Demystifying Internet of Things Security | PDF Download | free eBook :
This book covers the Deployment of IoT security for device/edge and IoT platforms, IoT Connectivities, Platform Security Hardware Building Blocks, and IoT Software Security Building Blocks. It’s written by Sunil Cheruvu, Anil Kumar, Ned Smith, and David M. Wheeler.
Demystifying Internet of Things Security
Demystifying Internet of Things Security – Successful IoT Device/Edge and Platform Security Deployment
[dflip id="365" ][/dflip]
Content of this IoT Security eBook | Tutorial Coverage
Table of Contents
Chapter 1: Conceptualizing the Secure Internet of Things ……………….1
The BadUSB Thumb Drive ………………………………………………………………………….2
Air-Gap Security ……………………………………………………………………………………….3
Stuxnet ……………………………………………………………………………………………………4
Designing Safe and Secure Cyber-Physical Systems …………………………………….6
Constrained Computing and Moore’s Law ………………………………………………….10
Trusted IoT Networks and the Network Edge ………………………………………………13
Conclusion …………………………………………………………………………………………….20
Chapter 2: IoT Frameworks and Complexity ………………………………..23
Introduction ……………………………………………………………………………………………23
Historical Background to IoT …………………………………………………………………….24
IoT Ecosystem …………………………………………………………………………………..27
Elements of an IoT System ………………………………………………………………………32
IoT Device …………………………………………………………………………………………32
IoT Network ………………………………………………………………………………………38
IoT System Management …………………………………………………………………….39
IoT Framework ………………………………………………………………………………….45
Summary IoT Framework Considerations ……………………………………………..58
IoT Framework Architecture ……………………………………………………………………..58
Data Object Layer ………………………………………………………………………………59
Node Interaction Layer ……………………………………………………………………….60
Platform Abstraction Layer ………………………………………………………………….61
Platform Layer …………………………………………………………………………………..63
Security Challenges with IoT Frameworks …………………………………………….64
Consumer IoT Framework Standards …………………………………………………………66
Open Connectivity Foundation (OCF) …………………………………………………….67
AllSeen Alliance/AllJoyn ……………………………………………………………………..78
Universal Plug and Play ………………………………………………………………………82
Lightweight Machine 2 Machine (LWM2M) …………………………………………….88
One Machine to Machine (OneM2M) …………………………………………………….96
Industrial IoT Framework Standards ………………………………………………………..104
Industrial Internet of Things Consortium (IIC) and OpenFog Consortium …..105
Open Platform Communications-Unified Architecture (OPC-UA) ……………..111
Data Distribution Service (DDS) ………………………………………………………….117
Framework Gateways ……………………………………………………………………………131
Framework Gateway Architecture ………………………………………………………133
Security Considerations for Framework Gateways ……………………………….138
Summary …………………………………………………………………………………………….146
Chapter 3: Base Platform Security Hardware Building Blocks ………149
Background and Terminology …………………………………………………………………152
Assets, Threats, and Threat Pyramid …………………………………………………..152
Inverted Threat Pyramid ……………………………………………………………………154
End-to-End (E2E) Security …………………………………………………………………157
Security Essentials …………………………………………………………………………..159
Base Platform Security Features Overview ………………………………………….167
Converged Security and Manageability Engine (CSME) ………………………….177
Secure/Verified, Measured Boot and Boot Guard ………………………………….179
Trusted Execution Technology (TXT) ……………………………………………………180
Platform Trust Technology (PTT) …………………………………………………………180
Enhanced Privacy ID (EPID) ……………………………………………………………….180
Memory Encryption Technologies ……………………………………………………….180
Dynamic Application Loader (DAL) ……………………………………………………..181
Software Guard Extensions (SGX) – IA CPU Instructions ………………………..182
Identity Crisis ……………………………………………………………………………………….182
Enhanced Privacy Identifier (EPID) ……………………………………………………..183
PTT/TPM …………………………………………………………………………………………184
Device Boot Integrity – Trust But Verify …………………………………………………….185
Secure Boot Mechanisms ………………………………………………………………….188
Overview of BIOS/UEFI Secure Boot Using Boot Guard Version 1.0 (BtG) ….192
Data Protection – Securing Keys, Data at Rest and in Transit ………………………193
Intel Platform Trust Technology (PTT) ………………………………………………….194
Windows PTT Architecture …………………………………………………………………195
Linux PTT Software Stack ………………………………………………………………….197
Runtime Protection – Ever Vigilant ………………………………………………………….198
Intel Virtualization Technology (Intel VT) ………………………………………………198
Software Guard Extensions (SGX) ……………………………………………………….201
Intel CSE/CSME – DAL ………………………………………………………………………203
Intel Trusted Execution Technology (TXT) …………………………………………….206
Threats Mitigated ………………………………………………………………………………….208
Zero-Day Attacks ……………………………………………………………………………..209
Other Attacks …………………………………………………………………………………..210
Conclusion …………………………………………………………………………………………..211
References ……………………………………………………………………………………..211
Chapter 4: IoT Software Security Building Blocks ……………………….213
Understanding the Fundamentals of Our Architectural Model ……………………..216
Operating Systems ………………………………………………………………………………..220
Threats to Operating Systems ……………………………………………………………224
Zephyr: Real-Time Operating System for Devices …………………………………230
Linux Operating Systems …………………………………………………………………..241
