-based model to check for SQL
content injected into HTTP URLs, a technique commonly
used in SQL vulnerability exploits.

• By using an ML-based model instead of a model based

on rules, IoT Security can find certain patterns of
injected SQL content even without specific signatures.
33 /59
 Topics for Internet of Things Security
UoNA-INST560 – Internet of Things (IoT)

• Best practices for securing IoT devices and networks

• Secure communication protocols for IoT systems

• Authentication and access control mechanisms for IoT devices

• Cyber threat detection and prevention in IoT systems

• IoT security in healthcare applications, such as patient

monitoring and medical devices

• Legal and regulatory frameworks for IoT security and privacy

• The role of blockchain in securing IoT systems.

34 /59
 What is "IoT Security"
UoNA-INST560 – Internet of Things (IoT)

• IoT security refers to the practice of safeguarding the

connected devices, networks, and data involved in
IoT systems from cyber threats and unauthorized
access.

• With the proliferation of IoT devices in homes,

workplaces, and public spaces, the need for robust
security measures to protect sensitive information
and prevent cyber-attacks has become increasingly
critical.
35 /59
 What is "IoT Security"
UoNA-INST560 – Internet of Things (IoT)

• Some of the main challenges in implementing effective

IoT security include the large number of diverse
devices, the lack of standardization in security
protocols, and the difficulty of updating and patching
devices with security vulnerabilities.

• As a result, there is a growing need for industry-wide

collaboration and standardization in IoT security
practices and technologies to ensure that IoT systems
can be trusted and secure.
36 /59
 IoT Security Technologies
UoNA-INST560 – Internet of Things (IoT)

• IoT security involves a range of technologies and

practices aimed at protecting IoT devices, networks,
and data from a wide range of cyber threats, including
malware, phishing attacks, denial-of-service attacks,
and hacking attempts.

• These measures can include secure communication

protocols, encryption, access control, user
authentication, intrusion detection and prevention
systems, and regular software updates.
37 /59
 Best practices to improve your IoT
security
UoNA-INST560 – Internet of Things (IoT)

• Track and manage your devices.

• Consider patching and remediation efforts.

• Update passwords and credentials.

• Use up-to-date encryption protocols.

• Conduct penetration testing or evaluation.

• Understanding your endpoints.

• Segment your network.

• Use multi-factor authentication.

38 /59
 What are the protocols for secure
communications?
UoNA-INST560 – Internet of Things (IoT)

• Maintaining the communication secure and reliable, there is a

need of identifying the protocols against the requirement of the
application and attacks on IoT devices and most important
producing a defense mechanism against them.

• For maintaining and building this complex network, there is a

requirement of architecture.

• Cryptographic protocols provide secure connections, enabling

two parties to communicate with privacy and data integrity.

• The Transport Layer Security (TLS) protocol evolved from that of

the Secure Sockets Layer (SSL).
39 /59
 What are the authentication mechanisms for IoT
devices?
UoNA-INST560 – Internet of Things (IoT)

• For servers, the answer is to program their

firmware with an endpoint to which IoT
devices will connect and a public certificate
for either the server itself or an
appropriate CA.
• The IoT devices are then programmed to
trust this server certificate.
40 /59
 What are threats and security in IoT?
UoNA-INST560 – Internet of Things (IoT)

• This could include accessing private

information, stealing money or data, or
attacking critical infrastructure systems.
• IoT security threats come in a variety of
forms, from simple password breaches to
more sophisticated attacks that exploit
vulnerabilities in IoT devices.
41 /59
 What is privacy and security in IoT?
UoNA-INST560 – Internet of Things (IoT)

• Internet of Things privacy is the special

considerations required to protect the
information of individuals from exposure in the
IoT environment, in which almost any physical
or logical entity or object can be given a
unique identifier and the ability to
communicate autonomously over the Internet
or similar network.
42 /59
 What are IoT Security challenges
UoNA-INST560 – Internet of Things (IoT)

• IoT challenges" refer to the various

difficulties and obstacles that arise during
the implementation, deployment, and
operation of IoT systems including
Security, Interoperability, Scalability,
Power Consumption, Data Management,
Privacy, Cost and Regulatory Compliance.
43 /59
 IoT Security
UoNA-INST560 – Internet of Things (IoT)

• The Internet of Things has immense potential

to change the world, but its design is full of
flaws that put at risk security and privacy.

