Alasdair Gilchrist
IoT Security Issues
Alasdair Gilchrist
IoT Security Issues
- Broschiertes Buch
- Merkliste
- Auf die Merkliste
- Bewerten Bewerten
- Teilen
- Produkt teilen
- Produkterinnerung
- Produkterinnerung
IoT Security Issues looks at the burgeoning growth of devices of all kinds controlled over the Internet of all varieties, where product comes first and security second. In this case, security trails badly. This book examines the issues surrounding these problems, vulnerabilities, what can be done to solve the problem, investigating the stack for the roots of the problems and how programming and attention to good security practice can combat the problems today that are a result of lax security processes on the Internet of Things.
This book is for people interested in understanding the…mehr
Andere Kunden interessierten sich auch für
- Scott DonaldsonUnderstanding Security Issues25,99 €
- Klaus ElkEmbedded Software for the IoT35,99 €
- Mark BecknerQuick Start Guide to Azure Data Factory, Azure Data Lake Server, and Azure Data Warehouse27,99 €
- Suraj GauravPower BI Data Analysis and Visualization46,99 €
- Jill LeporeIf Then14,99 €
- Tobias ZepfBlockchain. Technologien, Innovationen und Anwendungen26,99 €
- Information Technology for Development, Volume 12, Number 479,99 €
-
-
-
IoT Security Issues looks at the burgeoning growth of devices of all kinds controlled over the Internet of all varieties, where product comes first and security second. In this case, security trails badly. This book examines the issues surrounding these problems, vulnerabilities, what can be done to solve the problem, investigating the stack for the roots of the problems and how programming and attention to good security practice can combat the problems today that are a result of lax security processes on the Internet of Things.
This book is for people interested in understanding the vulnerabilities on the Internet of Things, such as programmers who have not yet been focusing on the IoT, security professionals and a wide array of interested hackers and makers. This book assumes little experience or knowledge of the Internet of Things. To fully appreciate the book, limited programming background would be helpful for some of the chapters later in the book, though the basic content is explained.
The author, Alasdair Gilchrist, has spent 25 years as a company director in the fields of IT, Data Communications, Mobile Telecoms and latterly Cloud/SDN/NFV technologies, as a professional technician, support manager, network and security architect. He has project-managed both agile SDLC software development as well as technical network architecture design. He has experience in the deployment and integration of systems in enterprise, cloud, fixed/mobile telecoms, and service provider networks. He is therefore knowledgeable in a wide range of technologies and has written a number of books in related fields.
This book is for people interested in understanding the vulnerabilities on the Internet of Things, such as programmers who have not yet been focusing on the IoT, security professionals and a wide array of interested hackers and makers. This book assumes little experience or knowledge of the Internet of Things. To fully appreciate the book, limited programming background would be helpful for some of the chapters later in the book, though the basic content is explained.
The author, Alasdair Gilchrist, has spent 25 years as a company director in the fields of IT, Data Communications, Mobile Telecoms and latterly Cloud/SDN/NFV technologies, as a professional technician, support manager, network and security architect. He has project-managed both agile SDLC software development as well as technical network architecture design. He has experience in the deployment and integration of systems in enterprise, cloud, fixed/mobile telecoms, and service provider networks. He is therefore knowledgeable in a wide range of technologies and has written a number of books in related fields.
Produktdetails
- Produktdetails
- Verlag: De Gruyter
- Seitenzahl: 274
- Erscheinungstermin: 23. Januar 2017
- Englisch
- Abmessung: 230mm x 155mm x 15mm
- Gewicht: 401g
- ISBN-13: 9781501514746
- ISBN-10: 1501514741
- Artikelnr.: 47023680
- Herstellerkennzeichnung Die Herstellerinformationen sind derzeit nicht verfügbar.
