Professional Documents
Culture Documents
m Operation
Introduction
r Overview of security aspects of the envisioned
all-IP architecture as well as of the lifecycle of
an IoT device, a thing.
m interactions and relationships between an IoT application
and security
m challenges for a secure IoT in the specific context of the
lifecycle of a resource-constrained device.
Threats
r Cloning of things
m An untrusted manufacturer can easily clone the physical characteristics,
firmware/software, or security configuration of the things.
• cheaper price, degraded functionality, backdoor
Threats (2)
r Routing attack
m Routing information in IoT can be spoofed, altered, or replayed.
m Other relevant routing attacks include
• Sinkhole attack (or blackhole attack)
• Selective forwarding
• Wormhole attack
• Sybil attack
r Privacy threat
r Denial-of-Service attack
m Things are typically vulnerable to resource exhaustion attack.
r Security Aspects
m Security bootstrapping denotes the process by which
a thing securely joins the IoT.
• Bootstrapping includes the authentication and authorization of
a device as well as the transfer of security parameters allowing
for its trusted operation in a given network.
m During the bootstrapping phase, each thing executes
the bootstrapping protocol, thus obtaining the
required device identities and the keying material.
r Denial-of-service resistance
m The tight memory and processing constraints of things alleviate
resource exhaustion attacks.
m DoS countermeasure: return routability checks, puzzle
mechanism (details to be discussed later)
• return routability check: to delay the establishment of state at the
responding host until the address of the initiating host is verified.
– implemented in DTLS, IKEv2, HIP, Diet HIP
• puzzle mechanism: to force the initiator of a connection (and
potential attacker) to solve cryptographic puzzles with variable
difficulties.
– a viable option for sheltering IoT devices against unintended overload
– implemented in HIP