Video Converter
Audio Converter
Image Converter
PDF Converter
File Compressor
securing the web of things

Securing the Web of Things Andrei Sabelfeld @asabelfeld Web of - PowerPoint PPT Presentation

Nov 27, 2023 •116 likes •273 views

Securing the Web of Things Andrei Sabelfeld @asabelfeld Web of Things Internet of Things (IoT) Incompatible standards, platforms, technologies World Wide Web Consortium (W3C) is in a unique position to create the royalty-free and

  1. Securing the Web of Things Andrei Sabelfeld @asabelfeld

  2. Web of Things Internet of Things (IoT) • Incompatible standards, platforms, technologies “World Wide Web Consortium (W3C) is in a unique position to create the royalty-free and platform-independent standards needed to overcome the fragmentation of the IoT” -W3C CEO Dr. Jeff Jaffe, 2017 Security implications?

  3. Software as enabling technology • Software at the heart • Third-party code everywhere • Libraries, gadgets, ads, analytics, tracking, fingerprinting,.. • Malicious/buggy code • Ex-filtrating private information • Malwartising • Defacing web sites • Phishing attacks • Cryptojacking Securing software is a must for IoT

  4. IoT apps “Connecting otherwise unconnected services”

  5. IoT apps • “Managing users’ digital lives” • Smart homes, smartphones, cars, fitness armbands • Online services (Google, Dropbox,…) • Social networks (Facebook, Twitter,…) • End-user programming • Anyone can create and publish apps • Most apps by third parties • Web interface + smartphone clients

  6. IFTTT “If This Then That” • Trigger-action programming • Largest IoT app platform • Over 500 integrated services • Millions of users and billions of running apps

  7. IFTTT app If this then that Action Trigger What can go wrong? J

  8. Demo

  9. Attack by malicious app maker then If

  10. IFTTT app If this then that Action Trigger What can go wrong? J

  11. Attack by malicious app maker then If

  12. In-car infotainment apps • Stores for 3 rd -party in-car apps • GM: JavaScript/HTML5 • Volvo Cars, Renault, Nissan, and Mitsubishi: Android Automotive • Sensitive sources • Location, odometer, current speed, backup camera, microphone ⇒ location tracking, audio spying • Sensitive destinations • seat settings, climate control, stereo volume ⇒ “soundblast”, driver disruption

  13. Countermeasures • Application-level security then • Secure code in control of IoT! If • API control • Location API JSFlow • Voice command API • Information flow control • Track the flow of information through JavaScript code • Block flow from sensitive sources to attacker

  14. Securing IoT apps • Securing IoT a presssing challenge • Incompatible standards, platforms and technologies • Web of Things to reduce IoT fragmentation • Need to secure code in control of IoT applications • JavaScript at heart • IFTTT security • Informaiton flow control • In-car app security • Permissions and API security

  15. Read more in IEEE Security & Privacy Magazine 2019 Joint work in part with Iulia Bastys and Musard Balliu and in part with Benjamin Eriksson

Recommend

Building&Hacking modern iOS apps Wojciech Regua @_r3ggi wojciech.regula@securing.pl

Building&Hacking modern iOS apps Wojciech Regua @_r3ggi wojciech.regula@securing.pl

www.securing.pl Building&Hacking modern iOS apps Wojciech Regua @_r3ggi wojciech.regula@securing.pl @_r3ggi wojciech.regula@securing.pl www.securing.pl www.securing.pl WHOAMI -Senior IT Security Consultant @ SecuRing -Focused on

1k views • 67 slides
Securing the Web Platform Securing the Web Platform Collin Jackson Stanford University The Web

Securing the Web Platform Securing the Web Platform Collin Jackson Stanford University The Web

Securing the Web Platform Securing the Web Platform Collin Jackson Stanford University The Web Platform The Web Platform Dynamic Ubiquitous Dynamic Ubiquitous Interactive Instant updates Interactive Instant updates Pages Web Applications

958 views • 18 slides
Web Security Thierry Sans Securing the web architecture means securing ... The network

Web Security Thierry Sans Securing the web architecture means securing ... The network

Web Security Thierry Sans Securing the web architecture means securing ... The network The operating system The web server ( Apache for instance) The administration server ( SSH for instance) The database ( Oracle for instance)

1.38k views • 61 slides
Web Services Web Services Towards Web Services Towards Web Services Towards Web Services A

Web Services Web Services Towards Web Services Towards Web Services Towards Web Services A

Web Services Web Services Towards Web Services Towards Web Services Towards Web Services A long way to get here What is a Web Service? What is a Web Service? What is a Web Service? Web Services Web Services Software service :

553 views • 33 slides
Securing home Wi-Fi with WPA3 personal Raoul Dijksman and Erik Lamers Securing home Wi-Fi with

