IoT Security - Ecosystem, Interoperability and Standards

Explore the challenges and solutions for securing Internet of Things (IoT) devices in this AppSecUSA 2018 conference talk. Dive into the Security & Privacy Development Lifecycle (SPDL), an agile framework tailored for IoT platforms that addresses both process and technical challenges. Learn about the shortcomings of traditional Security Development Lifecycle (SDL) methodologies when applied to IoT and how SPDL overcomes them. Discover the importance of privacy in IoT development, including compliance with regulations like GDPR, and understand the proposed privacy vulnerability scoring framework (CPVSS) for measuring and prioritizing privacy breaches. Gain insights from industry experts on securing various IoT devices, from smart fridges to pacemakers, and explore topics such as hardware and firmware security paradigms, software security, communication protocols, and ecosystem security challenges. Watch demonstrations of ecosystem overviews and exploit scenarios to better understand the complexities of IoT security.

Intro
Agenda
Process Challenges
Technical Challenges
Holistic Security & Privacy Process
Security Topics
Hardware & Firmware Security Paradigms
SW Security Paradigms: application SW
Communication Protocols
Ecosystem security challenges
Demo 1: Ecosystem overview
Device communication
The Problem - Prelude
Example - Wearable Ecosystem 1
Demo 2: Ecosystem overview
Target : Sign-up and Profile pages
Exploit Scenario: The attack
Victim - logs in
Attacker's c&c
Access to admin portal
Privacy & Data Access Laws
Quantifying Privacy Vulnerabilities
Summary