IoT Security – The Elephant in the room

Webinars, Training and Events

Events IoT Security – The Elephant in the room

Webinars, Training and Events requires membership for participation - click to join

Actions

Engagement

Author Author: element14Dave
Views 672 views

This event occurred in the past.

IoT Security – The Elephant in the room

Watch On-Demand

When

22 Oct 2015 9:00 AM to 10:00 AM Central Time (US & Canada)

Where

WebEx

Event Type

6 (Recording)

Engineering a [Secure] Connected World

{tabbedtable} Tab Label

Webinar

About this Webinar

Beyond the world of security-conscious embedded engineers, outsiders often laugh at our security warnings about the Internet of Things. And yet an outsider's questions like: 'why would hackers attack my devices?’ have some validity. So as connected devices become the norm in our lives rather than the exception manufacturers and users ignore security at their peril. But even so IoT Security is still the ‘Elephant in the room’. We know its there, its big and scary but we close our eyes and hope it will go away. This talk explores what the scale of the problem really is, the types of attack, how and why they are performed and how to counter them.

{gallery} IoT

IoT Security

Internet of Things

About the Presenter

Chris Tubbs is an industry veteran with 39 years experience in the Avionics, Simulation, Medical, Automotive and Software Industries. After 15 years in the Aerospace industry managing safety critical systems he co- founded companies in the Simulation and Medical Imaging markets in the roles of Commercial and Managing Director. He then spent eight Years in the Automotive industry in Germany and Holland as a Development and Business Development Manager after which he joined Green Hills Software in 2008. Chris was promoted to Director of Business Development EMEA in 2012 since when he has specialized in Safety and Security.

Webinar Recording

Top Comments

element14Dave over 7 years ago

Please find below all Q&As from yesterday’s webinar.

Q Hi all, I understand that a secure-safe OS is required to build a safe application, but I guess it is not forbiding the developer to write a non-safe application, right ?

A Absolutely correct. As Safety and Security experts we guide our customers through the design process and provide a design guide with our certified RTOS to help them through this.

Q I thought big company normally they have high earning and high budget. But why they have security problem ?

A Mainly because the cost of engineering in security is relatively high so to maintain profit margins security is often the first thing that’s compromised on. The phrase ‘Secure Enough’ often comes up. We take a very black and white view – its either secure or its not.

Q What are good starting points to learn more about development and security for an embedded software engineer working in IoT? (courses, etc)

A There is a good book written by a former Green Hills employee – Embedded Systems Security – practical Methods for Safe and Secure software development. By David and Mike Kleidermacher. Pretty much the bible on this.

Q Nowadays it's easy to develop your own home automation system using Raspberry Pi and Arduino. How do I secure these types of platforms.

A That’s difficult as you are probably programming bare metal or an OSEK.

Q What are the implications for hobby electronics given that building in security a major task?

A Security has to be looked at from different angles: from a software perspective, using a separation kernel can help isolating critical features from more connected, less scrutinized ones ; from there it's all test/test/test, and a connectivity analysis can help avoid a catastrophy like the Jeep issue where a telnet debug port was left open in the shipping product ; from a hardware and boot perspective, ensuring a trusted boot chain is key to verify what's running on your target is what you think it is, and we have a device lifecycle management system just for that then, it's about the amount of effort you're ready to put into this to make things secure enough, knowing that if it ever gets connected to anything, it's hackable for anyone with sufficient amount of time and competence

Q If a system is comprimized, what can the Police do ? is it even possible with dark net to catch the "bad guys"

A the law enforcement organisations have special units set up to combat cyber crime. They can catch the bad guys and do quite frequently. There is massive cooperation across international borders to do so.

Q In terms of silicon, how well supported are things like root of trust and secure boot? For embedded devices, I've not seen very good support from vendors - is this likely to change soon?

A Actually that’s already changed – Intel, Freescale and TI just to mention 3 all have product targeted at security and safety.

Q Is there danger by logging into public WIFI with Android smartphones?

A Android is one of the most hacked OS in the world and worse the Apps are very prone to hidden malware. Check out the vulnerabilities database online and you can get an idea. Public Wifi is a vulnerability point and there are well documented instances where for example one was infected with a piece of malware that effectively shut down any IOS device that connected to it until the device was out of range of that wifi point.

Q In the world of IOT, power consumption is an issue. What is the impact of the encryption on the power consumption?

A Encryption will indeed require some additional workload on the deployed system, either on the CPU itself or using additional SoC capabilities. This is a requirement however to provide a secured service for the device, so it's useful to look at how to make best use of the available local resources in the SoC. The cost also varies for data-at-rest and data-in-transit, where an IoT device that is power-conscious will also try to limit its communication needs, and as a consequence limit its encryption performance needs.
- Cancel
- Vote Up +2 Vote Down
- Sign in to reply
- More
- Cancel
element14Dave over 7 years ago

Recording of this webinar in the "Webinar Recording" tab.

Dave
- Cancel
- Vote Up +2 Vote Down
- Sign in to reply
- More
- Cancel
element14Dave over 7 years ago in reply to Former Member

Hello, Thanks for your interest in attending the webinar! If you did not receive an email by now ( the error code listed above is related to the image gallery, which should have no effect on the registration) please find the below link to join the webinar.

Join the webinar LIVE
- Cancel
- Vote Up 0 Vote Down
- Sign in to reply
- More
- Cancel
Former Member over 7 years ago

I Am trying to register for this seminar. I thought I had suceeded but have had no email to indicated how to access Webex.
The error message Init failed: Galleria could not find the element "#e14Gallery0". Has appeared on two attempts.
I am leaving this as a comment as there may be others in the same position. (Using IPAD 3)

Paphos14
- Cancel
- Vote Up +1 Vote Down
- Sign in to reply
- More
- Cancel
DAB over 7 years ago

Security has been one of my biggest complaint in the whole IOT evolution.

I see so many ways to use the information for other than intended purposes.

Hopefully this webinar will propose simple but effective methods for making misuse of the information harder to do.

DAB
- Cancel
- Vote Up +3 Vote Down
- Sign in to reply
- More
- Cancel