Alasdair Gilchrist

IoT Security Issues

• Broschiertes Buch

Produktbeschreibung

IoT Security Issues looks at the burgeoning growth of devices of all kinds controlled over the Internet of all varieties, where product comes first and security second. In this case, security trails badly. This book examines the issues surrounding these problems, vulnerabilities, what can be done to solve the problem, investigating the stack for the roots of the problems and how programming and attention to good security practice can combat the problems today that are a result of lax security processes on the Internet of Things.

This book is for people interested in understanding the vulnerabilities on the Internet of Things, such as programmers who have not yet been focusing on the IoT, security professionals and a wide array of interested hackers and makers. This book assumes little experience or knowledge of the Internet of Things. To fully appreciate the book, limited programming background would be helpful for some of the chapters later in the book, though the basic content is explained.

The author, Alasdair Gilchrist, has spent 25 years as a company director in the fields of IT, Data Communications, Mobile Telecoms and latterly Cloud/SDN/NFV technologies, as a professional technician, support manager, network and security architect. He has project-managed both agile SDLC software development as well as technical network architecture design. He has experience in the deployment and integration of systems in enterprise, cloud, fixed/mobile telecoms, and service provider networks. He is therefore knowledgeable in a wide range of technologies and has written a number of books in related fields.

Produktdetails

• Verlag: De Gruyter
• Seitenzahl: 274
• Erscheinungstermin: 23. Januar 2017
• Englisch
• Abmessung: 230mm x 155mm x 15mm
• Gewicht: 401g
• ISBN-13: 9781501514746
• ISBN-10: 1501514741
• Artikelnr.: 47023680

Autorenporträt

Alasdair Gilchrist has spent 25 years as a company director in the fields of IT, Data Communications, Mobile Telecoms and latterly Cloud/Sdn/Nfv technologies, as a professional technician, support manager, network and security architect. He has project-managed both agile Sdlc software development as well as technical network architecture design. He has experience in the deployment and integration of systems in enterprise, cloud, fixed/mobile telecoms, and service provider networks. He is knowledgeable in a wide range of technologies and has written a number of books in related fields.