- Verlag: De Gruyter
- Seitenzahl: 274
- Erscheinungstermin: 23. Januar 2017
- Englisch
- Abmessung: 230mm x 155mm x 15mm
- Gewicht: 401g
- ISBN-13: 9781501514746
- ISBN-10: 1501514741
- Artikelnr.: 47023680
- Herstellerkennzeichnung Die Herstellerinformationen sind derzeit nicht verfügbar.
Alasdair Gilchrist has spent 25 years as a company director in the fields of IT, Data Communications, Mobile Telecoms and latterly Cloud/Sdn/Nfv technologies, as a professional technician, support manager, network and security architect. He has project-managed both agile Sdlc software development as well as technical network architecture design. He has experience in the deployment and integration of systems in enterprise, cloud, fixed/mobile telecoms, and service provider networks. He is knowledgeable in a wide range of technologies and has written a number of books in related fields.
Introduction 1
Part I: Making Sense of the Hype
Chapter 1 - The Consumer Internet of Things 5
A Wave of Technology, or a Wave of Hype 5
IoT Skeptics and the Role of Security Issues 6
The Internet of No-thing 7
Where are these IoT devices? 8
Why the ambiguity in IoT uptake? 9
The Media and Marketing Hype 9
Lack of Killer Applications 11
There be Monsters 11
Buying Secure IoT Devices? 12
Making Things That Just Work 16
Is this a consumer Internet of things? 16
Skepticism, but the future looks bright 17
Consumer Trust - or Lack of It 19
Losing Control? 19
Toys for the Rich 21
IoT isn't DIY 22
Is Security a Major Inhibitor? 23
Part II: Security
Chapter 2 - It's Not Just About the Future 27
Looking back to move forward 27
Security by Design 29
Data Mobile Networks 30
A Confluence of New Technologies 32
Basic Security Practices 34
Chapter 3 - Flawed, Insecure Devices 35
Why are so many insecure devices on the market? 35
A Manufacturer's Perspective 35
The Device Production Cycle 36
Software development in an agile market 37
Clash of Cultures 37
Developers and the Security Puzzle 38
Reputational loss 40
Chapter 4 - Securing the Unidentified 43
The Scale of the Problem 44
What Type of Devices to Secure? 44
Unplanned Change 44
The Consumer's View on Security 45
Chapter 5 - Consumer Convenience Trumps Security 49
Plug n' Pray 49
Easy install - no truck rolls 51
Convenient but insecure 51
Many home networks are insecure? 53
Customer Ignorance 53
Chapter 6 - Startups Driving the IoT 55
Installing IoT Devices 56
Security knowledge is lacking 56
Chapter 7 - Cyber-Security and the Customer Experience 57
Pushing Security onto the Consumer 58
Industry regulations and standards - where are they? 58
The home ecosystem 59
Security negativity 60
Security Anomalies 61
What device can be trusted 61
Chapter 8 - Security Requirements for the IoT 65
Why security issues arise 65
Security and product confidence 66
Me-too manufacturing 66
Cutting development costs 67
Security is not an extra 67
Loss of product trust 68
Designing appropriate security 69
Chapter 9 - Re-engineering the IoT 71
Comparing Apples and Oranges 73
The Bluetooth lock saga 74
Device vulnerabilities and flaws 75
Flawed firmware 76
Code re-use 76
The issue with open source 77
Chapter 10 - IoT Production, Security and Strength 79
Manufacturing IoT Devices 80
ODM design 81
The tale of the Wi-Fi Kettle 83
Push Vs. pull marketing 83
Chapter 11 - Wearable's - A New Developer's Headache 85
IoT by stealth 87
The consumer IoT conundrum 90
Designing in Vulnerabilities 91
Passwords are the problem 93
