The Internet Of Things ( Iot )

957 Words2 Pages

The internet of things (IoT) is the internetworking of physical devices, vehicles (also referred to as "connected devices" and "smart devices"), buildings and other items—embedded with electronics, software, sensors, actuators, and network connectivity that enable these objects to collect and exchange data.

3. Security concerns and vulnerabilities
“Yet as we connect more and more devices to the Internet, everything from the thermostat to the toilet to the front door itself may create a potential new opening for electronic intruders.” – MIT Technology Review, August 2013
• Data about usage can reveal whether a person is present at home or not
• Automated home system can be cracked into, allowing intruders entry into the home
• Video feeds of homes allow attackers access to private information about individuals

3.1 IoT Security: trends, problems and challenges

3.2 Security and Privacy Challenges for the Internet of Things

3.3 Unique Challenges for IoT Security
• IoT relies on microcontrollers with limited memory and computational power o This often makes it impractical to implement approaches designed for powerful computers o This in turn requires constrained IoT devices to be hidden behind secure gateways
• Threats based upon gaining physical access to IoT devices
• How to bootstrap trust and security, and ways that this can unravel
• Evolving technology o More powerful Systems on a Chip (SOC) embedding hardware security support o Ecliptic Curve Cryptography with reduced computational demands
• Anything that is exposed to the Internet must be securely software upgradable
• User experience must be good enough to avoid becoming a weak link in the chain
• The necessity of keeping up to date with security best practices
...

... middle of paper ...

...tainers (software), Trusted Platform Module, hardware co-processors, secure memory mapping and code execution crypto operations.

Virtualization-based security agent: Hypervisors in virtualized environment are widely used to enforce security policies transparently on enterprise and cloud applications in enterprise IT and cloud computing environments.
Gateway-based security agent: When security cannot be added to an endpoint, as is the case for legacy systems, a security gateway or bump-in-the-wire implementing the security agent function as a physically separate network node can be deployed to secure these type of endpoints and their communications. Because the security agent is not physically on the same endpoint that it protects, advanced security functions such as secure boot attestation or application whitelisting in that endpoint cannot be easily implemented.

Open Document