eBook - ePub
Practical Internet of Things Security
Design a security framework for an Internet connected ecosystem, 2nd Edition
Brian Russell, Drew Van Duren
This is a test
Buch teilen
- 382 Seiten
- English
- ePUB (handyfreundlich)
- Über iOS und Android verfügbar
eBook - ePub
Practical Internet of Things Security
Design a security framework for an Internet connected ecosystem, 2nd Edition
Brian Russell, Drew Van Duren
Angaben zum Buch
Buchvorschau
Inhaltsverzeichnis
Quellenangaben
Über dieses Buch
A practical, indispensable security guide that will navigate you through the complex realm of securely building and deploying systems in our IoT-connected world
Key Features
- Learn best practices to secure your data from the device to the cloud
- Use systems security engineering and privacy-by-design principles to design a secure IoT ecosystem
- A practical guide that will help you design and implement cyber security strategies for your organization
Book Description
With the advent of the Internet of Things (IoT), businesses have to defend against new types of threat. The business ecosystem now includes the cloud computing infrastructure, mobile and fixed endpoints that open up new attack surfaces. It therefore becomes critical to ensure that cybersecurity threats are contained to a minimum when implementing new IoT services and solutions.
This book shows you how to implement cybersecurity solutions, IoT design best practices, and risk mitigation methodologies to address device and infrastructure threats to IoT solutions.
In this second edition, you will go through some typical and unique vulnerabilities seen within various layers of the IoT technology stack and also learn new ways in which IT and physical threats interact. You will then explore the different engineering approaches a developer/manufacturer might take to securely design and deploy IoT devices. Furthermore, you will securely develop your own custom additions for an enterprise IoT implementation. You will also be provided with actionable guidance through setting up a cryptographic infrastructure for your IoT implementations. You will then be guided on the selection and configuration of Identity and Access Management solutions for an IoT implementation. In conclusion, you will explore cloud security architectures and security best practices for operating and managing cross-organizational, multi-domain IoT deployments.
What you will learn
- Discuss the need for separate security requirements and apply security engineering principles on IoT devices
- Master the operational aspects of planning, deploying, managing, monitoring, and detecting the remediation and disposal of IoT systems
- Use Blockchain solutions for IoT authenticity and integrity
- Explore additional privacy features emerging in the IoT industry, such as anonymity, tracking issues, and countermeasures
- Design a fog computing architecture to support IoT edge analytics
- Detect and respond to IoT security incidents and compromises
Who this book is for
This book targets IT Security Professionals and Security Engineers (including pentesters, security architects and ethical hackers) who would like to ensure the security of their organization's data when connected through the IoT. Business analysts and managers will also find this book useful.
Häufig gestellte Fragen
Wie kann ich mein Abo kündigen?
Gehe einfach zum Kontobereich in den Einstellungen und klicke auf „Abo kündigen“ – ganz einfach. Nachdem du gekündigt hast, bleibt deine Mitgliedschaft für den verbleibenden Abozeitraum, den du bereits bezahlt hast, aktiv. Mehr Informationen hier.
(Wie) Kann ich Bücher herunterladen?
Derzeit stehen all unsere auf Mobilgeräte reagierenden ePub-Bücher zum Download über die App zur Verfügung. Die meisten unserer PDFs stehen ebenfalls zum Download bereit; wir arbeiten daran, auch die übrigen PDFs zum Download anzubieten, bei denen dies aktuell noch nicht möglich ist. Weitere Informationen hier.
Welcher Unterschied besteht bei den Preisen zwischen den Aboplänen?
Mit beiden Aboplänen erhältst du vollen Zugang zur Bibliothek und allen Funktionen von Perlego. Die einzigen Unterschiede bestehen im Preis und dem Abozeitraum: Mit dem Jahresabo sparst du auf 12 Monate gerechnet im Vergleich zum Monatsabo rund 30 %.
Was ist Perlego?
Wir sind ein Online-Abodienst für Lehrbücher, bei dem du für weniger als den Preis eines einzelnen Buches pro Monat Zugang zu einer ganzen Online-Bibliothek erhältst. Mit über 1 Million Büchern zu über 1.000 verschiedenen Themen haben wir bestimmt alles, was du brauchst! Weitere Informationen hier.