Why are cookies important? 94
Chapter 12 - New Surface Threats 97
Hacking IoT Firmware 97
Part III: Architecting the Secure IoT
Chapter 13 - Designing the Secure IoT 107
IoT from an Architect's View-Point 109
Modeling the IoT 109
IoT communication patterns 111
First IoT design principles 113
Chapter 14 - Secure IoT Architecture Patterns 117
Event and data processing 118
Chapter 15 - Threat Models 121
What are threat models? 121
Designing a threat model 122
6 steps to threat modeling 122
Advanced IoT threats 124
Devices 124
Networks 125
Infrastructure 127
Interfaces 127
Part IV: Defending the IoT
Chapter 16 - Threats, Vulnerabilities and Risks 131
IoT threats & counter-measures 131
Chapter 17 - IoT Security Framework 135
Introduction to the IoT security framework 135
Chapter 18 - Secure IoT Design 141
IoT Network Design 145
IoT protocols 148
The IoT Stack 149
Link layer 150
Adaption layer 152
IPv6 & IPsec 154
Routing 154
Messaging 157
Chapter 19 - Utilizing IPv6 Security Features 159
Securing the IoT 162
Confidentiality 162
Integrity 162
Availability 163
Link layer 164
Network layer 164
Transport layer 165
Network security 165
Part V: Trust
Chapter 20 - The IoT of Trust 169
Trust between partners - there isn't that much about 170
IBM Vs. Microsoft 171
Apple vs. Samsung 171
Uber Vs Crowdsources drivers 172
Manufacturer and customer trust model 172
Dubious toys 173
Kids play 174
Chapter 21 - It's All About the Data 175
Appropriating data 176
The Data Appropriators 177
Where is the fair barter? 178
Trust by design 179
Chapter 22 - Trusting the Device 185
Hacking voicemail 188
Unethical phone hacking 189
Chapter 23 - Who Can We Trust? 191
Free is an Earner 193
Pissing into the Tent 193
IoT Trust is Essential 194
The Osram debacle 194
LIFX's another Hack? 195
Balancing Security and Trust 196
So, Who Can We Trust? 196
Open Trust Alliance 197
Part VI: Privacy
Chapter 24 - Personal Private Information (PIP) 201
Why is the Privacy of our Personal Information Important? 201
Collecting Private Data 204
Data is the New Oil, or Is It? 204
Attacks on data privacy at Internet scale 205
Young and Carefree 206
Can we Control our Privacy? 207
Ad-blockers - They're Not What They Seem 207
Google and the dubious ad blockers 208
Privacy Laws Around the Globe 208
United States of America 209
Germany 210
Russia 211
China 211
India 212
Brazil 212
Australia 213
Japan 213
UK (Under review) 213
Different Laws in Countries - What Possibly Could Go Wrong 214
Facebook's EU Opt-out Scandal 214
Chapter 25 - The U.S. and EU Data Privacy Shield 217
When privacy laws collide 219
Losing a Safe Harbor 219
After the closure of the Safe Harbor 220
Model and Standard Contractual Clauses 220
The new EU - US Privacy Shield 220
New shield or old failings 221
Contradictions on privacy 222
Leveraging the value of data 224
Part VII: Surveillance, Subterfuge and Sabotage
Chapter 26 - The Panopticon 229
The good, the bad and the ugly 229
Home surveillance 229
Law enforcement - going dark 231
Dragnet Exploits 233
The 5-Eyes (FVEY) 235
PRISM 237
Mastering the Internet 241
Project TEMPORA 241
XKEYSTORE 243
Windstop 244
MUSCULAR 244
INCENSER 246
Encryption in the IoT 249
The Snooper's charter 251
Nothing to hide nothing to fear 254
Its only metadata 255
Index 257
Part I: Making Sense of the Hype
Chapter 1 - The Consumer Internet of Things 5
A Wave of Technology, or a Wave of Hype 5
IoT Skeptics and the Role of Security Issues 6
The Internet of No-thing 7