• As all-new areas of life are connected to

digital networks, those areas are exposed to
cyberattacks from entirely new angles.

• However, that immense potential carries with

its immense risk, much research has been
done to identify these weaknesses.
44 /59
 IoT Security
UoNA-INST560 – Internet of Things (IoT)

• In order to prevent these harms and

bring the potential gains into reality,
significant effort must be put into
protecting security and privacy.
• We should know the nature of
security and privacy, the current
weaknesses in the IoT field, real-
world security and privacy.

45 /59
 IoT Security/Privacy Weaknesses
UoNA-INST560 – Internet of Things (IoT)

• Poor Cybersecurity Design

• More and more devices are gaining network functionality that were nowhere
near the Internet before. While this creates immense potential for gains, it also
means that many IoT devices are being built by companies with little to no
cybersecurity experience.

• The result, as expected for beginners, is a host of severe fundamental

cybersecurity flaws:
• Unnecessary Open Ports

• No Transport Encryption

• Backdoors

• Insecure Root Accounts

• No Strong Password Mandate or even Password Change Mandate

46 /59
 IoT Security/Privacy Weaknesses
UoNA-INST560 – Internet of Things (IoT)

• Limited Resources
• IoT devices are not meant to perform the tasks of a full computer but connect to a
network & enhance the device’s primary functionality.

• As a result, IoT devices are built with far less processing power, energy, memory,
and communications bandwidth than traditional computers.

• While it’s obviously unreasonable to expect smart lightbulbs to have the capacity
of a desktop tower, the current situation renders many standard cybersecurity
techniques effectively unusable

• Traditional cybersecurity strategies were developed with resource-rich standard

computers in mind.

• IoT devices and cybersecurity must meet in the middle, improving hardware and
developing lighter weight variants of cybersecurity mainstays.
47 /59
 IoT Security/Privacy Weaknesses
UoNA-INST560 – Internet of Things (IoT)

• Financial Incentives
• IoT device developers may have significant financial incentive not to make
the needed improvements; security costs money, which raises the price of
their products, meaning their competitors can undercut them.

• It’s in their interest to reduce the complexity and time-to-market of their

devices, especially low-margin high-volume devices, such as smart lightbulbs.

• Security and privacy can be selling points, but that requires a certain level of
security consciousness in the general public, which is often lacking for new
fields like IoT; after all, who ever heard of hacking a lightbulb?

• Unfortunately, public security consciousness usually only increases after a

highly public security breach.
48 /59
 IoT Security/Privacy Weaknesses
UoNA-INST560 – Internet of Things (IoT)

• Frustrating Security Management

• Not only do many IoT devices have insufficient security, but they also often make it
overly difficult to manage the security they do have.

• Many IoT devices offer users little ability to see “backstage” and review its functionality.

• This makes it difficult to keep track of data collection or the warning signs of a
compromise.

• Devices have also been built in a way that makes updating or upgrading almost
impossible.

• Example: Fiat issued a recall of 1.4 million cars due to a security flaw.

• The bug could only be patched by either taking the car to the dealership or doing it
yourself with a USB.

• This no doubt led many to simply ignore it, as nothing was visibly wrong with the car.
49 /59
 IoT Security/Privacy Weaknesses
UoNA-INST560 – Internet of Things (IoT)

• IoT Heterogeneity
• IoT is a relatively young field, with several technical factors that prevent direct
importation of proven cybersecurity standards.