Unterstützt Perlego Text-zu-Sprache?
Achte auf das Symbol zum Vorlesen in deinem nächsten Buch, um zu sehen, ob du es dir auch anhören kannst. Bei diesem Tool wird dir Text laut vorgelesen, wobei der Text beim Vorlesen auch grafisch hervorgehoben wird. Du kannst das Vorlesen jederzeit anhalten, beschleunigen und verlangsamen. Weitere Informationen hier.
Ist Practical Internet of Things Security als Online-PDF/ePub verfügbar?
Ja, du hast Zugang zu Practical Internet of Things Security von Brian Russell, Drew Van Duren im PDF- und/oder ePub-Format sowie zu anderen beliebten Büchern aus Ciencia de la computación & Ciencias computacionales general. Aus unserem Katalog stehen dir über 1 Million Bücher zur Verfügung.
Information
Cryptographic Fundamentals for IoT Security Engineering
This chapter is directed squarely at IoT implementers, those developing IoT devices (consumer or industrial) or integrating IoT communications into their enterprises. It provides you with an A to Z for their IoT implementations and deployments. While most of this book is devoted to practical application and guidance, this section diverges a bit to delve into deeper background topics associated with applied cryptography and cryptographic implementations. Many security practitioners will find this information common sense, but given the myriad cryptographic implementation errors and deployment insecurities even security-aware tech companies continue to deploy, we decided this background was needed. The risks are growing worse, evidenced by the fact that many industries historically unfamiliar with security (for example, home appliance vendors) continue to network-connect and IoT-enable their products. In the process, they make many avoidable errors that can harm their customers.
A detailed review of the use of cryptography to protect IoT communication and messaging protocols is provided, along with guidance on how the use of certain protocols drives the need for additional cryptographic protections at different layers of the technology stack.
This chapter is a critical prerequisite to the chapter on Public Key Infrastructures (PKIs) and their use in IoT identity and trust management. It explains the underlying security facets and cryptographic primitives on which PKIs depend.
This chapter is broken up into the following topical sections:
- Cryptography and its role in securing the IoT
- Types and uses of cryptographic primitives in the IoT
- Cryptographic module principles
- Cryptographic key management fundamentals
- Future-proofing your organization's rollout of cryptography
Cryptography and its role in securing the IoT
Our world is witnessing unprecedented growth in machine connectivity over the internet and private networks. Unfortunately, on any given day, the benefits of that connectivity are soured by yet more news reports of personal, government, and corporate cyber security breaches. Hacktivists, nation states, and organized crime syndicates play a never-ending game of cat and mouse with the security industry. We are all victims, either as a direct result of a cyber breach or through the costs we incur to improve security technology services, insurance, and mitigate other risks. The demand for more security and privacy is finally gaining traction in corporate boardrooms and high-level government circles alike. A significant part of that demand is for wider adoption of cryptography to protect user and machine data. Secure by default principles suggest the need for near ubiquitous use of cryptography, thus it will play an ever growing role in securing the IoT. It is and will continue to be used for encrypting wireless edge networks (network and point-to-point), gateway traffic, backend cloud databases, software/firmware images, and exabytes of your data at rest.
Cryptography provides an indispensable tool set for securing data, transactions, and personal privacy in our information age. Fundamentally, when properly implemented, cryptography can provide the following security features to any data whether in transit or at rest:
| Security feature | Cryptographic service(s) |
| Confidentiality | Encryption |
| Authentication | Digital signature or Message Authentication Code (MAC) |
| Integrity | Digital signature or MAC |
| Non-repudiation | Digital signature |
Revisiting definitions from Chapter 1, A Brave New World, the previous controls represent four out of five pillars of Information Assurance (IA). While the remaining one, availability, is not provided by cryptography, poorly implemented cryptographic instances can certainly deny availability (for example, communication stacks with crypto-synchronization problems).
The security benefits provided by cryptography—confidentiality, authentication, integrity, and non-repudiation—provide direct, one-to-one mitigations against many host, data, and communication security risks.