Where are these IoT devices? 8
Why the ambiguity in IoT uptake? 9
The Media and Marketing Hype 9
Lack of Killer Applications 11
There be Monsters 11
Buying Secure IoT Devices? 12
Making Things That Just Work 16
Is this a consumer Internet of things? 16
Skepticism, but the future looks bright 17
Consumer Trust - or Lack of It 19
Losing Control? 19
Toys for the Rich 21
IoT isn't DIY 22
Is Security a Major Inhibitor? 23
Part II: Security
Chapter 2 - It's Not Just About the Future 27
Looking back to move forward 27
Security by Design 29
Data Mobile Networks 30
A Confluence of New Technologies 32
Basic Security Practices 34
Chapter 3 - Flawed, Insecure Devices 35
Why are so many insecure devices on the market? 35
A Manufacturer's Perspective 35
The Device Production Cycle 36
Software development in an agile market 37
Clash of Cultures 37
Developers and the Security Puzzle 38
Reputational loss 40
Chapter 4 - Securing the Unidentified 43
The Scale of the Problem 44
What Type of Devices to Secure? 44
Unplanned Change 44
The Consumer's View on Security 45
Chapter 5 - Consumer Convenience Trumps Security 49
Plug n' Pray 49
Easy install - no truck rolls 51
Convenient but insecure 51
Many home networks are insecure? 53
Customer Ignorance 53
Chapter 6 - Startups Driving the IoT 55
Installing IoT Devices 56
Security knowledge is lacking 56
Chapter 7 - Cyber-Security and the Customer Experience 57
Pushing Security onto the Consumer 58
Industry regulations and standards - where are they? 58
The home ecosystem 59
Security negativity 60
Security Anomalies 61
What device can be trusted 61
Chapter 8 - Security Requirements for the IoT 65
Why security issues arise 65
Security and product confidence 66
Me-too manufacturing 66
Cutting development costs 67
Security is not an extra 67
Loss of product trust 68
Designing appropriate security 69
Chapter 9 - Re-engineering the IoT 71
Comparing Apples and Oranges 73
The Bluetooth lock saga 74
Device vulnerabilities and flaws 75
Flawed firmware 76
Code re-use 76
The issue with open source 77
Chapter 10 - IoT Production, Security and Strength 79
Manufacturing IoT Devices 80
ODM design 81
The tale of the Wi-Fi Kettle 83
Push Vs. pull marketing 83
Chapter 11 - Wearable's - A New Developer's Headache 85
IoT by stealth 87
The consumer IoT conundrum 90
Designing in Vulnerabilities 91
Passwords are the problem 93
Why are cookies important? 94
Chapter 12 - New Surface Threats 97
Hacking IoT Firmware 97
Part III: Architecting the Secure IoT
Chapter 13 - Designing the Secure IoT 107
IoT from an Architect's View-Point 109
Modeling the IoT 109
IoT communication patterns 111
First IoT design principles 113
Chapter 14 - Secure IoT Architecture Patterns 117
Event and data processing 118
Chapter 15 - Threat Models 121
What are threat models? 121
Designing a threat model 122
6 steps to threat modeling 122
Advanced IoT threats 124
Devices 124
Networks 125
Infrastructure 127
Interfaces 127
Part IV: Defending the IoT
Chapter 16 - Threats, Vulnerabilities and Risks 131
IoT threats & counter-measures 131
Chapter 17 - IoT Security Framework 135
Introduction to the IoT security framework 135
Chapter 18 - Secure IoT Design 141
IoT Network Design 145
IoT protocols 148
The IoT Stack 149
Link layer 150
Adaption layer 152
IPv6 & IPsec 154
Routing 154
Messaging 157
Chapter 19 - Utilizing IPv6 Security Features 159
Securing the IoT 162
Confidentiality 162
Integrity 162
Availability 163
Link layer 164
Network layer 164