• This lack of standards has resulted in a vast, incoherent patchwork of different

IoT hardware and software, impeding the development of effective security
solutions.

• Further, the lack of standards has led to a wide array of closed-source “black
box” systems, creating more security development problems as well as
encouraging “security through obscurity” policies, which have long been
discredited.

• Mismatching systems also compromise security due to overlaps and unnecessary

ports increasing the attack surface.
50 /59
 IoT Security/Privacy Weaknesses
UoNA-INST560 – Internet of Things (IoT)

• Insufficient Privacy Focus

• IoT devices have unprecedented omnipresence and reach, making them
massive potential threats to privacy. Despite this, there is not enough
emphasis on privacy protection in the field today.

• This is not a IoT specific issue; many tech engineers neglect privacy or
don’t consider it part of their job.

• It’s particularly dangerous in IoT, however, because IoT has so much

potential as a threat to privacy.

• IoT must embrace privacy by design, where privacy is considered from

day one and privacy-enhancing measures are built into the foundations.

51 /59
 What is trust in IoT?
UoNA-INST560 – Internet of Things (IoT)

• Trust is the oxygen which will

breathe life into the internet
of things.

• Industry needs to show data is

safe and that it is properly
treated.

• Otherwise, we endanger the

potential of the IoT
52 /59
 Security Best Practices (1/4)
UoNA-INST560 – Internet of Things (IoT)

• Securing the network involves all the protocols, technologies,

devices, tools, and techniques that secure data and mitigate
threats.

• Network security is largely driven by the effort to stay one

step ahead of ill-intentioned hackers.

• Just as medical doctors attempt to prevent new illnesses

while treating existing problems, network security
professionals attempt to prevent potential attacks while
minimizing the effects of real-time attacks. Networks are
routinely under attack.
53 /59
 Security Best Practices (2/4)
UoNA-INST560 – Internet of Things (IoT)

• It is common to read in the news about yet another

network that has been compromised.

• Security policies, procedures, and standards must be

followed in the design of all aspects of the entire
network.

• This should include the cables, data in transit, stored

data, networking devices, and end devices.

• Some security best practices are listed in the next

slide.
54 /59
 UoNA-INST560 – Internet of Things (IoT)
Security Best Practices (3/4)

55 /59
 UoNA-INST560 – Internet of Things (IoT)
Security Best Practices (4/4)

56 /59
 Physical Security (1/3)
UoNA-INST560 – Internet of Things (IoT)

• Today’s data centers store vast quantities of sensitive,

business-critical information; therefore, physical security
is an operational priority.

• Physical security not only protects access to the

premises, but also protects people and equipment.

• For example, fire alarms, sprinklers, seismically-braced

server racks, and redundant heating, ventilation, and air
conditioning (HVAC) and UPS systems are in place to
protect people and equipment.
57 /59
 Physical Security (2/3)
UoNA-INST560 – Internet of Things (IoT)

• Figure one shows a representation of a

data center.

• Physical security within the data center

can be divided into two areas, outside and
inside.
• Outside perimeter security - This can include
on-premise security officers, fences, gates,
continuous video surveillance, and security
breach alarms.

• Inside perimeter security - This can include

continuous video surveillance, electronic
motion detectors, security traps, and
biometric access and exit sensors. Figure
one
• Security traps provide access to the data
halls
58 /59
 Physical Security (3/3)
UoNA-INST560 – Internet of Things (IoT)

• Security traps provide access to the data

halls where data center data is stored. As
shown in Figure 2, security traps are like an
air lock. A person must first enter the
security trap using their badge ID proximity
card. After the person is inside the security Figure
trap, facial recognition, fingerprints, or 2

other biometric verifications are used to

open the second door. The user must
repeat the process to exit the data hall.

