Explore the vast range of titles available.

This book explores how to secure the future state of the Internet of Things. Looking at an imminent future filled with computers that also moonlight as \"things\", the guide dissect the present and future threats to assets, digital and other wise. To avoid the significant technical debt which is likely to manifest as IoT adoption increases, it's important to think ahead. To that effect, the book examines how to design IoT solutions that provide end-to-end security and privacy at scale, delves into IoT economy from the perspective of both defenders and attackers, and discusses the implications of security usability.

Privacy is the “the interest that individuals have in sustaining a personal space free from interference by other people and organizations.” In many countries, privacy is enforced by law. This chapter look at the types of controls that can be used to protect privacy, and the effectiveness of such controls Differential privacy is a relatively new technique used to obfuscate a data set by introducing a certain amount of error into the data set while allowing the entity querying the data set to make relevant statistical inferences. The California Online Privacy Protection Act is the California law that requires websites to post a privacy policy and comply with what the company posts, including whether websites track users across their site and other party’s websites. The Children’s Online Privacy Protection Act is a US federal law that applies to websites that collect data from children under the age of 13.

This chapter discusses security principles and the security engineer mindset to guide the security architecture process in making trade-offs and prioritizing decisions. Security architecture is similar but focuses on technological solutions to ensure that the goals or mission of the system are maintained even in the presence of an adversary attempting to subvert that mission. Security architecture leverages the work of system architecture by reusing its many different views of the system. The chapter presents some security analysis examples of Internet of Things (IoT) use cases that explore IoT unique security challenges and solutions. Good systems architecture creates different diagrams that communicate different perspectives of the system. Threat modeling, or threat analysis, is a technical exercise used to identify all the potential weaknesses in a system. Threat modeling does not attempt to correct the problems but instead only lists the potential problems that exist.

October 21, 2016, is etched in the memory of security professionals and computer scientists as the Mirai Botnet attack. It was 1995 and the juggernauts of Internet business were rapidly gathering steam. At this time, businesses were just beginning to get on the Internet. A cheap toaster with poorly written software that’s exposed to computer networks or the Internet is not just an unreliable toast-making machine, but a ticking information security time bomb. Remote administration systems and interfaces of connected critical infrastructure such as power grids are juicy targets for highly skilled and resourced attackers. There is an assumption that security controls deployed in environments hosting such infrastructure are staffed with highly expert security management personnel paying great attention to detail—at least that’s the case in the leading tech countries of the world.

The Mirai software scans the Internet for certain types of Internet of Things (IoT) devices, for example, a certain type of baby monitor. When it locates such a device, the Mirai software attempts to log in to the device using the manufacturer’s default username and password. The Dyn attack highlights the potential damage caused by security vulnerabilities in any IoT device that is connected to a network—and most IoT devices are. This chapter presents the background necessary to frame the IoT environment and threats. IoT systems often have a similar general architecture, even if they are used in widely different IoT ecosystems and highly varied industries. The chapter discusses the architecture and design principles required to build secure IoT systems. When copycat attackers used Mirai code from Github to attack IoT devices, they were using a known and proven attack method.

This chapter discusses the architecture of Internet of Things (IoT) systems. IoT system security takes a team of experts in network security, computer security, hardware and software security, cloud infrastructure security, secure protocols, and cryptography. The security of an IoT system is extremely complex and crosses many security disciplines. Various industries and standards groups have developed and proliferated system architectures in order to better communicate the issues and requirements relating to systems for which they are concerned. The Internet of Things community is no different from any other architectural community. The primary difference is that IoT spans many different industries and ecosystems, and has a diverse set of concerns. The cloud is essential to an IoT system because it houses centralized applications and contains the data model of the IoT system, making those applications accessible to its users wherever they are, and is wholly independent of the actual location of the IoT devices themselves.

This chapter explores the Internet of Things (IoT) economy and the impact the criminal pursuit of money has on the current and future state of IoT security. A different class of cybercriminal seeks the destabilization of another entity via the destruction of their assets. But just like IoT, the draw of a new technology and prospects for opening new business ventures abound, creating counter-stabilizing pressures. Cryptocurrencies have fluctuated wildly, especially in the last couple of years. This is common with new currencies, even when they are national currencies. The chapter also explores the challenges facing the greenest defenders—builders of consumer IoT products such as smart toys—whose inexperience with technology makes them a prime target for the bad guys. Crypto mining usually requires expensive, specialized hardware that consumes large amounts of electricity, which can offset the gains in cryptocurrency rewards for the average miner.

This chapter aims to predict the future state of Internet of Things (IoT) in different sectors of the economy. Technology innovation continues to evolve apace. In IoT, “smarts” involves the use of technology to detect, analyze, and respond to changes in a physical environment. Developments in IoT have produced a demand for products that combine environmental sensing with automation to create “smart” solutions or environments. It is evident that IoT has the potential to increase healthcare efficiency by allowing healthcare professionals real-time access to the vitals of patients, the status of hospital equipment, or the availability of wards or doctors. IoT will play a central role in the running of major hospitals in most industrialized countries by 2040. Back-end services often require a connection to the Internet, if they are to receive data from remotely deployed IoT devices.

This chapter focuses on the security concerns that cloud computing introduces to an Internet of Things (IoT) system. The cloud eventually became a metaphor for the Internet—the Internet connects us to information that’s out there, information seemingly floating in the air, like clouds. Cloud object storage services must provide a means by which user access to data objects can be authenticated and user authorization can be verified. Block-level storage in cloud computing involves the emulation of traditional block devices, such as physical hard drives. As such, block storage services provide a traditional block storage device—such as a hard drive—over the network. Cloud compute services are the means by which cloud service providers enable consumers to create and manage virtual server instances running an OS or virtual machine. The cloud computing consumer is responsible for architecting their applications and cloud instances to ensure that the IoT cloud application and the cloud environment are secure.