Transport layer 165
Network security 165
Part V: Trust
Chapter 20 - The IoT of Trust 169
Trust between partners - there isn't that much about 170
IBM Vs. Microsoft 171
Apple vs. Samsung 171
Uber Vs Crowdsources drivers 172
Manufacturer and customer trust model 172
Dubious toys 173
Kids play 174
Chapter 21 - It's All About the Data 175
Appropriating data 176
The Data Appropriators 177
Where is the fair barter? 178
Trust by design 179
Chapter 22 - Trusting the Device 185
Hacking voicemail 188
Unethical phone hacking 189
Chapter 23 - Who Can We Trust? 191
Free is an Earner 193
Pissing into the Tent 193
IoT Trust is Essential 194
The Osram debacle 194
LIFX's another Hack? 195
Balancing Security and Trust 196
So, Who Can We Trust? 196
Open Trust Alliance 197
Part VI: Privacy
Chapter 24 - Personal Private Information (PIP) 201
Why is the Privacy of our Personal Information Important? 201
Collecting Private Data 204
Data is the New Oil, or Is It? 204
Attacks on data privacy at Internet scale 205
Young and Carefree 206
Can we Control our Privacy? 207
Ad-blockers - They're Not What They Seem 207
Google and the dubious ad blockers 208
Privacy Laws Around the Globe 208
United States of America 209
Germany 210
Russia 211
China 211
India 212
Brazil 212
Australia 213
Japan 213
UK (Under review) 213
Different Laws in Countries - What Possibly Could Go Wrong 214
Facebook's EU Opt-out Scandal 214
Chapter 25 - The U.S. and EU Data Privacy Shield 217
When privacy laws collide 219
Losing a Safe Harbor 219
After the closure of the Safe Harbor 220
Model and Standard Contractual Clauses 220
The new EU - US Privacy Shield 220
New shield or old failings 221
Contradictions on privacy 222
Leveraging the value of data 224
Part VII: Surveillance, Subterfuge and Sabotage
Chapter 26 - The Panopticon 229
The good, the bad and the ugly 229
Home surveillance 229
Law enforcement - going dark 231
Dragnet Exploits 233
The 5-Eyes (FVEY) 235
PRISM 237
Mastering the Internet 241
Project TEMPORA 241
XKEYSTORE 243
Windstop 244
MUSCULAR 244
INCENSER 246
Encryption in the IoT 249
The Snooper's charter 251
Nothing to hide nothing to fear 254
Its only metadata 255
Index 257
Introduction 1
Part I: Making Sense of the Hype
Chapter 1 - The Consumer Internet of Things 5
A Wave of Technology, or a Wave of Hype 5
IoT Skeptics and the Role of Security Issues 6
The Internet of No-thing 7
Where are these IoT devices? 8
Why the ambiguity in IoT uptake? 9
The Media and Marketing Hype 9
Lack of Killer Applications 11
There be Monsters 11
Buying Secure IoT Devices? 12
Making Things That Just Work 16
Is this a consumer Internet of things? 16
Skepticism, but the future looks bright 17
Consumer Trust - or Lack of It 19
Losing Control? 19
Toys for the Rich 21
IoT isn't DIY 22
Is Security a Major Inhibitor? 23
Part II: Security
Chapter 2 - It's Not Just About the Future 27
Looking back to move forward 27
Security by Design 29
Data Mobile Networks 30
A Confluence of New Technologies 32
Basic Security Practices 34
Chapter 3 - Flawed, Insecure Devices 35
Why are so many insecure devices on the market? 35
A Manufacturer's Perspective 35
The Device Production Cycle 36
Software development in an agile market 37
Clash of Cultures 37
Developers and the Security Puzzle 38
Reputational loss 40
Chapter 4 - Securing the Unidentified 43
The Scale of the Problem 44
What Type of Devices to Secure? 44
Unplanned Change 44
The Consumer's View on Security 45