Hypervisors and Virtualization ………………………………………………………………..254
Threats to Hypervisors ……………………………………………………………………..257
Intel® ACRN ……………………………………………………………………………………265
ACRN Summary ……………………………………………………………………………….272
Software Separation and Containment …………………………………………………….276
Containment Security Principles ………………………………………………………..276
Threats to Extended Application Containment ………………………………………277
Containers ………………………………………………………………………………………278
Kata Containers ……………………………………………………………………………….280
Trusted Execution Environments ………………………………………………………..290
Containment Summary ……………………………………………………………………..297
Network Stack and Security Management ……………………………………………….298
Intel Data Plane Development Kit ……………………………………………………….298
Security Management ………………………………………………………………………302
Network Stack and Security Summary ……………………………………………….310
Device Management ……………………………………………………………………………..310
Mesh Central …………………………………………………………………………………..313
Wind River Helix Device Cloud ……………………………………………………………318
Device Management Summary ………………………………………………………….321
System Firmware and Root-of-Trust Update Service …………………………………322
Threats to Firmware and RoT Update ………………………………………………….323
Turtle Creek System Update and Manageability Service ………………………..325
System Firmware and RoT Summary ………………………………………………….329
Application-Level Language Frameworks …………………………………………………329
JavaScript and Node.js or Sails ………………………………………………………….330
Java and Android ……………………………………………………………………………..331
EdgeX Foundry ………………………………………………………………………………..333
Application-Level Framework Summary ……………………………………………..335
Message Orchestration ………………………………………………………………………….335
Message Queuing Telemetry Transport ……………………………………………….337
OPC Unified Architecture …………………………………………………………………..340
Constrained Application Protocol ………………………………………………………..343
Message Orchestration Summary ………………………………………………………344
Applications …………………………………………………………………………………………344
Summary …………………………………………………………………………………………….345
Chapter 5: Connectivity Technologies for IoT ……………………………..347
Ethernet Time-Sensitive Networking ……………………………………………………….348
Legacy Ethernet-Based Connectivity in Industrial Applications ………………349
Key Benefits of TSN ………………………………………………………………………….350
TSN Standards …………………………………………………………………………………352
TSN Profiles …………………………………………………………………………………….355
OPC-UA Over TSN …………………………………………………………………………….367
Overview of Wireless Connectivity Technologies ……………………………………….369
Considerations for Choosing Wireless Technologies for IoT ……………………369
Wi-Fi ………………………………………………………………………………………………374
Bluetooth ………………………………………………………………………………………..383
Zigbee …………………………………………………………………………………………….387
NFC ………………………………………………………………………………………………..390
GPS/GNSS ……………………………………………………………………………………….391
Cellular …………………………………………………………………………………………..391
5 G Cellular ……………………………………………………………………………………..393
LPWAN – Low-Power Wide Area Networks …………………………………………..403
A Case Study – Smart Homes …………………………………………………………….408
Summary …………………………………………………………………………………………….409
References …………………………………………………………………………………………..409
Chapter 6: IoT Vertical Applications and Associated
Security Requirements ……………………………………………………………413
Common Domain Requirements and the Security MVP ………………………………419
Some Common Threats ………………………………………………………………………….421
Retail Solutions …………………………………………………………………………………….422
Security Objectives and Requirements ……………………………………………….423
Threats …………………………………………………………………………………………..424
Standards – Regulatory and Industry ………………………………………………….430
Transportation Solutions ………………………………………………………………………..431
Connected Vehicle Infrastructure ……………………………………………………….432
Security Objectives and Requirements ……………………………………………….433
Threats …………………………………………………………………………………………..435
Mitigations ………………………………………………………………………………………438
Standards – Regulatory and Industry ………………………………………………….441
Industrial Control System (ICS) and Industrial IoT (IIoT) ………………………………442
Security Objectives and Requirements ……………………………………………….443
Threats …………………………………………………………………………………………..446
Standards – Regulatory and Industry ………………………………………………….449
Digital Surveillance System ……………………………………………………………………450
Security Objectives and Requirements ……………………………………………….454
Threats …………………………………………………………………………………………..456
Standards – Regulatory and Industry ………………………………………………….459
Summary …………………………………………………………………………………………….462
Appendix: Conclusion ……………………………………………………………..463
Economics of Constrained Roots-of-Trust ………………………………………………..465
IoT Frameworks – Necessary Complexity …………………………………………………465
Hardware Security – More Than a Toolbox ……………………………………………….466
IOT Software – Building Blocks with Glue …………………………………………………466
Ethernet TSN – Everybody’s Common Choice? ………………………………………….467
Security MVP – The Champion Within a Fractured IoT Ecosystem ………………..468
The Way Forward ………………………………………………………………………………….468
Index …………………………………………………………………………………….471
The person behind this site is an NIT (National Institute of Technology) Grad with 20+ years of industry experience. The team has nicknamed him Mr. ClassNotes. With a group of blogs and websites, Mr. ClassNotes shares his knowledge and experience with global readers.