Merci d'avoir envoyé votre demande ! Un membre de notre équipe vous contactera dans les plus brefs délais.
Merci pour votre réservation ! Un membre de notre équipe vous contactera dans les plus brefs délais.
Plan du cours
Session 1 & 2: Basic and Advanced concepts of IoT architecture from security perspective
- A brief history of evolution of IoT technologies
- Data models in IoT system – definition and architecture of sensors, actuators, device, gateway, communication protocols
- Third party devices and risk associated with vendors supply chain
- Technology ecosystem – device providers, gateway providers, analytics providers, platform providers, system integrator -risk associated with all the providers
- Edge driven distributed IoT vs Cloud driven central IoT : Advantage vs risk assessment
- Management layers in IoT system – Fleet management, asset management, Onboarding/Deboarding of sensors , Digital Twins. Risk of Authorizations in management layers
- Demo of IoT management systems- AWS, Microsoft Azure and Other Fleet managers
- Introduction to popular IoT communication protocols – Zigbee/NB-IoT/5G/LORA/Witespec – review of vulnerability in communication protocol layers
- Understanding the entire Technology stack of IoT with a review of Risk management
Session 3: A check-list of all risks and security issues in IoT
- Firmware Patching- the soft belly of IoT
- Detailed review of security of IoT communication protocols- Transport layers ( NB-IoT, 4G, 5G, LORA, Zigbee etc. ) and Application Layers – MQTT, Web Socket etc.
- Vulnerability of API end points -list of all possible API in IoT architecture
- Vulnerability of Gate way devices and Services
- Vulnerability of connected sensors -Gateway communication
- Vulnerability of Gateway- Server communication
- Vulnerability of Cloud Database services in IoT
- Vulnerability of Application Layers
- Vulnerability of Gateway management service- Local and Cloud based
- Risk of log management in edge and non-edge architecture
Session 4: OSASP Model of IoT security , Top 10 security risk
- I1 Insecure Web Interface
- I2 Insufficient Authentication/Authorization
- I3 Insecure Network Services
- I4 Lack of Transport Encryption
- I5 Privacy Concerns
- I6 Insecure Cloud Interface
- I7 Insecure Mobile Interface
- I8 Insufficient Security Configurability
- I9 Insecure Software/Firmware
- I10 Poor Physical Security
Session 5: Review and Demo of AWS-IoT and Azure IoT security principle
- Microsoft Threat Model – STRIDE
-
Details of STRIDE Model
- Security device and gateway and server communication – Asymmetric encryption
- X.509 certification for Public key distribution
- SAS Keys
- Bulk OTA risks and techniques
- API security for application portals
- Deactivation and delinking of rogue device from the system
- Vulnerability of AWS/Azure Security principles
Session 6: Review of evolving NIST standards/recommendation for IoT
-
Review of NISTIR 8228 standard for IoT security -30 point risk consideration Model
-
Third party device integration and identification
- Service identification & tracking
- Hardware identification & tracking
- Communication session identification
- Management transaction identification and logging
- Log management and tracking
Session 7: Securing Firmware/ Device
-
Securing debugging mode in a Firmware
-
Physical Security of hardware
- Hardware cryptography – PUF ( Physically Unclonable Function) -securing EPROM
- Public PUF, PPUF
- Nano PUF
- Known classification of Malwares in Firmware ( 18 families according to YARA rule )
- Study of some of the popular Firmware Malware -MIRAI, BrickerBot, GoScanSSH, Hydra etc.
Session 8: Case Studies of IoT Attacks
- Oct. 21, 2016, a huge DDoS attack was deployed against Dyn DNS servers and shut down many web services including Twitter . Hackers exploited default passwords and user names of webcams and other IoT devices, and installed the Mirai botnet on compromised IoT devices. This attack will be studied in detail
- IP cameras can be hacked through buffer overflow attacks
- Philips Hue lightbulbs were hacked through its ZigBee link protocol
- SQL injection attacks were effective against Belkin IoT devices
- Cross-site scripting (XSS) attacks that exploited the Belkin WeMo app and access data and resources that the app can access
Session 9: Securing Distributed IoT via Distributer Ledger – BlockChain and DAG (IOTA) [3 hours]
-
Distributed ledger technology– DAG Ledger, Hyper Ledger, BlockChain
-
PoW, PoS, Tangle – a comparison of the methods of consensus
- Difference between Blockchain, DAG and Hyperledger – a comparison of their working vs performance vs decentralization
- Real Time, offline performance of the different DLT system
- P2P network, Private and Public Key- basic concepts
- How ledger system is implemented practically- review of some research architecture
- IOTA and Tangle- DLT for IoT
- Some practical application examples from smart city, smart machines, smart cars
Session 10: The best practice architecture for IoT security
- Tracking and identifying all the services in Gateways
- Never use MAC address- use package id instead
- Use identification hierarchy for devices- board ID, Device ID and package ID
- Structure the Firmware Patching to perimeter and conforming to service ID
- PUF for EPROM
- Secure the risks of IoT management portals/applications by two layers of authentication
- Secure all API- Define API testing and API management
- Identification and integration of same security principle in Logistic Supply Chain
- Minimize Patch vulnerability of IoT communication Protocols
Session 11: Drafting IoT security Policy for your organization
- Define the lexicon of IoT security / Tensions
- Suggest the best practice for authentication, identification, authorization
- Identification and ranking of Critical Assets
- Identification of perimeters and isolation for application
- Policy for securing critical assets, critical information and privacy data
Pré requis
- Basic knowledge devices, electronics systems and data systems
- Basic understanding of software and systems
- Basic understanding of Statistics (in Excel levels)
- Understanding of Telecommunication Verticals
Summary
- An advanced training program covering the current state of the art security of Internet of Things
- Covers all aspect of security of Firmware , Middleware and IoT communication protocols
- The course provides a 360 degree view of all kinds of security initiatives in IoT domain for those who are not deeply familiar with IoT standards, evolution and future
- Deeper probe into security vulnerabilities in Firmware, Wireless communication protocols, device to cloud communication.
- Cutting across multiple technology domains to develop awareness of security in IoT systems and its components
- Live demo of some of the security aspects of gateways, sensors and IoT application clouds
- The course also explains 30 principle risk considerations of current and proposed NIST standards for IoT security
- OSWAP model for IoT security
- Provides detailed guideline for drafting IoT security standards for an organization
Target Audience
Engineers/managers/security experts who are assigned to develop IoT projects or audit/review security risks.
21 heures
Nos Clients témoignent (3)
Les compétences orales et le côté humain du formateur (Augustin).
Jeremy Chicon - TE Connectivity
Formation - NB-IoT for Developers
Traduction automatique
The training was relevant to my needs and I would be able to apply the lessons learnt to meet my challenging needs
Botshabelo Jason - Water Utilities Botswana
Formation - IoT Fundamentals and Frontiers : For Managers, CXO, VP, Investors and Entrepreneurs
Travaux pratiques
James - Argent Energy
Formation - Introduction to IoT Using Arduino
Traduction automatique