Inhaltsangabe

Introduction 1

Part I: Making Sense of the Hype

Chapter 1 - The Consumer Internet of Things 5

A Wave of Technology, or a Wave of Hype 5

IoT Skeptics and the Role of Security Issues 6

The Internet of No-thing 7

Where are these IoT devices? 8

Why the ambiguity in IoT uptake? 9

The Media and Marketing Hype 9

Lack of Killer Applications 11

There be Monsters 11

Buying Secure IoT Devices? 12

Making Things That Just Work 16

Is this a consumer Internet of things? 16

Skepticism, but the future looks bright 17

Consumer Trust - or Lack of It 19

Losing Control? 19

Toys for the Rich 21

IoT isn't DIY 22

Is Security a Major Inhibitor? 23

Part II: Security

Chapter 2 - It's Not Just About the Future 27

Looking back to move forward 27

Security by Design 29

Data Mobile Networks 30

A Confluence of New Technologies 32

Basic Security Practices 34

Chapter 3 - Flawed, Insecure Devices 35

Why are so many insecure devices on the market? 35

A Manufacturer's Perspective 35

The Device Production Cycle 36

Software development in an agile market 37

Clash of Cultures 37

Developers and the Security Puzzle 38

Reputational loss 40

Chapter 4 - Securing the Unidentified 43

The Scale of the Problem 44

What Type of Devices to Secure? 44

Unplanned Change 44

The Consumer's View on Security 45

Chapter 5 - Consumer Convenience Trumps Security 49

Plug n' Pray 49

Easy install - no truck rolls 51

Convenient but insecure 51

Many home networks are insecure? 53

Customer Ignorance 53

Chapter 6 - Startups Driving the IoT 55

Installing IoT Devices 56

Security knowledge is lacking 56

Chapter 7 - Cyber-Security and the Customer Experience 57

Pushing Security onto the Consumer 58

Industry regulations and standards - where are they? 58

The home ecosystem 59

Security negativity 60

Security Anomalies 61

What device can be trusted 61

Chapter 8 - Security Requirements for the IoT 65

Why security issues arise 65

Security and product confidence 66

Me-too manufacturing 66

Cutting development costs 67

Security is not an extra 67

Loss of product trust 68

Designing appropriate security 69

Chapter 9 - Re-engineering the IoT 71

Comparing Apples and Oranges 73

The Bluetooth lock saga 74

Device vulnerabilities and flaws 75



Flawed firmware 76

Code re-use 76

The issue with open source 77

Chapter 10 - IoT Production, Security and Strength 79

Manufacturing IoT Devices 80

ODM design 81

The tale of the Wi-Fi Kettle 83

Push Vs. pull marketing 83

Chapter 11 - Wearable's - A New Developer's Headache 85

IoT by stealth 87

The consumer IoT conundrum 90

Designing in Vulnerabilities 91

Passwords are the problem 93

Why are cookies important? 94

Chapter 12 - New Surface Threats 97

Hacking IoT Firmware 97

Part III: Architecting the Secure IoT

Chapter 13 - Designing the Secure IoT 107

IoT from an Architect's View-Point 109

Modeling the IoT 109

IoT communication patterns 111

First IoT design principles 113

Chapter 14 - Secure IoT Architecture Patterns 117

Event and data processing 118

Chapter 15 - Threat Models 121

What are threat models? 121

Designing a threat model 122

6 steps to threat modeling 122

Advanced IoT threats 124

Devices 124

Networks 125

Infrastructure 127

Interfaces 127

Part IV: Defending the IoT

Chapter 16 - Threats, Vulnerabilities and Risks 131

IoT threats & counter-measures 131

Chapter 17 - IoT Security Framework 135

Introduction to the IoT security framework 135

Chapter 18 - Secure IoT Design 141

IoT Network Design 145

IoT protocols 148

The IoT Stack 149

Link layer 150

Adaption layer 152

IPv6 & IPsec 154

Routing 154

Messaging 157

Chapter 19 - Utilizing IPv6 Security Features 159

Securing the IoT 162

Confidentiality 162

Integrity 162

Availability 163

Link layer 164

Network layer 164

Transport layer 165

Network security 165

Part V: Trust

Chapter 20 - The IoT of Trust 169

Trust between partners - there isn't that much about 170

IBM Vs. Microsoft 171

Apple vs. Samsung 171

Uber Vs Crowdsources drivers 172

Manufacturer and customer trust model 172

Dubious toys 173

Kids play 174

Chapter 21 - It's All About the Data 175

Appropriating data 176

The Data Appropriators 177



Where is the fair barter? 178

Trust by design 179

Chapter 22 - Trusting the Device 185

Hacking voicemail 188

Unethical phone hacking 189

Chapter 23 - Who Can We Trust? 191

Free is an Earner 193

Pissing into the Tent 193

IoT Trust is Essential 194

The Osram debacle 194

LIFX's another Hack? 195

Balancing Security and Trust 196

So, Who Can We Trust? 196

Open Trust Alliance 197

Part VI: Privacy

Chapter 24 - Personal Private Information (PIP) 201

Why is the Privacy of our Personal Information Important? 201

Collecting Private Data 204

Data is the New Oil, or Is It? 204

Attacks on data privacy at Internet scale 205

Young and Carefree 206

Can we Control our Privacy? 207

Ad-blockers - They're Not What They Seem 207

Google and the dubious ad blockers 208

Privacy Laws Around the Globe 208

United States of America 209

Germany 210

Russia 211

China 211

India 212

Brazil 212

Australia 213

Japan 213

UK (Under review) 213

Different Laws in Countries - What Possibly Could Go Wrong 214

Facebook's EU Opt-out Scandal 214



Chapter 25 - The U.S. and EU Data Privacy Shield 217

When privacy laws collide 219

Losing a Safe Harbor 219

After the closure of the Safe Harbor 220

Model and Standard Contractual Clauses 220

The new EU - US Privacy Shield 220

New shield or old failings 221

Contradictions on privacy 222

Leveraging the value of data 224

Part VII: Surveillance, Subterfuge and Sabotage

Chapter 26 - The Panopticon 229

The good, the bad and the ugly 229

Home surveillance 229

Law enforcement - going dark 231

Dragnet Exploits 233

The 5-Eyes (FVEY) 235

PRISM 237

Mastering the Internet 241

Project TEMPORA 241

XKEYSTORE 243

Windstop 244

MUSCULAR 244

INCENSER 246

Encryption in the IoT 249

The Snooper's charter 251

Nothing to hide nothing to fear 254

Its only metadata 255

Index 257