• Figure 3 displays the biometric

requirements at the Cisco Allen Data
Center, in Allen, Texas.
Figure
3
59 /59
 UoNA-INST560 – Internet of Things (IoT)
Data Center Physical Security

60 /59
 Challenges of Securing IoT devices (1/2)
UoNA-INST560 – Internet of Things (IoT)

• IoT devices are developed with the

necessary network connectivity
capabilities but often do not
implement strong network security.

• Network security is a critical factor

when deploying IoT devices. Methods
must be taken to ensure the
authenticity, integrity, and security
of the data, the path from the sensor
to the collector, and the connectivity
to the device.
61 /59
 Challenges of Securing IoT devices (2/2)
UoNA-INST560 – Internet of Things (IoT)

62 /59
 Safe Wi-Fi Usage (1/3)
UoNA-INST560 – Internet of Things (IoT)

• Wireless networks are popular in

all types and sizes of businesses
because they are easy to set up
and convenient to use. For
employees and guests, the
company needs to deliver a
wireless experience that enables
mobility and security.

• If a wireless network is not

properly secured, hackers within
range can access it and infiltrate
the network.

• The figure outlines the steps to

take to help to protect a wireless
network. Select each step for
more information.
63 /59
 UoNA-INST560 – Internet of Things (IoT)
Safe Wi-Fi Usage (2/3)

64 /59
 UoNA-INST560 – Internet of Things (IoT)
Safe Wi-Fi Usage (3/3)

65 /59
 UoNA-INST560 – Internet of Things (IoT)
Protected Devices (1/2)

66 /59
 UoNA-INST560 – Internet of Things (IoT)
Protected Devices (2/2)

67 /59
 Top 10 IoT vulnerabilities
UoNA-INST560 – Internet of Things (IoT)

• Weak, guessable, or hardcoded passwords. ...

• Insecure network services. ...

• Insecure ecosystem interfaces. ...

• Lack of secure update mechanisms. ...

• Use of insecure or outdated components. ...

• Insufficient privacy protection. ...

• Insecure data transfer and storage. ...

• Lack of device management.

• Insecure default settings

• Lack of physical hardening

networkworld.com/article/3332032/top-10-iot-vulnerabilities.html 68 /59
 Security in IoT vs IT
UoNA-INST560 – Internet of Things (IoT)

• IoT applications require a stricter security due to potential

to cause injury and drastic accidents leading to fatalities.

https://www.wired.com/2015/07/hackers- https://www.forbes.com/sites/
remotely-kill-jeep-highway/ leemathews/2021/02 /15/florida-
water-plant-hackers-exploited-
oldsoftware-and-poor-password-
https://courses.sidnlabs.nl/ssi-2022/slides/lecture2.pdf habits/
69 /59
 UoNA-INST560 – Internet of Things (IoT)
Components of IoT Security

70 /59
 IoT Security Challenges
UoNA-INST560 – Internet of Things (IoT)

• Several of the areas within the topic of security that the Internet of
Things intersects, there's of course, cyber security related to the IoT
devices themselves.

• Trying to secure those devices from intrusion and trying to secure

networks from the IoT devices that are connected to them.

• Both IoT device manufacturers and network operators consider how to

reduce and secure their attack surfaces or entry points.

• They also consider how to mitigate attack vectors or paths that an

attacker might take once compromising an initial system.

• Then how devices on the network might interact with one.

71 /59
 IoT Security Challenges
UoNA-INST560 – Internet of Things (IoT)

• Another topic is data privacy and sovereignty this touches upon

keeping valuable information out of the wrong hands.

• This of course overlaps with Regulatory Compliance issues which

are increasingly on people's minds today.

• IoT devices themselves might need to be secured from theft or

they are often used to secure other assets from theft.

• So, we think of like asset trackers or vehicle trackers things like

that, those are trying to secure other assets from theft.

• Additionally, IoT devices often play a role in securing a physical

premises we think.
72 /59
 IoT Security Challenges
UoNA-INST560 – Internet of Things (IoT)

• We can think of Access Control Systems alarm systems Etc.