Chapter 5 - Consumer Convenience Trumps Security 49
Plug n' Pray 49
Easy install - no truck rolls 51
Convenient but insecure 51
Many home networks are insecure? 53
Customer Ignorance 53
Chapter 6 - Startups Driving the IoT 55
Installing IoT Devices 56
Security knowledge is lacking 56
Chapter 7 - Cyber-Security and the Customer Experience 57
Pushing Security onto the Consumer 58
Industry regulations and standards - where are they? 58
The home ecosystem 59
Security negativity 60
Security Anomalies 61
What device can be trusted 61
Chapter 8 - Security Requirements for the IoT 65
Why security issues arise 65
Security and product confidence 66
Me-too manufacturing 66
Cutting development costs 67
Security is not an extra 67
Loss of product trust 68
Designing appropriate security 69
Chapter 9 - Re-engineering the IoT 71
Comparing Apples and Oranges 73
The Bluetooth lock saga 74
Device vulnerabilities and flaws 75
Flawed firmware 76
Code re-use 76
The issue with open source 77
Chapter 10 - IoT Production, Security and Strength 79
Manufacturing IoT Devices 80
ODM design 81
The tale of the Wi-Fi Kettle 83
Push Vs. pull marketing 83
Chapter 11 - Wearable's - A New Developer's Headache 85
IoT by stealth 87
The consumer IoT conundrum 90
Designing in Vulnerabilities 91
Passwords are the problem 93
Why are cookies important? 94
Chapter 12 - New Surface Threats 97
Hacking IoT Firmware 97
Part III: Architecting the Secure IoT
Chapter 13 - Designing the Secure IoT 107
IoT from an Architect's View-Point 109
Modeling the IoT 109
IoT communication patterns 111
First IoT design principles 113
Chapter 14 - Secure IoT Architecture Patterns 117
Event and data processing 118
Chapter 15 - Threat Models 121
What are threat models? 121
Designing a threat model 122
6 steps to threat modeling 122
Advanced IoT threats 124
Devices 124
Networks 125
Infrastructure 127
Interfaces 127
Part IV: Defending the IoT
Chapter 16 - Threats, Vulnerabilities and Risks 131
IoT threats & counter-measures 131
Chapter 17 - IoT Security Framework 135
Introduction to the IoT security framework 135
Chapter 18 - Secure IoT Design 141
IoT Network Design 145
IoT protocols 148
The IoT Stack 149
Link layer 150
Adaption layer 152
IPv6 & IPsec 154
Routing 154
Messaging 157
Chapter 19 - Utilizing IPv6 Security Features 159
Securing the IoT 162
Confidentiality 162
Integrity 162
Availability 163
Link layer 164
Network layer 164
Transport layer 165
Network security 165
Part V: Trust
Chapter 20 - The IoT of Trust 169
Trust between partners - there isn't that much about 170
IBM Vs. Microsoft 171
Apple vs. Samsung 171
Uber Vs Crowdsources drivers 172
Manufacturer and customer trust model 172
Dubious toys 173
Kids play 174
Chapter 21 - It's All About the Data 175
Appropriating data 176
The Data Appropriators 177
Where is the fair barter? 178
Trust by design 179
Chapter 22 - Trusting the Device 185
Hacking voicemail 188
Unethical phone hacking 189
Chapter 23 - Who Can We Trust? 191
Free is an Earner 193
Pissing into the Tent 193
IoT Trust is Essential 194
The Osram debacle 194
LIFX's another Hack? 195
Balancing Security and Trust 196
So, Who Can We Trust? 196
Open Trust Alliance 197
Part VI: Privacy
Chapter 24 - Personal Private Information (PIP) 201
Why is the Privacy of our Personal Information Important? 201
Collecting Private Data 204
Data is the New Oil, or Is It? 204
Attacks on data privacy at Internet scale 205
Young and Carefree 206
Can we Control our Privacy? 207
