Security of Internet of Things (IoT) and Cyber-Physical Systems (CPS): A Hands on Approach
Presentation Menu
Internet of Things (IoT) has become prevalent in everyday life. These sensor-loaded devices are capable of collecting and processing information on their surroundings and transmitting them to remote locations. Harmless as it may seem, this new breed of devices have raised a number of privacy and security concerns. Device manufacturers are becoming increasingly aware of the ensuing complications and backslash an insecure device may have in the infrastructure. Security issues may come at different levels, from deployment issues that leave devices exposed to the internet with default credentials, to implementation issues where manufacturers incorrectly employ existing protocols or develop proprietary ones for communications that have not been examined for their sanity. On the hardware side, a device may also be vulnerable. An attacker with physical access to a device may be able to alter its functionality. A compromised device, whether by remote or physical access means, can then be used as a tool to exfiltrate sensitive network information, attack other devices, and as means of automatically sending malware over the internet.
Cyber-physical systems (CPS) comprise the backbone of national critical infrastructures such as power grids, transportation systems, home automation systems, etc. Because cyber-physical systems are widely used in these applications, the security considerations of these systems should be of very high importance. While the security concerns of CPS can be divided into different layers with unique challenges in each layer, we will introduce the security vulnerabilities as well as potential countermeasures from the hardware perspective. We will provide detailed examples of our experimentation with CPS devices with emphasis on smart meters and PLC devices. We will then present solutions that have been proposed by both industry and academia.
Besides the introduction to the IoT and CPS security, hands-on labs are also prepared for all audience. Customized smart devices will be provided where audiences can practice on how to design a commercial/industrial IoT/CPS devices and, more importantly, how to identify the security vulnerabilities of modern connected smart devices as well as how to exploit these vulnerabilities. Potential solutions to secure these devices will also be implemented in the hands-on labs.
Tutorial table of contents (bulleted list):
- Introduction to IoT and wearable devices: what is an IoT device?
- Introduction to CPS: what is a CPS device?
- Challenges in manufacture: a vendor's view.
- Pitfalls and roadblocks: what is often overlooked?
- Security architectures for smart devices
- Hands-on Module I: IoT device designs
- Hands-on Module II: IoT security vulnerability exploitation
- Hands-on Module III: IoT security patches