IoT Security Issues

Buch | Softcover
273 Seiten
2017
De|G Press (Verlag)
978-1-5015-1474-6 (ISBN)

Lese- und Medienproben

IoT Security Issues - Alasdair Gilchrist
49,95 inkl. MwSt
IoT Security Issues looks at the burgeoning growth of devices of all kinds controlled over the Internet of all varieties, where product comes first and security second. In this case, security trails badly. This book examines the issues surrounding these problems, vulnerabilities, what can be done to solve the problem, investigating the stack for the roots of the problems and how programming and attention to good security practice can combat the problems today that are a result of lax security processes on the Internet of Things. This book is for people interested in understanding the vulnerabilities on the Internet of Things, such as programmers who have not yet been focusing on the IoT, security professionals and a wide array of interested hackers and makers. This book assumes little experience or knowledge of the Internet of Things. To fully appreciate the book, limited programming background would be helpful for some of the chapters later in the book, though the basic content is explained. The author, Alasdair Gilchrist, has spent 25 years as a company director in the fields of IT, Data Communications, Mobile Telecoms and latterly Cloud/SDN/NFV technologies, as a professional technician, support manager, network and security architect. He has project-managed both agile SDLC software development as well as technical network architecture design. He has experience in the deployment and integration of systems in enterprise, cloud, fixed/mobile telecoms, and service provider networks. He is therefore knowledgeable in a wide range of technologies and has written a number of books in related fields.

Alasdair Gilchrist has spent 25 years as a company director in the fields of IT, Data Communications, Mobile Telecoms and latterly Cloud/Sdn/Nfv technologies, as a professional technician, support manager, network and security architect. He has project-managed both agile Sdlc software development as well as technical network architecture design. He has experience in the deployment and integration of systems in enterprise, cloud, fixed/mobile telecoms, and service provider networks. He is knowledgeable in a wide range of technologies and has written a number of books in related fields.