Ad-blockers - They're Not What They Seem 207
Google and the dubious ad blockers 208
Privacy Laws Around the Globe 208
United States of America 209
Germany 210
Russia 211
China 211
India 212
Brazil 212
Australia 213
Japan 213
UK (Under review) 213
Different Laws in Countries - What Possibly Could Go Wrong 214
Facebook's EU Opt-out Scandal 214
Chapter 25 - The U.S. and EU Data Privacy Shield 217
When privacy laws collide 219
Losing a Safe Harbor 219
After the closure of the Safe Harbor 220
Model and Standard Contractual Clauses 220
The new EU - US Privacy Shield 220
New shield or old failings 221
Contradictions on privacy 222
Leveraging the value of data 224
Part VII: Surveillance, Subterfuge and Sabotage
Chapter 26 - The Panopticon 229
The good, the bad and the ugly 229
Home surveillance 229
Law enforcement - going dark 231
Dragnet Exploits 233
The 5-Eyes (FVEY) 235
PRISM 237
Mastering the Internet 241
Project TEMPORA 241
XKEYSTORE 243
Windstop 244
MUSCULAR 244
INCENSER 246
Encryption in the IoT 249
The Snooper's charter 251
Nothing to hide nothing to fear 254
Its only metadata 255
Index 257
Part I: Making Sense of the Hype
Chapter 1 - The Consumer Internet of Things 5
A Wave of Technology, or a Wave of Hype 5
IoT Skeptics and the Role of Security Issues 6
The Internet of No-thing 7
Where are these IoT devices? 8
Why the ambiguity in IoT uptake? 9
The Media and Marketing Hype 9
Lack of Killer Applications 11
There be Monsters 11
Buying Secure IoT Devices? 12
Making Things That Just Work 16
Is this a consumer Internet of things? 16
Skepticism, but the future looks bright 17
Consumer Trust - or Lack of It 19
Losing Control? 19
Toys for the Rich 21
IoT isn't DIY 22
Is Security a Major Inhibitor? 23
Part II: Security
Chapter 2 - It's Not Just About the Future 27
Looking back to move forward 27
Security by Design 29
Data Mobile Networks 30
A Confluence of New Technologies 32
Basic Security Practices 34
Chapter 3 - Flawed, Insecure Devices 35
Why are so many insecure devices on the market? 35
A Manufacturer's Perspective 35
The Device Production Cycle 36
Software development in an agile market 37
Clash of Cultures 37
Developers and the Security Puzzle 38
Reputational loss 40
Chapter 4 - Securing the Unidentified 43
The Scale of the Problem 44
What Type of Devices to Secure? 44
Unplanned Change 44
The Consumer's View on Security 45
Chapter 5 - Consumer Convenience Trumps Security 49
Plug n' Pray 49
Easy install - no truck rolls 51
Convenient but insecure 51
Many home networks are insecure? 53
Customer Ignorance 53
Chapter 6 - Startups Driving the IoT 55
Installing IoT Devices 56
Security knowledge is lacking 56
Chapter 7 - Cyber-Security and the Customer Experience 57
Pushing Security onto the Consumer 58
Industry regulations and standards - where are they? 58
The home ecosystem 59
Security negativity 60
Security Anomalies 61
What device can be trusted 61
Chapter 8 - Security Requirements for the IoT 65
Why security issues arise 65
Security and product confidence 66
Me-too manufacturing 66
Cutting development costs 67
Security is not an extra 67
Loss of product trust 68
Designing appropriate security 69
Chapter 9 - Re-engineering the IoT 71
Comparing Apples and Oranges 73
The Bluetooth lock saga 74
Device vulnerabilities and flaws 75
Flawed firmware 76
Code re-use 76
The issue with open source 77
Chapter 10 - IoT Production, Security and Strength 79
Manufacturing IoT Devices 80
ODM design 81
The tale of the Wi-Fi Kettle 83
