O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

IoT Security Issues

Book Description

IoT Security Issues looks at the burgeoning growth of devices of all kinds controlled over the Internet of all varieties, where product comes first and security second. In this case, security trails badly. This book examines the issues surrounding these problems, vulnerabilities, what can be done to solve the problem, investigating the stack for the roots of the problems and how programming and attention to good security practice can combat the problems today that are a result of lax security processes on the Internet of Things.

This book is for people interested in understanding the vulnerabilities on the Internet of Things, such as programmers who have not yet been focusing on the IoT, security professionals and a wide array of interested hackers and makers. This book assumes little experience or knowledge of the Internet of Things. To fully appreciate the book, limited programming background would be helpful for some of the chapters later in the book, though the basic content is explained.

The author, Alasdair Gilchrist, has spent 25 years as a company director in the fields of IT, Data Communications, Mobile Telecoms and latterly Cloud/SDN/NFV technologies, as a professional technician, support manager, network and security architect. He has project-managed both agile SDLC software development as well as technical network architecture design. He has experience in the deployment and integration of systems in enterprise, cloud, fixed/mobile telecoms, and service provider networks. He is therefore knowledgeable in a wide range of technologies and has written a number of books in related fields.

Table of Contents

  1. Cover
  2. Title
  3. Copyright
  4. Acknowledgements
  5. Table of Contents
  6. Introduction
  7. Part I: Making Sense of the Hype
    1. Chapter 1 – The Consumer Internet of Things
      1. A Wave of Technology, or a Wave of Hype
      2. IoT Skeptics and the Role of Security Issues
      3. The Internet of No-thing
      4. Where are these IoT devices?
      5. Why the ambiguity in IoT uptake?
      6. The Media and Marketing Hype
      7. Lack of Killer Applications
      8. There be Monsters
      9. Buying Secure IoT Devices?
      10. Making Things That Just Work
      11. Is this a consumer Internet of things?
      12. Skepticism, but the future looks bright
      13. Consumer Trust – or Lack of It
      14. Losing Control?
      15. Toys for the Rich
      16. IoT isn’t DIY
      17. Is Security a Major Inhibitor?
  8. Part II: Security
    1. Chapter 2 – It’s Not Just About the Future
      1. Looking back to move forward
      2. Security by Design
      3. Data Mobile Networks
      4. A Confluence of New Technologies
      5. Basic Security Practices
    2. Chapter 3 – Flawed, Insecure Devices
      1. Why are so many insecure devices on the market?
      2. A Manufacturer’s Perspective
      3. The Device Production Cycle
      4. Software development in an agile market
      5. Clash of Cultures
      6. Developers and the Security Puzzle
      7. Reputational loss
    3. Chapter 4 – Securing the Unidentified
      1. The Scale of the Problem
      2. What Type of Devices to Secure?
      3. Unplanned Change
      4. The Consumer’s View on Security
    4. Chapter 5 – Consumer Convenience Trumps Security
      1. Plug n’ Pray
      2. Easy install – no truck rolls
      3. Convenient but insecure
      4. Many home networks are insecure?
      5. Customer Ignorance
    5. Chapter 6 – Startups Driving the IoT
      1. Installing IoT Devices
      2. Security knowledge is lacking
    6. Chapter 7 – Cyber-Security and the Customer Experience
      1. Pushing Security onto the Consumer
      2. Industry regulations and standards – where are they?
      3. The home ecosystem
      4. Security negativity
      5. Security Anomalies
      6. What device can be trusted
    7. Chapter 8 – Security Requirements for the IoT
      1. Why security issues arise
      2. Security and product confidence
      3. Me-too manufacturing
      4. Cutting development costs
      5. Security is not an extra
      6. Loss of product trust
      7. Designing appropriate security
    8. Chapter 9 – Re-engineering the IoT
      1. Comparing Apples and Oranges
      2. The Bluetooth lock saga
