IoTSec 2016: Keynote
IoT Security: Challenges and Opportunities
NIT Surat, India
The Internet of Things (IoT) involves the increasing prevalence of objects and entities provided with the unique identifiers and the ability to automatically transfer data over a network. Much of the IoT communication comes from computing devices and embedded sensors machine-to-machine (M2M) communication, home and building automation, vehicle to vehicle communication, wearable computing devices etc. As the era of Internet of Things dawns, the amount of data within these applications and other cloud applications will increase, and be accessed by an interconnected ecosystem of organizations, networks and devices.
IoT products are often sold with unpatched embedded operating systems and software. Manufacturers often re-use portions of hardware and software in different classes of devices. Furthermore, consumers often fail to change the default passwords of these devices -- or if they do change them, fail to select sufficiently strong passwords. These devices usually enjoy full access to Internet, with no bandwidth limitations or filtering. And hence, they can be compromised and used for stealing data, triggering disruptions, and to be used as DDoS bots. IoT security is concerned with the safeguarding connected devices and networks, data they exchange, and privacy and configuration controls in the Internet of things.
This keynote talk encompasses security and privacy challenges to IoT devices and explores few solution directives:
- Can we find a solution that can help network administrators monitor IoT devices, and identify quickly new devices and infected devices? And can trigger an administrative response to disable or isolate the unknown device as an active enforcement of corporate policies.
- Can we emphasize security to be considered in product design?
- Can we improve security by segmenting IoT devices into its own network and have network access restricted? The network segment should then be monitored to identify potential anomalous traffic, and action should be taken if there is a problem.
- We have a BYOD policy; can we create and enforce a customized IoT policy?
Dr. Dhiren Patel is currently a Professor and Chair of Computer Engineering Department at NIT Surat, Gujarat, India. NIT Surat is a premier institute of national importance imparting higher technology education at Bachelors, Masters and Doctoral levels.
Prof. Dhiren Patel leads Security research group at NIT Surat. His research interests include Cloud computing and Virtualization security, Internet of Things Security and Privacy, Green ICT, and Large Scale Identity Management Systems. He has authored a book on Information Security (published by Prentice Hall in 2008) and numerous research papers.
Prof. Patel has academic and research associations with IIT Gandhinagar (Visiting Professor/Adjunct Professor - during 2009-11), with City University London and British Telecom UK (Visiting Researcher - Cloud Security and Trust Management - short visits during 2009-16), with University of Denver USA (Visiting Professor - Cyber Security - during Summer and Fall 2014) and with C-DAC Mumbai (Research Advisor - Critical Infrastructure Protection - 2009-16).