the ticking time bomb – infrastructure annual iiaisaca hacking... · the danger is real • iot...
TRANSCRIPT
The Ticking Time Bomb – Infrastructure –
Vulnerabilities of the
Internet of Things
Prepared For
Copyright Eclypses 2017 - Confidential
By Steven R. Russo
We are living in a “Connected World
Copyright Eclypses 2017 - Confidential
The “Pineapple”
Copyright Eclypses 2017 - Confidential
Risk is high - Security Flaws Abundant The Danger Is Real
• IoT vulnerabilities can be utilized to: • Exploit “data,” • Inflict physical harm to one or many
• Examples of Prime Targets :
• Data • Critical infrastructure
• Natural gas – Electric - Oil • Nuclear facilities
• Autonomous vehicles • ATM’s • Military Autonomy
• Drones, Aircraft, Missiles, Tanks, etc.
Copyright Eclypses 2017 - Confidential
Why Change Is Required
Threats not limited to things around us –
Copyright Eclypses 2017 - Confidential
• Neurostimulators • Gastric stimulators • Cardiac Defibrillators • Pacemakers • Insulin Pumps
Why Change Is Required
Copyright Eclypses 2017 - Confidential
U.S. Food and Drug Administration (FDA) confirmed the existence of flaws in implants and transmitters made by a major U.S. medical device company These transmitters are connected to the internet The FDA disclosed that the transmitters have security vulnerabilities allowing them to be hacked in dangerous fashion.
The Landscape
Simplistic tactics can cause great harm Destruction
Copyright Eclypses 2017 - Confidential
Attackers Ability To Execute Commands To Both Connected and Intelligent Devices Must Be
Stopped
The Landscape
• Gartner forecasts - 8.4 billion connected 2017
• Up 31 percent from 2016, will reach 20.4 billion by 2020 • Total spending on endpoints and - $2 trillion in 2017
Copyright Eclypses 2017 - Confidential
The Landscape
• Vulnerabilities such as malware ARE and WILL be present
• DDoS attacks - 71% increase between late 2015 - 2016
• Remote code-injection into a server or systems • Substation control • Power outages • Loss of critical services
Copyright Eclypses 2017 - Confidential
The Landscape
• Manufacturers do the absolute minimum
• Researchers uncovered dozens of vulnerabilities in critical infrastructure ecosystems
• Researchers uncovered dozens of vulnerabilities in most every other connected system
Copyright Eclypses 2017 - Confidential
The Internet’s Design From Day 1
• Internet never constructed to be secure • James Scott, a senior fellow at the Institute for Critical Infrastructure Technology
• “Now you have insecure devices being networked to an insecure Internet"
• Vince G. Cerf VP/ Chief Evangelist for Google –
• "We didn’t focus on how you could wreck this system intentionally”
Copyright Eclypses 2017 - Confidential
The Door Has Been Left Wide open
It’s Easy to Point Out Vulnerabilities It’s Solution Can Be Complex
• Many attempting to solve
• Methods and methodology flawed • Encryption
• Public Key Infrastructure (PKI), combined Firewalls and/or Certificates
• “Blockchain” architecture
• Static hardware solutions
Copyright Eclypses 2017 - Confidential
It’s Easy to Point Out Vulnerabilities It’s Solution Can Be Complex
• All provide obstacles and challenges
• All exposed to vulnerabilities
• All have a variety of limitations
.
Copyright Eclypses 2017 - Confidential
Flaws And Limitations To Current Solutions
• Speed • Performance • Flexibility • Requirement of Processing Power • Storage requirements
Copyright Eclypses 2017 - Confidential
They Have NOT Been Proven To Be Unhackable
What The World Does Today
Deployment of “Real Commands” End to end Encryption
• PKI • Secure Tunnel Architectures • AES Encryption • Hardware Solutions • Intrusion monitoring
Copyright Eclypses 2017 - Confidential
Commands To & From Connected Devices
Flaws And Limitations To Current Solutions - PKI
• PKI • Framed to be the best
• Flawed • Assumption that Certificate Authority (CA) is truthful, honest,
and legitimate
• Gaining control of a CA - • fraudulent certificates • Masquerade at will
Copyright Eclypses 2017 - Confidential
Flaws And Limitations To Current Solutions - PKI
• PKI – History • compromised CA organizations
• Emergence of new threats continues
• Attacks continue to be successful
• Repeated success question’s PKI
Is it really the best choice as the security of the future?
