Return to book
Review this book
About the author
Introduction
1. Access Control
2. Authentication
3. Biometrics
4. Crypto Engineering
- 4.1. Software Crypto
- 4.2. Hardware Crypto
5. Malware
- 5.1. Virus
- 5.2. Worm
- 5.3. Trojan Horse
- 5.4. Writing Virus
- 5.5. Rootkits
- 5.6. Anti-virus software
- 5.7. Inside popular software
6. Protecting Clients
7. Security and Usability
- 7.1. User Interface (UI)
- 7.2. Passwords
- 7.3. Cognitive Experiment
- 7.4. Insider Attacks
8. Secure Programming
- 8.1. Buffer overflow
  - 8.1.1. Buffer Overflow Protections
  - 8.1.2. Exploit Buffer Overflow
- 8.2. Secure C practice
- 8.3. secure-sensitive program
9. Physical Security
10. (Web Service) Architecture
- 10.1. Contents and Scripts
11. Confinements
- 11.1. chroot
- 11.2. JVM
- 11.3. Network Identity
- 11.4. Virtual Machine
- 11.5. Sandbox
12. Program Structure
- 12.1. Case study: 4.3BSD FTP Daemon
- 12.2. Case study: mailer
- 12.3. Case study: Web Browser
13. Security Analysis
- 13.1. Construction vs. Destruction
- 13.2. Analyze individual programs
- 13.3. Analyze overall system
- 13.4. Software Engineering Code of Ethics
- 13.5. Tools part 1: OS system calls
- 13.6. Tools part 2: fuzzing and more
- 13.7. Reconnaissance
14. The Internet of Things
- 14.1. Embedded Systems (Smart Devices)
- 14.2. Internet of Things Architecture
- 14.3. Case study: Thermostat
15. Logging
- 15.1. Loggin in practice
- 15.2. Log Incidents
- 15.3. Case study: PHP4 web server attack
16. After An Attack
- 16.1. Analyze a hacked system
- 16.2. Deleted Files
- 16.3. Monitor Intrusion
- 16.4. Conclusion
17. System Structure
- 17.1. Case study: build an e-commerce
- 17.2. Network Operation Center
- 17.3. Router Link Weakness
- 17.4. Remote Access
- 17.5. Question: store credit card number in database?
- 17.6. General Principle
18. Exams
- 18.1. Fall 2014 Midterm
- 18.2. Fall 2013 Midterm
- 18.3. Fall 2010 Midterm
- 18.4. Fall 2008 Midterm

Security Architecture and Engineering

Internet of Things (IoT) Architecture

Architecture overview 1

Things talk to Hubs.
Hubs talk to Vendor Sever.
Manger talk to Things via Hubs.
Things don't always have right interface with Internet.

Home IoT

Architecture overview 2

Local managers (maybe a phone app) talk to hubs.
Hubs talk to devices via private protocols.
Hubs talk to vendor servers.
Things may talk to each other via hubs, but probably use the vendor servers.
Vendor servers may talk to each other.

Vendor Servers

Many devices cannot be called directly (e.g. Nest thermostats).
Devices may not have CPU power for some tasks (e.g., voice recognition on Amazon Echo, speech recoginition is costly task, Echo sends data to server).
Vendors like to gather data.

Privacy and IoT

Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party.

Smart TV that records personal data

Security of loT architecture

Any component can be attacked: things, hubs, servers, links.

How to hack each component? Who can hack (component)? What are the consequences (of component being hacked)?

Link Security

E.g. home WiFi networks
Easy to encrypt links
Primary source of a compromised link: devices at either end of I/O, say, a corrupted firmware.

Ownership

E.g. who can control my Nest thermostat?
E.g. if I sell my house to other people, should I still have control over the Nest thermostat of that house?
Many smart devices have little or no user interface.

Authentication

Thing-to-Hub, Hub-to-Server, Server-to-Server authentication.
How do Things connected to different Hubs and different Servers authenticate each other?
Complex cryptographic protocols may be necessary.
If Things are corrupted, private data collected by the Thing are in danger.
E.g. My health monitor is corrupted, falsely reporting that my blood pressure is off the charts, I may falsely go to doctor right away.

Access Control

E.g. my smart doorknot needs complex access control: who can open the door? How to customize my guests, or cleaning staff coming to my house?
In general, setting access control rules properly is very hard.
Authorization should not happen on the servers.

Corrupted Servers

Biggest risk: corrupted firmware - but can be digitally signed.
Can send evil commands to Things.

Protection of IoT artchitecture

Request Filters

Sanity Filters: e.g Nest thermostats reject temperatures that go outside certain ranges.
Bad commands / sequences of bad commands continue to emerge as more features on Thing are being added.

Cryptography

Neccessary, but not sufficient.
Encrypt message.

Intrusion Detection

Detect ongoing attacks or other compromised components.
E.g. alter the owner if a sanity filter is used.