      3. Device vulnerabilities and flaws
        1. Flawed firmware
        2. Code re-use
      4. The issue with open source
    9. Chapter 10 – IoT Production, Security and Strength
      1. Manufacturing IoT Devices
      2. ODM design
        1. The tale of the Wi-Fi Kettle
      3. Push Vs. pull marketing
    10. Chapter 11 – Wearable’s – A New Developer’s Headache
      1. IoT by stealth
      2. The consumer IoT conundrum
      3. Designing in Vulnerabilities
      4. Passwords are the problem
      5. Why are cookies important?
    11. Chapter 12 – New Surface Threats
      1. Hacking IoT Firmware
  9. Part III: Architecting the Secure IoT
    1. Chapter 13 – Designing the Secure IoT
      1. IoT from an Architect’s View-Point
      2. Modeling the IoT
      3. IoT communication patterns
      4. First IoT design principles
    2. Chapter 14 – Secure IoT Architecture Patterns
      1. Event and data processing
    3. Chapter 15 – Threat Models
      1. What are threat models?
      2. Designing a threat model
      3. 6 steps to threat modeling
      4. Advanced IoT threats
        1. Devices
        2. Networks
        3. Infrastructure
        4. Interfaces
  10. Part IV: Defending the IoT
    1. Chapter 16 – Threats, Vulnerabilities and Risks
      1. IoT threats & counter-measures
    2. Chapter 17 – IoT Security Framework
      1. Introduction to the IoT security framework
    3. Chapter 18 – Secure IoT Design
      1. IoT Network Design
      2. IoT protocols
      3. The IoT Stack
        1. Link layer
        2. Adaption layer
      4. IPv6 & IPsec
        1. Routing
        2. Messaging
    4. Chapter 19 – Utilizing IPv6 Security Features
      1. Securing the IoT
        1. Confidentiality
        2. Integrity
        3. Availability
        4. Link layer
        5. Network layer
        6. Transport layer
        7. Network security
  11. Part V: Trust
    1. Chapter 20 – The IoT of Trust
      1. Trust between partners – there isn’t that much about
      2. IBM Vs. Microsoft
      3. Apple vs. Samsung
      4. Uber Vs Crowdsources drivers
      5. Manufacturer and customer trust model
      6. Dubious toys
      7. Kids play
    2. Chapter 21 – It’s All About the Data
      1. Appropriating data
      2. The Data Appropriators
      3. Where is the fair barter?
      4. Trust by design
    3. Chapter 22 – Trusting the Device
      1. Hacking voicemail
      2. Unethical phone hacking
    4. Chapter 23 – Who Can We Trust?
      1. Free is an Earner
      2. Pissing into the Tent
      3. IoT Trust is Essential
      4. The Osram debacle
      5. LIFX’s another Hack?
      6. Balancing Security and Trust
      7. So, Who Can We Trust?
      8. Open Trust Alliance
  12. Part VI: Privacy
    1. Chapter 24 – Personal Private Information (PIP)
      1. Why is the Privacy of our Personal Information Important?
      2. Collecting Private Data
      3. Data is the New Oil, or Is It?
      4. Attacks on data privacy at Internet scale
      5. Young and Carefree
      6. Can we Control our Privacy?
      7. Ad-blockers – They’re Not What They Seem
      8. Google and the dubious ad blockers
      9. Privacy Laws Around the Globe
        1. United States of America
        2. Germany
        3. Russia
        4. China
        5. India
        6. Brazil
        7. Australia
        8. Japan
        9. UK (Under review)
      10. Different Laws in Countries – What Possibly Could Go Wrong
        1. Facebook’s EU Opt-out Scandal
    2. Chapter 25 – The U.S. and EU Data Privacy Shield
      1. When privacy laws collide
      2. Losing a Safe Harbor
      3. After the closure of the Safe Harbor
      4. Model and Standard Contractual Clauses
      5. The new EU – US Privacy Shield
      6. New shield or old failings
      7. Contradictions on privacy
      8. Leveraging the value of data
  13. Part VII: Surveillance, Subterfuge and Sabotage
    1. Chapter 26 – The Panopticon
      1. The good, the bad and the ugly
      2. Home surveillance
      3. Law enforcement – going dark
      4. Dragnet Exploits
      5. The 5-Eyes (FVEY)
      6. PRISM
      7. Mastering the Internet
      8. Project TEMPORA
        1. XKEYSTORE
      9. Windstop
        1. MUSCULAR
        2. INCENSER
      10. Encryption in the IoT
      11. The Snooper’s charter
      12. Nothing to hide nothing to fear
      13. Its only metadata
  14. Index