Introduction | 1

Part I: Making Sense of the Hype

Chapter 1 – The Consumer Internet of Things | 5

A Wave of Technology, or a Wave of Hype | 5

IoT Skeptics and the Role of Security Issues | 6

The Internet of No-thing | 7

Where are these IoT devices? | 8

Why the ambiguity in IoT uptake? | 9

The Media and Marketing Hype | 9

Lack of Killer Applications | 11

There be Monsters | 11

Buying Secure IoT Devices? | 12

Making Things That Just Work | 16

Is this a consumer Internet of things? | 16

Skepticism, but the future looks bright | 17

Consumer Trust – or Lack of It | 19

Losing Control? | 19

Toys for the Rich | 21

IoT isn’t DIY | 22

Is Security a Major Inhibitor? | 23

Part II: Security

Chapter 2 – It’s Not Just About the Future | 27

Looking back to move forward | 27

Security by Design | 29

Data Mobile Networks | 30

A Confluence of New Technologies | 32

Basic Security Practices | 34

Chapter 3 – Flawed, Insecure Devices | 35

Why are so many insecure devices on the market? | 35

A Manufacturer’s Perspective | 35

The Device Production Cycle | 36

Software development in an agile market | 37



Clash of Cultures | 37

Developers and the Security Puzzle | 38

Reputational loss | 40

Chapter 4 – Securing the Unidentified | 43

The Scale of the Problem | 44

What Type of Devices to Secure? | 44

Unplanned Change | 44

The Consumer’s View on Security | 45

Chapter 5 – Consumer Convenience Trumps Security | 49

Plug n’ Pray | 49

Easy install – no truck rolls | 51

Convenient but insecure | 51

Many home networks are insecure? | 53

Customer Ignorance | 53

Chapter 6 – Startups Driving the IoT | 55

Installing IoT Devices | 56

Security knowledge is lacking | 56

Chapter 7 – Cyber-Security and the Customer Experience | 57

Pushing Security onto the Consumer | 58

Industry regulations and standards – where are they? | 58

The home ecosystem | 59

Security negativity | 60

Security Anomalies | 61

What device can be trusted | 61

Chapter 8 – Security Requirements for the IoT | 65

Why security issues arise | 65

Security and product confidence | 66

Me-too manufacturing | 66

Cutting development costs | 67

Security is not an extra | 67

Loss of product trust | 68

Designing appropriate security | 69

Chapter 9 – Re-engineering the IoT | 71

Comparing Apples and Oranges | 73

The Bluetooth lock saga | 74

Device vulnerabilities and flaws | 75



Flawed firmware | 76

Code re-use | 76

The issue with open source | 77

Chapter 10 – IoT Production, Security and Strength | 79

Manufacturing IoT Devices | 80

ODM design | 81

The tale of the Wi-Fi Kettle | 83

Push Vs. pull marketing | 83

Chapter 11 – Wearable’s – A New Developer’s Headache | 85

IoT by stealth | 87

The consumer IoT conundrum | 90

Designing in Vulnerabilities | 91

Passwords are the problem | 93

Why are cookies important? | 94

Chapter 12 – New Surface Threats | 97

Hacking IoT Firmware | 97

Part III: Architecting the Secure IoT

Chapter 13 – Designing the Secure IoT | 107

IoT from an Architect’s View-Point | 109

Modeling the IoT | 109

IoT communication patterns | 111

First IoT design principles | 113

Chapter 14 – Secure IoT Architecture Patterns | 117

Event and data processing | 118

Chapter 15 – Threat Models | 121

What are threat models? | 121

Designing a threat model | 122

6 steps to threat modeling | 122

Advanced IoT threats | 124

Devices | 124

Networks | 125

Infrastructure | 127

Interfaces | 127



Part IV: Defending the IoT

Chapter 16 – Threats, Vulnerabilities and Risks | 131

IoT threats & counter-measures | 131

Chapter 17 – IoT Security Framework | 135

Introduction to the IoT security framework | 135

Chapter 18 – Secure IoT Design | 141

IoT Network Design | 145

IoT protocols | 148

The IoT Stack | 149

Link layer | 150

Adaption layer | 152

IPv6 & IPsec | 154

Routing | 154

Messaging | 157

Chapter 19 – Utilizing IPv6 Security Features | 159

Securing the IoT | 162

Confidentiality | 162

Integrity | 162

Availability | 163

Link layer | 164

Network layer | 164

Transport layer | 165

Network security | 165

Part V: Trust

Chapter 20 – The IoT of Trust | 169

Trust between partners – there isn’t that much about | 170

IBM Vs. Microsoft | 171

Apple vs. Samsung | 171

Uber Vs Crowdsources drivers | 172

Manufacturer and customer trust model | 172

Dubious toys | 173

Kids play | 174

Chapter 21 – It’s All About the Data | 175

Appropriating data | 176

The Data Appropriators | 177



Where is the fair barter? | 178

Trust by design | 179

Chapter 22 – Trusting the Device | 185

Hacking voicemail | 188

Unethical phone hacking | 189

Chapter 23 – Who Can We Trust? | 191

Free is an Earner | 193

Pissing into the Tent | 193

IoT Trust is Essential | 194

The Osram debacle | 194

LIFX’s another Hack? | 195

Balancing Security and Trust | 196

So, Who Can We Trust? | 196

Open Trust Alliance | 197

Part VI: Privacy

Chapter 24 – Personal Private Information (PIP) | 201

Why is the Privacy of our Personal Information Important? | 201

Collecting Private Data | 204

Data is the New Oil, or Is It? | 204

Attacks on data privacy at Internet scale | 205

Young and Carefree | 206

Can we Control our Privacy? | 207

Ad-blockers – They’re Not What They Seem | 207

Google and the dubious ad blockers | 208

Privacy Laws Around the Globe | 208

United States of America | 209

Germany | 210

Russia | 211

China | 211

India | 212

Brazil | 212

Australia | 213

Japan | 213

UK (Under review) | 213

Different Laws in Countries – What Possibly Could Go Wrong | 214

Facebook’s EU Opt-out Scandal | 214



Chapter 25 – The U.S. and EU Data Privacy Shield | 217

When privacy laws collide | 219

Losing a Safe Harbor | 219

After the closure of the Safe Harbor | 220

Model and Standard Contractual Clauses | 220

The new EU – US Privacy Shield | 220

New shield or old failings | 221

Contradictions on privacy | 222

Leveraging the value of data | 224

Part VII: Surveillance, Subterfuge and Sabotage

Chapter 26 – The Panopticon | 229

The good, the bad and the ugly | 229

Home surveillance | 229

Law enforcement – going dark | 231

Dragnet Exploits | 233

The 5-Eyes (FVEY) | 235

PRISM | 237

Mastering the Internet | 241

Project TEMPORA | 241

XKEYSTORE | 243

Windstop | 244

MUSCULAR | 244

INCENSER | 246

Encryption in the IoT | 249

The Snooper’s charter | 251

Nothing to hide nothing to fear | 254

Its only metadata | 255

Index | 257

Erscheinungsdatum
Zusatzinfo 9 Illustrations, black and white
Verlagsort Boston
Sprache englisch
Maße 155 x 230 mm
Gewicht 460 g
Themenwelt Mathematik / Informatik Informatik Datenbanken
Informatik Netzwerke Sicherheit / Firewall
Schlagworte internet of things • IOT • IoT, Internet of Things, IPv6, Vulnerabilities, Hacking, Sensors • IPv6 security • Netzwerk • Sensoren • Sicherheit
ISBN-10 1-5015-1474-1 / 1501514741
ISBN-13 978-1-5015-1474-6 / 9781501514746
Zustand Neuware
Haben Sie eine Frage zum Produkt?
Mehr entdecken
aus dem Bereich
Das Lehrbuch für Konzepte, Prinzipien, Mechanismen, Architekturen und …

von Norbert Pohlmann

Buch | Softcover (2022)
Springer Vieweg (Verlag)
34,99
Management der Informationssicherheit und Vorbereitung auf die …

von Michael Brenner; Nils gentschen Felde; Wolfgang Hommel

Buch (2024)
Carl Hanser (Verlag)
69,99

von Chaos Computer Club

Buch | Softcover (2024)
KATAPULT Verlag
28,00