Securing home Wi-Fi with WPA3 personal Raoul Dijksman and Erik Lamers Securing home Wi-Fi with

Securing home Wi-Fi with WPA3 personal Raoul Dijksman and Erik Lamers Securing home Wi-Fi with WPA3 personal Making Wi-Fi great again With security this time, right? Securing home Wi-Fi with WPA3 personal - July 3 rd 2020 2 Why is WPA3

859 views • 28 slides
LOCATION PRIVACY Marc Langheinrich University of Lugano (USI), Switzerland Securing a Mobile

LOCATION PRIVACY Marc Langheinrich University of Lugano (USI), Switzerland Securing a Mobile

LOCATION PRIVACY Marc Langheinrich University of Lugano (USI), Switzerland Securing a Mobile Phone Securing a Mobile Phone Securing a Mobile Phone Securing a Mobile Phone Can We Have it Both Ways? Safe Secure Privacy-friendly

895 views • 62 slides
SANS Securing The Human Training Department of Safety Securing the Human Training Web

SANS Securing The Human Training Department of Safety Securing the Human Training Web

SANS Securing The Human Training Department of Safety Securing the Human Training Web based Centrally Administrated Divisionally managed Consistent content Central reporting Ability to add custom content (Policy's)

762 views • 10 slides
Web Mining Web Mining Web Mining Web Mining Web mining is the use of data mining techniques

Web Mining Web Mining Web Mining Web Mining Web mining is the use of data mining techniques

What is Web Mining? Wh t i W b Mi i What is Web Mining? Wh t i W b Mi i ? ? Web Mining Web Mining Web Mining Web Mining Web mining is the use of data mining techniques to automat cally d scover and extract nformat on automatically

778 views • 20 slides
Lecture 1: Semantic Web and RDF Aidan Hogan aidhog@gmail.com THE WEB The Web is now 26 years

Lecture 1: Semantic Web and RDF Aidan Hogan aidhog@gmail.com THE WEB The Web is now 26 years

Lecture 1: Semantic Web and RDF Aidan Hogan aidhog@gmail.com THE WEB The Web is now 26 years old Evolution of the Web The Future of the Web? THE SEMANTIC WEB The Semantic Web what is the Semantic Web? Semantic Web?

1.36k views • 99 slides
Introduction to The Web of Things Niels Olof Bouvin 1 Overview What is the Internet of Things?

Introduction to The Web of Things Niels Olof Bouvin 1 Overview What is the Internet of Things?

Introduction to The Web of Things Niels Olof Bouvin 1 Overview What is the Internet of Things? The vision Domains of the Internet of Things The challenges The Proto Web of Things The Raspberry Pi as a WoT platform The challenge of the

1.21k views • 63 slides
Things you can do Things you can do Things you can do Everything you need to know

Things you can do Things you can do Things you can do Everything you need to know

Things you can do Things you can do Things you can do Everything you need to know Everything you need to know to make a webpage to make a webpage Examples Examples Examples Here are some things you can do Here are some things you

696 views • 20 slides
WWW.TOTW.ORG By Kenneth M Hoeck Finally, brethren, whatsoever things are true, whatsoever things

WWW.TOTW.ORG By Kenneth M Hoeck Finally, brethren, whatsoever things are true, whatsoever things

WWW.TOTW.ORG By Kenneth M Hoeck Finally, brethren, whatsoever things are true, whatsoever things are honest, whatsoever things are just, whatsoever things are pure, whatsoever things are lovely, whatsoever things are of good report; if there be

1.16k views • 55 slides
Farm Energy IQ Farm Energy IQ Farms Today Securing Our Energy Future Farms Today Securing Our

Farm Energy IQ Farm Energy IQ Farms Today Securing Our Energy Future Farms Today Securing Our

Farm Energy IQ Farm Energy IQ Farms Today Securing Our Energy Future Farms Today Securing Our Energy Future On-Farm Biomass Pellet Production Daniel Ciolkosz, Penn State Extension Farm Energy IQ On-Farm Biomass Pellet Production Overview

791 views • 42 slides
Securing a Solid No. 1 Position in the Frozen Securing a Solid No. 1 Position in the Frozen

Securing a Solid No. 1 Position in the Frozen Securing a Solid No. 1 Position in the Frozen

Results Briefing May 8, 2013 May 8, 2013 Results Briefing Securing a Solid No. 1 Position in the Frozen Securing a Solid No. 1 Position in the Frozen Foods/Food Logistics Industry Foods/Food Logistics Industry FY14/3~FY16/3 Term

508 views • 31 slides
SECURING DONATIONS SECURING DONATIONS nonprofit.212mediastudios.com | 574.269.0720 |

SECURING DONATIONS SECURING DONATIONS nonprofit.212mediastudios.com | 574.269.0720 |