• Moreover, there are sometimes inner various interactions

between these different areas of security.

• For example, an IoT device that uses a GPS receiver or camera

for assisting with asset security, might necessitate certain
privacy requirements because of the sensitive nature of some
of the data that's being gathered, and the premises that's
protected by an Internet connected device might be
concerned with the cyber security of, for example, the door
access or alarm systems.
73 /59
 IoT Security Challenges
UoNA-INST560 – Internet of Things (IoT)

• You know, nobody wants like in the movies a Components of Security

theatrical hacker bank heist to come in and

take down their business's physical security.

• So, these because of IoT’s role in some of

these systems, and some of the unique
aspects of IoT, often there are interactions
between these various areas.

• So, because of some of the uniqueness of

IoT, there are various challenges and
opportunities.
74 /59
 IoT Security Challenges
UoNA-INST560 – Internet of Things (IoT)

• So compared to Conventional Computer and Network

Security, the Internet of Things is unique in several
security topics, but other topics become basically
magnified in their importance because of IoT.

• There are several challenges that people face when it

comes to IoT security.

• This is what we often hear about too everyone's talking

about how bad IoT security is, or whatever, and have
been for years.
75 /59
 IoT Security Challenges
UoNA-INST560 – Internet of Things (IoT)

• So, let's talk about some of these challenges.

• Sometimes devices are resource constrained, or they

have intermittent connectivity, or are in even remote
locations, these can make it very difficult to be able to
update devices with security patches.

• If a device isn't always connected and the latest patch

comes out or if it's in a remote location or connected
for a few seconds, it can be hard to roll out some sort
of a software update.
76 /59
 IoT Security Challenges
UoNA-INST560 – Internet of Things (IoT)

• Additionally, IoT devices are often running software

much different than a conventional computer or mobile
device and their use cases present unique needs and
unique risks.

• So. Network operators can often be unaware of the

nuances of the individual IoT devices that are on their
networks, and IoT device manufacturers do not always
know about other systems that will be present on the
same network as their devices.

• This lack of understanding and coordination between

like IoT device makers, Network operators, other IoT
device makers that might be on the same network, that
can really undermine a security program ultimately.
77 /59
 IoT Security Challenges
UoNA-INST560 – Internet of Things (IoT)

• In the case of wearables, devices are always on, and they're always on you,
and they're Gathering potentially sensitive data such as location, Health vitals
notifications Etc.

• This makes the data potentially very personal that device is collecting and
that's traversing the network it's connected to, and unlike conventional
computers that you know maybe collect dust on a desk somewhere connected
vehicles and Internal medical devices present unique security challenges and
considerations, because human safety is also affected by their unimpeded
operation and integrity.

• So, when your heart know is connected to the internet, hackers hacking your
bank, might be the least of your worries because your kind of walking around
thinking is this device inside of me secure, and what happens if it gets
intruded.
78 /59
 IoT Security Challenges
UoNA-INST560 – Internet of Things (IoT)

• Connected home devices, you know, these could become something

almost like a big brother, they could be listening in, or they could give
hackers control of heating systems appliances security systems, door
locks Etc.

• So, with IoT we're essentially connecting a computer to some sort of

an actuator that allows the computer to act upon people or the
physical environments around.