Copyright Eclypses 2017 - Confidential
Flaws And Limitations To Current Solutions Blockchain • Decades of R & D • Touted as disruptive
• Decentralized electronic ledger • variables and authentication into a transmission
• Concern:
• Application within automotive • Different design requirements • Business cases – security architectures • Methods initially adopted
• Public/Private Blockchains • Unsolved Challenges - widespread use
Copyright Eclypses 2017 - Confidential
Flaws And Limitations To Current Solutions Blockchain
• IoT - So many variables
• Blockchain requires high data quality • Standard definitions - Recognizable globally
• Quality of data within Blockchain remains suspect
Copyright Eclypses 2017 - Confidential
After All These Years, Blockchain Technology Has Yet To Be perfected
Who knows if it ever will
Flaws And Limitations To Current Solutions Hardware
• Argument that they can withstand attacks • Flaws:
• Not flexible • Require higher levels of processing power • System requirements • Not easily adaptable
• Significant changes required • Require internet access • Impractical on deployed Systems • Update complexity
Copyright Eclypses 2017 - Confidential
Flaws And Limitations To Current Solutions Hardware
• Sensors, Controls, Valves and LED warning systems possess little to no processing power • Limited space availability
• Manufactures are looking to “Cut Cost”
• “Things” change – Flexibility - Limits hardware viability
Copyright Eclypses 2017 - Confidential
Hardware, will not be a widely adopted, long-term viable or a realistic
solution for the future
Why Change Is Required
Because Today’s Methods Do Not Work!
Copyright Eclypses 2017 - Confidential
• Forrester predicts that more than 500,000 internet of things (IoT) devices will suffer a compromise in 2017, dwarfing Heartbleed.
THIS IS JUST THE BEGINNING
• Bad actors penetrate Firewalls • Get past Encryption
• Access to all the data being stored • Data Intercepted • Physical harm
Why Change Is Required
Privacy And Security
Copyright Eclypses 2017 - Confidential
• Google Home • Baby Monitors • Televisions
• Automobile Theft • Automobile Control • Autonomous Vehicles • Aeronautics – Planes - Drones • Military Communications • Missile Defense
A New Solution – A Paradyme Shift • Requires something new and different
• Optimal solution - advanced layers
• Connected and/or Intelligent devices
• Eliminate malicious attacks
• End-to-end solution
• Ultra-secure and “iron-clad” framework
Copyright Eclypses 2017 - Confidential
New Options Are Available – MicroToken Exchange™
• MicroToken Exchange™ • Creates That Paradyme Shift • MicroTokenization®,
• Software solution • Replaces actual data with MicroToken Clusters • Utilized existing networks
Potentially Makes Data Exploitation Unassailable
MicroToken Exchange
Copyright Eclypses 2017 - Confidential
Data In Motion (IoT) – MicroToken Exchange Securing commands to intelligent and connected devices
• Premise :
• Stop Using “Real Data”; use MicroTokens instead! • What Is A MicroToken?
• “Token type” replacement • Placeholder for real data
• Created through (AI)
Command-Level MicroTokenization
No Longer Transfer Real Data Between Controllers And Networked (IoT) Devices
• Send/receive commands authenticated & obfuscated
• MicroTokens™ Execute pre-programmed commands
Access is never granted to entire systems
• Can only be interpreted by paired devices– • Randomly-sized MicroToken packets
MTE MicroToken
Exchange
MTE - Command-Level MicroTokenization at Work
• Sending “Real Commands” eliminated
• Variable chaff
Visual of MTE - Command-Level MicroTokenization
• MicroToken identified
• Indiscernible
MTE (MicroToken Exchange) Better and Stronger Than Encryption
• In-directional technologies add to the magic
• Packet sizes are small & lightweight
• MTE ELIMINATES ability to replicate discernable values
• MicroTokens expire MicroToken Exchange
MTE
Why Is Encryption Not The Best Choice
• Require processing power • stronger the encryption, the more processing power
• Increases latency • Stronger encryption - slower speeds
• Key Management
• Processing power and speed • Key management Vulnerabilities
• Encryption broken
Additional Enhancements Combining Data At Rest
• MTE - Larger Data
• Secures data individually
• Pairs data with a MicroToken™
• independently MicroEncrypted™
• No Key management by users
Copyright Eclypses 2017 - Confidential
Ensuring that sensitive data remains unavailable to exploitation in the event of an internal or external
network defense breach
Steven Russo
Executive Vice President
Office: 719-323-6680 X 120
For more information contact:
Prepared For
Copyright Eclypses 2017 - Confidential
The Ticking Time Bomb – Infrastructure –
Vulnerabilities of the
Internet of Things
Sponsored By