Demystifying Internet of Things Security : Successful IoT Device/Edge and Platform Security Deployment.
| Main Author: | |
|---|---|
| Other Authors: | , , |
| Format: | eBook |
| Language: | English |
| Published: |
Berkeley, CA :
Apress L. P.,
2019.
|
| Edition: | 1st ed. |
| Subjects: | |
| Online Access: | Click to View |
Table of Contents:
- Intro
- Table of Contents
- About the Authors
- Acknowledgments
- Foreword
- Introduction
- Chapter 1: Conceptualizing the Secure Internet of Things
- The BadUSB Thumb Drive
- Air-Gap Security
- Stuxnet
- Designing Safe and Secure Cyber-Physical Systems
- Constrained Computing and Moore's Law
- Trusted IoT Networks and the Network Edge
- Conclusion
- Chapter 2: IoT Frameworks and Complexity
- Introduction
- Historical Background to IoT
- IoT Ecosystem
- Connectivity Technology
- Messaging Technology
- Platform Technology
- Elements of an IoT System
- IoT Device
- IoT Device Architectural Goals
- Interoperability
- Security
- IoT Network
- IoT System Management
- Device Lifecycle
- Manufacturing
- Supply Chain
- Deployment
- Normal Operation and Monitoring
- Manage
- Update
- Decommissioning
- IoT Framework
- IoT Framework Design Goals
- IoT Data Model and System Abstractions
- IoT Node
- IoT Operations Abstraction
- Connectivity Elements
- Manageability Elements
- Security Elements
- Consider the Cost of Cryptography
- Summary IoT Framework Considerations
- IoT Framework Architecture
- Data Object Layer
- Node Interaction Layer
- Platform Abstraction Layer
- Platform Layer
- Security Challenges with IoT Frameworks
- Consumer IoT Framework Standards
- Open Connectivity Foundation (OCF)
- OCF Core Framework Layer
- OCF Profiles Framework Layer
- The OCF Device Abstraction
- OCF Security
- AllSeen Alliance/AllJoyn
- AllJoyn Security
- Universal Plug and Play
- UPnP Security
- Lightweight Machine 2 Machine (LWM2M)
- LWM2M Architecture
- LWM2M Device Management
- LWM2M Security
- One Machine to Machine (OneM2M)
- OneM2M Security
- Industrial IoT Framework Standards
- Industrial Internet of Things Consortium (IIC) and OpenFog Consortium.
- Open Platform Communications-Unified Architecture (OPC-UA)
- OPC-UA Framework Architecture
- OPC-UA Security
- Data Distribution Service (DDS)
- DDS Framework Architecture
- DDS Security
- Security Enveloping
- Security Tokens
- Security Plugin Modules
- Framework Gateways
- Framework Gateway Architecture
- Type I Framework Gateway
- Type II Framework Gateway
- Type III Framework Gateway
- Type IV Framework Gateway
- Security Considerations for Framework Gateways
- Security Endpoints Within the Gateway
- Security Endpoints in Type I Gateways
- Security Endpoints in Type II Gateways
- Security Endpoints in Type III Gateways
- Security Endpoints in Type IV Gateways
- Security Framework Gateway Architecture
- Summary
- Chapter 3: Base Platform Security Hardware Building Blocks
- Background and Terminology
- Assets, Threats, and Threat Pyramid
- Inverted Threat Pyramid
- Sample IoT Device Lifecycle
- End-to-End (E2E) Security
- Security Essentials
- Device Identity
- Protected Boot
- Protected Storage
- Trusted Execution Environment (TEE)
- Built-In Security
- Base Platform Security Features Overview
- CPU Hosted Crypto Implementations
- Malware Protection (OS Guard)
- OS Guard (SMEP)
- OS Guard (SMAP)
- Encryption/Decryption Using AES-NI
- Sign/Verify Using Intel® SHA Extensions
- Intel® Data Protection Technology with Secure Key (DRNG)
- Converged Security and Manageability Engine (CSME)
- Secure/Verified, Measured Boot and Boot Guard
- Trusted Execution Technology (TXT)
- Platform Trust Technology (PTT)
- Enhanced Privacy ID (EPID)
- Memory Encryption Technologies
- TME
- MKTME
- Dynamic Application Loader (DAL)
- Software Guard Extensions (SGX) - IA CPU Instructions
- Identity Crisis
- Enhanced Privacy Identifier (EPID)
- Anonymity
- PTT/TPM
- Device Boot Integrity - Trust But Verify.