• So, we need to consider that those actuators could become the hands
and feet of an attacker and that's essentially the gist of why there are
some unique considerations with IoT security, because IoT security
really intersects physical security and sometimes human safety.
79 /59
 IoT Security Challenges
UoNA-INST560 – Internet of Things (IoT)

• An example of IoT becoming an attack Vector, for further attacks,

for instance occurred when one retail Giant, had their credit card
data stolen from their cash registers, after hackers had first
obtained unauthorized access to their HVAC system.
• So, you know I bet you that the credit card processor and the
HVAC company both claimed very much surprised, that their
equipment existed on the same score networks, and were exposed
to one another, and probably we're trying to point fingers at each
other too, about how they could have secured the devices better.
• So, that kind of gets into just one of the aspects of IoT device
security that I think is important to keep in mind.
HVAC (Heating, Ventilation, and Air 80 /59
 IoT Security Challenges
UoNA-INST560 – Internet of Things (IoT)

• That is isolation, is an important goal, isolating IoT devices from

other devices on a network, Including other IoT devices is
important for reducing these attack vectors.
• The problem is that this can really require significant coordination
and mutual understanding between vendors and IT, in the cases of
general purpose hardwired or inbuilding wireless networks.
• You can tack on intrusion detection systems on these networks to
try to detect anomalies, but at the end of the day, if the network
operator doesn't understand it has a general-purpose Network,
that's largely wide open, and doesn't understand the unique
needs of the IoT devices.
81 /59
 IoT Security Challenges
UoNA-INST560 – Internet of Things (IoT)

• The IoT device manufacturers aren't communicating those back,

that can be a problem.
• So of course, purpose-built cellular IoT networks can be a
solution that can be a great way to basically take your devices,
isolate them, place them on networks that are purpose built for
IoT, and not put them on general purpose, like local building
networks.
• If a device has its own cellular connectivity bundled inside of it
for example, the IT departments and IoT device manufacturers
don't necessarily have to trust one another, because they're not
using the same networks to begin with. 82 /59
 IoT Security Challenges
UoNA-INST560 – Internet of Things (IoT)

• So, that kind of takes us into other areas for opportunities, for
Innovation, unfortunately you know as we usually hear about
these worst-case scenarios, the badness of IoT security, or the
challenges.
• Those conversations don’t really do IoT justice, for how IoT can
actually play an important role in enhancing the lives of people.
• This includes enhancing their security and safety.
• The ubiquity of IoT, which can present security challenges also
means that IoT has a unique viewpoint on our environments,
and lives.

83 /59
 IoT Security Challenges
UoNA-INST560 – Internet of Things (IoT)

• For example, connected alarms connected smoke detectors,

these are simple examples, but you know it's very easy to
imagine how these improve lives Safety.
• Security they can automatically dispatch Emergency
Services shave off critical response times Etc.
• So, you know these are examples that were really used to.
• They're common examples in our environments of IoT, even
though it's a connected device, it's in our environment, it's
enhancing our Lives, we might not even think of those at
times.
84 /59
 IoT Security Challenges
UoNA-INST560 – Internet of Things (IoT)

• Moreover at least, once you get past, like basic level security like firewalling, isolation
keeping systems patched, things like that, many cyber security incidents, can actually
be prevented if there’s additional context available during authentication and
authorization.
• So, everyone's probably familiar with like two-factor authentication for example, where
we're using our phone, or a little code generator, and when we log into a bank, we log
into our email, we're presented with a prompt for a password, but also this two-factor
auth code right, that's a perfect example of this idea of having additional context.
• So, in the case of two-factor authentication, you pair something you know like a
password with something you have like a phone or a code generator.
• So that A system can differentiate between a mirror imposter, who stole your password
from the actual you, okay.
• So, kind of taking this a little further and back to IoT, here's a really interesting
example that I like.

85 /59
 IoT Security Challenges
UoNA-INST560 – Internet of Things (IoT)

• So, from at least, as back as at least as early as 2016 possibly, a little bit
earlier than that, some banks started looking at consumer cellular providers,
to see if they could coordinate their data, their intense amounts of data,
about consumer Behavior, to help prevent credit card fraud.
• They realized that, can the consumer usually have their phone on them, or
near them, and that even knowing that Rough Country, or rough area of a
cell tower that a person's phone was connected to, at the time of a credit
card transaction.
• Having that information, it could be very useful context, with that additional
location context, Banks could compare that to the location of a merchant,
and basically get a very good sense of if this transaction looked like that of a
stolen card, or card number or is it occurring somewhere in the vicinity of
where this consumer is located.
86 /59
 IoT Security Challenges
UoNA-INST560 – Internet of Things (IoT)

• So that's like a simple example its more consumer based.

