IOT Security

Why it matters?

Jhonathan Howard F.

Software Engineer - Infrastructure/Systems

ICEP 2017

WHOAMI

• 5yrs experience in IT Industry

• Digital Nomad

• Devcon Philippines

• Philippine Android Developers Group

• Indigitous Philippines

• fan of BW

Text

Internet of Things ? ? ?

Mobile Phones

and many more . . .

The Internet of Things (IoT) refers to the ever-growing network of physical objects that feature an IP andress or internet connectivity, and the other internet-enabled devices and systems.

Ubiquitous . . .

• Every Auto
• Every Mobile
• Every Door
• Every Room
• its literally everywhere!

INFORMATION is the common key deliverable

Despite the wave . . .

Increase amount of DEVICES . . .

DEVICES

DATA

SECURITY, PRIVACY, & SAFETY

Concerns . . .

?  ?  ?

WHY IT IS SO CRITICAL ? ? ?

What is being done to secure IoT ? ? ?

IOT SECURITY DESIGN RULES

• Build Security In, it cannot be added later
• Keep security mechanism simple
• Use existing standards
• Obscurity doesnt provide security
• Encrypt sensitive data at rest and in transit
• Identity and Access Management must be part of design
• Develop a realistic threat model

COMMON SECURITY ISSUES

Whats more needed to be done ? ? ? 

• Secure Web, Mobile and Cloud
• Implement an IAM/IRM System
• Provisioning Device Identity
• Register User,Authn, Claim ownership
• Device send data on behalf of user
• Users share data, Revoke Tokens
• Network Services
• Transport Encryption
• Privacy as part of design
• Software/Firmware
• Physical Security

There is no such thing as absolute security; its a matter of degree.

Providing security is a managing insecurity, and in today's world national security in an oxymoron. Its a global problem

THANK YOU !

Jhonathan Howard F.

Software Engineer - Infrastructure/Systems

ICEP 2017