Hands on IoT

@sachinkmr_
Sachin Kumar

“If you spend more on tea than on IT security, you will be hacked. What’s more, you deserve to be hacked

Sagar Pasrija
@thesagarpasrija

Outline

  • Recap
  • What Is IoT ?
  • MQTT
  • Why HTTP Is Not Enough ?
  • MQTT.fx
  • Why Be Concerned About IoT ?
  • Wireshark
  • Summary

Recap

HTTP

  • HTTP is a client-server protocol: requests are sent by one entity, the user-agent (or a proxy on behalf of it)
  • Most of the time the user-agent is a Web browser, but it can be anything, for example a bot that crawls the Web to populate and maintain a search engine index
  • It is document centric
  • It is one to one

Web Sockets

  • WebSockets are evolution in client/server web technology. They allow a long-held single TCP socket connection to be established between the client and server
    
  • Allows bi-directional, full duplex, data transmission with little overhead
  • Thus very low latency connection

What Is IoT ?

The Internet of Things (IoT) is the network of physical devices, vehicles, home appliances and other items embedded with electronics, software, sensors, actuators, and connectivity which enables these objects to connect and exchange data

Where is IoT ?

Everything about IoT

Various Names, One Concept!

  • M2M (Machine to Machine)
  • “Internet of Everything” (Cisco Systems)
  • “World Size Web” (Bruce Schneier)
  • “Skynet” (Terminator movie)

MQTT

  • MQTT stands for Message Queuing Telemetry Transport
  • MQTT is a lightweight event and message-oriented protocol
  • MQTT works on a publish/subscribe architecture
  • A client subscribes to a channel on a server, and when a server receives new information for that channel, it pushes it out to that device

Working of MQTT

MQTT Standard Messages

MQTT QoS Levels

MQTT vs HTTP

Why HTTP Is Not Enough ?

HTTP is not really ideal for many of its special needs, such as:

  • Emitting information from one to many
  • Listening for events whenever they may happen
  • Distributing small packets of data in huge volumes
  • High sensitivity to
    • Volume (cost) of data being transmitted
    • Power consumption (battery-powered devices)
    • Responsiveness (near real-time delivery of information)

Why HTTP is not enough ?

Lucy Zhang, the engineer in charge was experienced enough to know that the 3 key issues were going to be:
  • latency – how to get faster phone-to-phone communications
  • battery – and do that without killing batteries
  • bandwidth – or sucking up the user’s available bandwidth

Why HTTP is not enough ?

Stephen Nicholas did a fascinating comparison of MQTT vs HTTPS on 3G and WiFi

MQTT.fx

Why Be Concerned About IoT ?

 It’s just another computer, right?

  • All of the same issues we have with access control, vulnerability management, patching, monitoring, etc.  

  •  Default, weak, and hardcoded credentials

  • Vulnerable web interfaces (SQL injection, XSS)

  • Clear text protocols and unnecessary open ports

  • DoS / DDoS

Why Be Concerned About IoT ?

Wireshark

Wireshark is a network packet analyzer.

Summary

 

  • If misunderstood and misconfigured, IoT poses risk to our data, privacy, and safety

 

  • If understood and secured, IoT will enhance communications, lifestyle, and delivery of services


 Threat V/S Opportunity

Thank you!

Any Questions?

Hands on IOT

By Sachin Kumar

Hands on IOT

  • 979