• Let's think of what IoT devices offer us Beyond location awareness.
• So even just with location awareness a lot of security enhancements can be made.
• A home can know if its owner has returned, and a stolen vehicle can be located easily
but IoT devices often collect other types of data from various onboard sensors.
• IoT is ubiquitous, and IoT is collecting vast amounts of data, and that's only
increasing, so the amount of data that IoT generates on us our environments, used
intelligently presents a huge opportunity to enhance security and safety by adding
this contextual awareness, by knowing what's going on in an environment or with an
individual, we can build solutions that improve and enhance lives.
• Anomalous Behavior can be better detected with this context, which can be used to
help detect and mitigate even zero-day vulnerabilities, emergent threats that are not
yet discovered.

87 /59
 Major Components of IoT – User Interface
UoNA-INST560 – Internet of Things (IoT)

IoT SECURITY
+
88 /59
 IoT User interfaces
UoNA-INST560 – Internet of Things (IoT)

• User interfaces are the visible, tangible part of the IoT

system which can be accessible by users.

• Designers will have to make sure a well-designed user

interface for minimum effort for users and encourage more
interactions.

https://www.rfpage.com/what-are-the-major-components-of-internet-of-things/ 89 /59
 User interfaces
UoNA-INST560 – Internet of Things (IoT)

• Modern technology offers

much interactive design to
ease complex tasks into simple
touch panels controls.

• Multicolor touch panels have

replaced hard switches in our
household appliances and the
trend is increasing for almost
every smart home devices.
https://www.rfpage.com/what-are-the-major-components-of-internet-of-things/ 90 /59
 User interfaces
UoNA-INST560 – Internet of Things (IoT)

• User interface design has higher

significance in today’s competitive
market, it often determines the
user whether to choose a
particular device or appliance.

• Users will be interested to buy

new devices or smart gadgets if it
is very user friendly and
compatible with common wireless
standards.
https://www.rfpage.com/what-are-the-major-components-of-internet-of-things/ 91 /59
 Conclusions
UoNA-INST560 – Internet of Things (IoT)

• The IoT will fundamentally reshape our lifestyles and social relationships.

• The effect on the economy is already tangible, even if the IoT is still in its
infancy.

• The task for policymakers is thus to create an environment which helps

the IoT realize its full potential for the benefit of the whole of society.

• The correct solutions for IoT security and privacy depends on the size of
ecosystems that you are designing and what kind of connections, data
and devices are involved.

• Use secured connections if the IoT data in ecosystem is sensitive.

• This present is focused with fundamental aspects of the privacy and

security issues in IoT Ecosystems.
92 /59
 References and Videos
UoNA-INST560 – Internet of Things (IoT)

• Model-driven development of user interfaces for IoT systems via domain-specific components
and patterns

• https://jisajournal.springeropen.com/articles/10.1186/s13174-017-0064-1

• IoT Security Challenges (12 min)

• https://www.youtube.com/watch?v=zl2ZbdSeQVY&t=171s

• IoT Security Is Still Way Behind(22 min)

• https://www.youtube.com/watch?v=pKfDqI92hws

• Fredric Paul, ”Top 10 IoT vulnerabilities”, Network World, 2019

https://networkworld.com/article/3332032/top-10-iot-vulnerabilities.html

• Help Net Security, “Flaws in the design of IoT devices”, May 7, 2019
https://www.helpnetsecurity.com/2019/05/07/iot-design-flaws-identified/

• Lecture #2: IoT security risks and challenges

• https://courses.sidnlabs.nl/ssi-2022/slides/lecture2.pdf
93 /59