- Secure Boot Mechanisms
- Secure Boot Terminology Overview
- Overview of BIOS/UEFI Secure Boot Using Boot Guard Version 1.0 (BtG)
- Data Protection - Securing Keys, Data at Rest and in Transit
- Intel Platform Trust Technology (PTT)
- Windows PTT Architecture
- Linux PTT Software Stack
- Runtime Protection - Ever Vigilant
- Intel Virtualization Technology (Intel VT)
- Software Guard Extensions (SGX)
- Intel CSE/CSME - DAL
- Isolation from Rich Execution Environment
- Authenticity and Security
- Portability
- Intel Trusted Execution Technology (TXT)
- Threats Mitigated
- Zero-Day Attacks
- Other Attacks
- Conclusion
- References
- Chapter 4: IoT Software Security Building Blocks
- Understanding the Fundamentals of Our Architectural Model
- Operating Systems
- Threats to Operating Systems
- Zephyr: Real-Time Operating System for Devices
- Zephyr Execution Separation
- Zephyr Memory Separation
- Zephyr Privilege Levels and System Authorization
- Zephyr Programming Error Protections
- Zephyr's Other Security Features
- Zephyr Summary
- Linux Operating Systems
- Pulsar: Wind River Linux
- Ubuntu IoT Core
- Intel® Clear Linux
- Linux Summary
- Hypervisors and Virtualization
- Threats to Hypervisors
- Intel® ACRN
- Real-Time and Power Management Guarantees in ACRN
- ACRN Summary
- Software Separation and Containment
- Containment Security Principles
- Threats to Extended Application Containment
- Containers
- Kata Containers
- Kata Containers Summary
- Trusted Execution Environments
- Software Guard Extensions
- SGX Security Summary
- Android Trusty
- Trusty TEE Security Summary
- Containment Summary
- Network Stack and Security Management
- Intel Data Plane Development Kit
- Security Management
- Secure Device Onboarding
- Platform Integrity
- Network Defense
- Platform Monitoring.
- McAfee Embedded Control
- Network Stack and Security Summary
- Device Management
- Mesh Central
- Wind River Helix Device Cloud
- Device Management Summary
- System Firmware and Root-of-Trust Update Service
- Threats to Firmware and RoT Update
- Turtle Creek System Update and Manageability Service
- System Firmware and RoT Summary
- Application-Level Language Frameworks
- JavaScript and Node.js or Sails
- Java and Android
- EdgeX Foundry
- Application-Level Framework Summary
- Message Orchestration
- Message Queuing Telemetry Transport
- OPC Unified Architecture
- Constrained Application Protocol
- Message Orchestration Summary
- Applications
- Summary
- Chapter 5: Connectivity Technologies for IoT
- Ethernet Time-Sensitive Networking
- Legacy Ethernet-Based Connectivity in Industrial Applications
- Key Benefits of TSN
- TSN Standards
- TSN Profiles
- 802.1AS/AS-Rev
- 802.1Qbv
- 802.1Qbu
- 802.1CB
- 802.1Qcc
- 802.1Qci
- 802.1Qch
- 802.1Qcr
- TSN and Security
- OPC-UA Over TSN
- Overview of Wireless Connectivity Technologies
- Considerations for Choosing Wireless Technologies for IoT
- Spectrum
- Range and Capacity
- Network Topology
- Quality of Service
- Network Management
- Security
- Wi-Fi
- Bluetooth
- Zigbee
- NFC
- GPS/GNSS
- Cellular
- 5G Cellular
- Key Standards, Regulatory, and Industry Bodies Involved in 5G
- New Use Cases Enabled by 5G
- Key Technology Enablers for 5G
- LPWAN - Low-Power Wide Area Networks
- LoRa
- Sigfox
- Weightless
- Comparison of Low-Power LTE and Other LPWAN Technologies
- A Case Study - Smart Homes
- Summary
- References
- Chapter 6: IoT Vertical Applications and Associated Security Requirements
- Common Domain Requirements and the Security MVP
- Some Common Threats
- Retail Solutions
- Security Objectives and Requirements
- Threats.
- Standards - Regulatory and Industry
- Transportation Solutions14
- Connected Vehicle Infrastructure
- Security Objectives and Requirements
- Threats
- Mitigations
- Standards - Regulatory and Industry
- Industrial Control System (ICS) and Industrial IoT (IIoT)
- Security Objectives and Requirements
- Threats
- Standards - Regulatory and Industry
- Digital Surveillance System
- Security Objectives and Requirements
- Threats
- Standards - Regulatory and Industry
- Summary
- Appendix: Conclusion
- Economics of Constrained Roots-of-Trust
- IoT Frameworks - Necessary Complexity
- Hardware Security - More Than a Toolbox
- IOT Software - Building Blocks with Glue
- Ethernet TSN - Everybody's Common Choice?
- Security MVP - The Champion Within a Fractured IoT Ecosystem
- The Way Forward
- Index.