November 2018
Intermediate to advanced
382 pages
11h 20m
English
Content preview from Practical Internet of Things Security - Second Edition
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Account/credential deactivation/deletion
Deleting accounts used by IoT devices and the services they interact with will help combat the ability of an adversary to use those accounts to gain access after the devices have been decommissioned. Secret or private keys used for encryption (whether network or application) or key establishment should also be deleted to keep adversaries from decrypting captured data at a later point in time using those recovered keys. If active deletion or revocation of accounts and related material is not possible, consider very short-lived accounts and supporting credentials that age out quickly.