In the not-too-distant past, the author (Van Duren) spent considerable time supporting the FAA in addressing the security needed in pilot-to-drone communications (a prerequisite to safe and secure integration of unmanned aircraft into the national airspace system). Before we could recommend the controls needed, we first needed to understand the different communication risks that could impact unmanned aircraft. This involved detailed characterization of common information types and flows between the pilot and the aircraft.
The point is that it is vital to understand the tenets of applied cryptography because many security practitioners—while they may not end up designing protocol-level controls—will at least end up making high-level cryptographic selections in the development of security embedded devices and system-level security architectures. These selections should always be based on identified risks.
Types and uses of cryptographic primitives in the IoT
When most people think about cryptography, encryption invariably comes to mind. They understand that data is scrambled, so to speak, so that unauthorized parties cannot decrypt and interpret it. Real-world cryptography is composed of a number of other primitives, however, each partially or fully satisfying one of the previous IA objectives. Securely implementing and combining cryptographic primitives together to achieve a larger, more complex security objective should only be performed or overseen by security professionals well versed in applied cryptography and protocol design. Even the most minor error can prevent the security objective(s) from being fulfilled and result in costly vulnerabilities. There are far more ways to mess up a cryptographic implementation than to get it right.
Cryptographic primitive types fall into the following categories:
- Encryption (and decryption): Provides confidentiality:
- Symmetric
- Asymmetric
- Hashing
- Digital signatures: Signatures provide integrity, identity, and data-origin authentication as well as non-repudiation:
- Symmetric: MAC used for integrity and data-origin authentication
- Asymmetric: Elliptic Curve (EC) and Integer Factorization Cryptography (IFC)
- Random number generation: The basis of most cryptography requires very large numbers originating from high entropy sources. These are needed to generate or establish cryptographic keying material.
Cryptography is seldom used in isolation, however. Instead, it provides the underlying security functions used in upper-layer communication and other protocols. For example, Bluetooth, ZigBee, SSL/TLS, and a variety of other protocols specify how to use standard cryptographic primitives and integrate them into message protocols, message encodings, and relevant protocol behaviors (for example, how to handle a failed message integrity check).
Encryption and decryption
Encryption is the cryptographic service most people are familiar with as it is used to so-called scramble or mask information so that unintended parties cannot read or interpret it. In other words, it is used to protect the confidentiality of the information from eavesdroppers (whether observing your communications or attempting to read your stored data), and to only allow it to be deciphered by intended parties. Encryption algorithms can be symmetric or asymmetric (explained shortly). In both cases, a cryptographic key and the unprotected data are input to the encryption algorithm, which encrypts the confidential data. Once in this state, it is protected from eavesdroppers. The receiving party uses a key to decrypt the data when it is needed. The unprotected data is called plaintext and the protected data is called ciphertext. The basic encryption process is depicted in the following diagram:
Encrypt-decrypt.graffle
It should be clear from the preceding diagram that if the data is ever decrypted prior to reaching IOT Device B, it is vulnerable to the Eavesdropper. This brings into question where in a communication stack and in what protocol the encryption is performed, that is, what the capabilities of the endpoints are. When encrypting for communication purposes, system security engineers need to decide between point-to-point encryption and end-to-end encryption as evidenced in their threat modeling. This is an area ripe for error, as many encrypted protocols operate only on a point-to-point basis and must traverse a variety of gateways and other intermediate devices, the paths to which may be highly insecure. For example, an OSI Layer 2 (link) encryptor may encrypt the routable network-layer traffic above it, and the protection terminates at the end of the link, whereas a network encryptor will encrypt payloads within a network-routable packet, and get it safely to a particular network destination. When network encryption doesn't fully satisfy end-to-end cryptographic protection, application-layer machine-to-machine encryption may be used.
In today's internet threat environment, end-to-end encryption at the session and application layers is most prominent due to severe data losses that can occur when decrypting within an intermediary. The electrical industry and the insecure SCADA protocols commonly employed in it provide a case in point. The security fixes often include building secure communication gateways (where newly added encryption is performed). In others, it is to tunnel the insecure protocols through end-to-end protected ones. System security architectures should clearly account for every encryption security protocol in use and highlight where plaintext data is located (in storage or transit) and where it needs to be encrypted. In general, whenever possible, end-to-end data encryption should be promoted as a secure-by-default policy.
2323__...