NON-PROFIT PRESENTATION TIPS FOR NON-PROFIT PRESENTATION TIPS FOR SECURING DONATIONS SECURING DONATIONS nonprofit.212mediastudios.com | 574.269.0720 | info@212mediastudios.com Having an efgective communication strategy is the fjrst step for your

121 views • 9 slides
Securing and Protecting Securing and Protecting Water Rights and Uses in Water Rights and Uses

Securing and Protecting Securing and Protecting Water Rights and Uses in Water Rights and Uses

Securing and Protecting Securing and Protecting Water Rights and Uses in Water Rights and Uses in Arizona Arizona L. William Staudenmaier One Arizona Center 400 East Van Buren Street, Suite 1900 Phoenix, Arizona 85004 2202 602.382.6000 |

576 views • 32 slides
1 Today's Speakers From Control Risks Control Risks 3 Luke Fardell James Lythe Shaun Flint

1 Today's Speakers From Control Risks Control Risks 3 Luke Fardell James Lythe Shaun Flint

Control Risks 1 Today's Speakers From Control Risks Control Risks 3 Luke Fardell James Lythe Shaun Flint Consultant Associate Director Associate Director Cyber Protect Digital Forensics Crisis Management Global Cyber Security trends

804 views • 31 slides
Document Engineering: Designing Documents for Transactions and Web Services OASIS Symposium - 10

Document Engineering: Designing Documents for Transactions and Web Services OASIS Symposium - 10

Document Engineering: Designing Documents for Transactions and We... file:///C:/Documents%20and%20Settings/glushko/My%20Documents/L... Document Engineering: Designing Documents for Transactions and Web Services OASIS Symposium - 10 May 2006

937 views • 46 slides
Multi-VO Support YAN Tian for Distributed Computing Group Meeting Oct. 23, 2014 StoRM + Lustre:

Multi-VO Support YAN Tian for Distributed Computing Group Meeting Oct. 23, 2014 StoRM + Lustre:

Status of Storm+Lustre and Multi-VO Support YAN Tian for Distributed Computing Group Meeting Oct. 23, 2014 StoRM + Lustre: Test Bed SE server configuration: This test machine is originally prepared for dCache+Lustre frontend, Model Dell

450 views • 12 slides
Cause-Effect Pairs Challenge Isabelle Guyon ChaLearn Thanks Initial impulse : Joris Mooij,

Cause-Effect Pairs Challenge Isabelle Guyon ChaLearn Thanks Initial impulse : Joris Mooij,

Cause-Effect Pairs Challenge Isabelle Guyon ChaLearn Thanks Initial impulse : Joris Mooij, Dominik Janzing, and Bernhard Schlkopf, from the Max Planck. Examples of algorithms and data: Povilas Daniuis, Arthur Gretton, Patrik O. Hoyer,

389 views • 35 slides
iPanSec.com SOAPA Dashboard Smart InfoSec Automation Zero Trust Assurance Suite SOAPA

iPanSec.com SOAPA Dashboard Smart InfoSec Automation Zero Trust Assurance Suite SOAPA

iPanSec.com SOAPA Dashboard Smart InfoSec Automation Zero Trust Assurance Suite SOAPA Dashboard Integrated with Network Layer (PacketX , UPAS) Field WiFi /BLE /ZigBee Layer (ArcRan iSecMaster) Endpoint Layer (Comodo)

555 views • 13 slides
Table of Contents Berner Fachhochschule, Technik und Informatik Cross Site Request Forgery - CSRF

Table of Contents Berner Fachhochschule, Technik und Informatik Cross Site Request Forgery - CSRF

Table of Contents Berner Fachhochschule, Technik und Informatik Cross Site Request Forgery - CSRF Presentation Vulnerability Advanced Web Technology CSRF allows to access the intranet Protection 10) XSS, CSRF and SQL Injection

561 views • 10 slides
Why Laboratory Syntax? The traditional ways of data collection are deeply

Why Laboratory Syntax? The traditional ways of data collection are deeply

Why Laboratory Syntax? The traditional ways of data collection are deeply flawed: statistically unreliable highly subjective fraught with confounding factors that may have nothing to do with language

1.07k views • 53 slides
Jonathan

Jonathan

Jonathan Worthington YAPC::EU::2005 Overview This talk is

924 views • 52 slides

More recommend

Explore More Topics

Stay informed with curated content and fresh updates.

animals pets art culture automotive transportation business finance computer internet construction architecture education-career electronics communication

Logo Sambuz

Unleash a World of Digital Possibilities—Browse, Share, and Explore Content Without Boundaries

Useful Links

About Us Privacy Services FAQ's Contact

Newsletter

Stay Informed & Inspired—Subscribe for the Latest Updates, Tips, and Exclusive Content Directly to Your Inbox.

Mail Us

mail@sambuz.com

2026 SAMBUZ, All right reserved.