Push Vs. pull marketing 83
Chapter 11 - Wearable's - A New Developer's Headache 85
IoT by stealth 87
The consumer IoT conundrum 90
Designing in Vulnerabilities 91
Passwords are the problem 93
Why are cookies important? 94
Chapter 12 - New Surface Threats 97
Hacking IoT Firmware 97
Part III: Architecting the Secure IoT
Chapter 13 - Designing the Secure IoT 107
IoT from an Architect's View-Point 109
Modeling the IoT 109
IoT communication patterns 111
First IoT design principles 113
Chapter 14 - Secure IoT Architecture Patterns 117
Event and data processing 118
Chapter 15 - Threat Models 121
What are threat models? 121
Designing a threat model 122
6 steps to threat modeling 122
Advanced IoT threats 124
Devices 124
Networks 125
Infrastructure 127
Interfaces 127
Part IV: Defending the IoT
Chapter 16 - Threats, Vulnerabilities and Risks 131
IoT threats & counter-measures 131
Chapter 17 - IoT Security Framework 135
Introduction to the IoT security framework 135
Chapter 18 - Secure IoT Design 141
IoT Network Design 145
IoT protocols 148
The IoT Stack 149
Link layer 150
Adaption layer 152
IPv6 & IPsec 154
Routing 154
Messaging 157
Chapter 19 - Utilizing IPv6 Security Features 159
Securing the IoT 162
Confidentiality 162
Integrity 162
Availability 163
Link layer 164
Network layer 164
Transport layer 165
Network security 165
Part V: Trust
Chapter 20 - The IoT of Trust 169
Trust between partners - there isn't that much about 170
IBM Vs. Microsoft 171
Apple vs. Samsung 171
Uber Vs Crowdsources drivers 172
Manufacturer and customer trust model 172
Dubious toys 173
Kids play 174
Chapter 21 - It's All About the Data 175
Appropriating data 176
The Data Appropriators 177
Where is the fair barter? 178
Trust by design 179
Chapter 22 - Trusting the Device 185
Hacking voicemail 188
Unethical phone hacking 189
Chapter 23 - Who Can We Trust? 191
Free is an Earner 193
Pissing into the Tent 193
IoT Trust is Essential 194
The Osram debacle 194
LIFX's another Hack? 195
Balancing Security and Trust 196
So, Who Can We Trust? 196
Open Trust Alliance 197
Part VI: Privacy
Chapter 24 - Personal Private Information (PIP) 201
Why is the Privacy of our Personal Information Important? 201
Collecting Private Data 204
Data is the New Oil, or Is It? 204
Attacks on data privacy at Internet scale 205
Young and Carefree 206
Can we Control our Privacy? 207
Ad-blockers - They're Not What They Seem 207
Google and the dubious ad blockers 208
Privacy Laws Around the Globe 208
United States of America 209
Germany 210
Russia 211
China 211
India 212
Brazil 212
Australia 213
Japan 213
UK (Under review) 213
Different Laws in Countries - What Possibly Could Go Wrong 214
Facebook's EU Opt-out Scandal 214
Chapter 25 - The U.S. and EU Data Privacy Shield 217
When privacy laws collide 219
Losing a Safe Harbor 219
After the closure of the Safe Harbor 220
Model and Standard Contractual Clauses 220
The new EU - US Privacy Shield 220
New shield or old failings 221
Contradictions on privacy 222
Leveraging the value of data 224
Part VII: Surveillance, Subterfuge and Sabotage
Chapter 26 - The Panopticon 229
The good, the bad and the ugly 229
Home surveillance 229
Law enforcement - going dark 231
Dragnet Exploits 233
The 5-Eyes (FVEY) 235
PRISM 237
Mastering the Internet 241
Project TEMPORA 241
XKEYSTORE 243
Windstop 244
MUSCULAR 244
INCENSER 246
Encryption in the IoT 249
The Snooper's charter 251
Nothing to hide nothing to fear 254
Its only metadata 255
Index 257