The IoT Architect's Guide to Attainable Security and Privacy
eBook - ePub

The IoT Architect's Guide to Attainable Security and Privacy

  1. 300 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

The IoT Architect's Guide to Attainable Security and Privacy

About this book

This book describes how to architect and design Internet of Things (loT) solutions that provide end-to-end security and privacy at scale. It is unique in its detailed coverage of threat analysis, protocol analysis, secure design principles, intelligent loT's impact on privacy, and the effect of usability on security. The book also unveils the impact of digital currency and the dark web on the loT-security economy. It's both informative and entertaining.

"Filled with practical and relevant examples based on years of experience... with lively discussions and storytelling related to loT security design flaws and architectural issues."— Dr. James F. Ransome, Senior Director of Security Development Lifecycle (SOL) Engineering, Intel

'There is an absolute treasure trove of information within this book that will benefit anyone, not just the engineering community. This book has earned a permanent spot on my office bookshelf."— Erv Comer, Fellow of Engineering, Office of Chief Architect Zebra Technologies

'The importance of this work goes well beyond the engineer and architect. The IoT Architect's Guide to Attainable Security & Privacy is a crucial resource for every executive who delivers connected products to the market or uses connected products to run their business."— Kurt Lee, VP Sales and Strategic Alliances at PWNIE Express

"If we collectively fail to follow the advice described here regarding loT security and Privacy, we will continue to add to our mounting pile of exploitable computing devices. The attackers are having a field day. Read this book, now."— Brook S.E. Schoenfield, Director of Advisory Services at IOActive, previously Master Security Architect at McAfee, and author of Securing Systems

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription.
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes! You can use the Perlego app on both iOS or Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Yes, you can access The IoT Architect's Guide to Attainable Security and Privacy by Damilare D. Fagbemi,David Wheeler,JC Wheeler in PDF and/or ePUB format, as well as other popular books in Computer Science & Cyber Security. We have over one million books available in our catalogue for you to explore.

Information

Publisher
CRC Press
Year
2019
Print ISBN
9781032475233
eBook ISBN
9781000762617
Edition
1
Topic
Computer Science
Subtopic
Cyber Security
Index
Computer Science

Part One

Chapter 1

How We Got Here

— The discovery of new truths
— Comfort and companionship
— The rush of excitement
— An increase in efficiency
. . . humanity’s lure.
— Damilare D. Fagbemi

1.1 We Forgot Security When Building the Internet

November 2, 1988, was a pivotal day in the history of the Internet. Do you recall what you were doing on that day? Few actually do. For us, as authors of this book on IoT security, it was amusing to think back to where we were, and the stark differences in our personal experiences. Damilare was the happy new arrival to a young Nigerian family and a few months away from his first words. He certainly had no clue as to the day’s significance in Internet history. And truth be told, the Internet had hardly arrived in Nigeria or many other parts of the world. Dave, on the other hand, was a college student at Grand Canyon University in the United States, majoring in Computer Science with an important deadline requiring the use of the VAX™ computer system on campus. For him, it is still a clear memory. On that fateful day, a Cornell University student name Robert Morris took down large segments of the Internet by introducing the first self-replicating software that travelled across networked computers.1 Although Dave and a few others have vivid recollections of the Morris Internet Worm, to the rest of the world, November 2, 1988, was just another day, three decades in the past, that they cannot exactly remember what occupied their time. There is a profound observation to be made by their memory lapses that has little to do with the amount of time that has passed.
Fast forward to October 21, 2016, when large areas of Europe and North America lost access to the Internet for a span of several hours. Investigation by security firms Flashpoint® and Akamai® security showed that a Distributed Denial-of-Service (DDoS) attack had been launched against Dyn™.2 As a DNS provider, Dyn provides to end users the service of mapping an Internet Domain Name to its corresponding Internet Protocol (IP) address. For example, a web browser uses this mapping service to convert a computer’s name entered in the address bar into a number corresponding to that computer’s unique address on the Internet. The attackers had sent tens of millions of bogus requests to Dyn, rendering Dyn unable to process valid requests. How had the attackers managed so many requests? They had infected millions of IoT devices such as cameras, printers, and baby monitors with malware, essentially creating a super network of machines obedient to the whims of the attackers. October 21, 2016, is etched in the memory of security professionals and computer scientists as the Mirai Botnet attack. But that day is also etched in the minds of millions of individuals and businesses that will not easily forget the day the Internet, Facebook®, and point-of-sale systems all went dark at the same time. The difference three decades makes on the dependence of networked systems is indeed profound.
Thanks to IoT, the Internet is fast becoming not only the lifeblood of our digital lives, but our physical lives as well, and it is still arguably in its infancy. Imagine what can happen when homes, self-driving cars, power grids, oil tankers, oil refineries, inventory control systems, distribution systems, medical devices, farms, and refrigerators all complete their transition to the Internet of Things? It’s a sobering thought.
Security was not a priority for the research students and professors who designed the ARPANET (the precursor to the Internet), and their security decisions have left an indelible mark on the Internet even to this day. In their defense, at the time, few computers were in existence and even less—about sixty thousand at the time Morris launched his worm—were connected to the Internet. Internet-connected computers were largely owned by research institutions and universities. Contrast that with today’s IoT ecosystem. Gartner® predicts that there will be 20.8 billion Internet-connected devices by 2020. Malware that is able to infect even a small fraction of such devices could have a major global effect.
The concern that keeps us, the authors, up at night, as well as many of our peers who we are honored to know and work with, is that security, more often than not, is still an afterthought in the development cycle. It is for this reason that we wrote this book. Our hope is to bring security to the forefront of the conversation when designing, building, and integrating IoT systems.

1.2 What’s This Book About and Who’s It For?

Of course no one book can cover the entirety of IoT security. After all, it is the Internet of Things, or quite literally, all the things connected to the Internet. Covering all of the Internet would make for an exhausting endeavor. We view this book as a tour through IoT security for the intermediate-level engineer or architect, covering IoT foundations, IoT systems architecture, IoT security concerns, threat analysis, and communications security analysis. Along the way, we provide our insights, experiences, and examples. Our goal is to drill down even further into critical IoT security topics in our blog.
If you are an architect seeking to know more about securing IoT systems, an engineer branching into IoT, or a technical marketing person wanting to educate your customers, this book is a great resource that we are confident will remain on your bookshelf for years to come.

1.3 Let’s Break Down the Book

This book is divided into three parts:
Part One provides an introduction to IoT systems, their uses, and their vulnerable nature.
The chapters in this section are:
  1. How We Got Here: In this chapter we introduce the Internet of Things, how it came about, why it exists, and its major components.
  2. The Castle and Its Many Gates: At this juncture, we begin to explore the inherent security concerns in IoT systems and the proper mindset of the security architect and engineer through the castle analogy. We use the castle analogy to discuss the attack surfaces of IoT systems.
  3. The IoT Security Economy: In this rather hair-raising trip into the dark side, we consider the regular economics of IoT and how cyber criminals subvert that economy to make money by compromising IoT systems. This leads us to consider the question, Why is security considered expensive for many IoT product companies?
Part Two has us rolling up our sleeves and diving into the technical analysis of the secure architecture and design of IoT systems of the future. This chapter is highly relevant for anyone who is building an IoT system.
The chapters in this section are:
  1. Architecting IoT Systems That Scale Securely: In this chapter, we take a deep dive into the various elements that make up an IoT system, such as the edge device, gateway, and cloud layers. We consider the constraints that are placed on IoT systems and finish up with an explanation of why security is hard in IoT systems.
  2. Security Architecture for Real IoT Systems: Securing any system requires careful analysis of the system, as well as of the attackers. This chapter reviews the processes and tools a security engineer uses to properly analyze and prepare an end-to-end IoT system to mitigate attacks and then walks through a threat-analysis exercise using an industrial factory example.
  3. Securing the IoT Cloud: Cloud computing represents a major attack surface for IoT solutions. As described earlier, cloud services process and make sense of inputs from IoT sensors and gateways. They also manage and provide instructions to gateways, sensors, and actuators. In this chapter, we use practical examples and illustrations to explore solutions to cloud security concerns that are particular to IoT use cases.
  4. Securely Connecting the Unconnected: IoT systems are nothing if they are not interconnected. We look at some of the most common communication protocols and discuss how to perform security analysis on protocols.
  5. Privacy, Pirates, and the Tale of a Smart City: This chapter takes a unique and captivating look at the digital privacy debate through the development of two realistic scenarios—one taking place in the present, and one in a smart city from the not-so-distant future.
  6. Privacy Controls in an Age of Ultra-Connectedness: The realities of privacy concerns in an ultra-connected world require workable strategies for designing and building privacy into IoT systems. Having looked at the evolving privacy challenges posed by the IoT, this chapter reviews the algorithms and software techniques used to preserve privacy. This chapter provides a balanced perspective of definitions, policies, legal protections, and controls.
  7. Security Usability: Human, Computer, and Security Interaction: An IoT system has many pieces, all of which must be securely managed. It isn’t enough to design security into a system; the administration of the system must also be done securely. What happens when an IoT system’s security features are too convoluted or unintuitive? History shows that system owners bypass or ignore them. How can we design secure access, network protections, and security administration features into IoT systems so that those systems are actually usable?
Part Three is the forward-looking section of the book. While analyzing the current state of IoT is important for today, we as security architects must also look to the future. What does the future hold for IoT, and how are IoT systems likely to change in the next 20...

Table of contents

  1. Cover
  2. Half Title
  3. Title Page
  4. Copyright Page
  5. Dedication
  6. Table of Contents
  7. Foreword
  8. Foreword
  9. Preface
  10. Acknowledgments
  11. About the Authors
  12. Part One
  13. Part Two
  14. Part Three
  15. Epilogue
  16. Index