IoT Security: Lessons From a Hostile World
Security is widely seen as key to the success of IoT. Security is no longer ignored - unfortunately, it is often implemented poorly. For example, using SSL based encryption but installing the same certificate on 900,000 systems. Or hard coded maintenance and diagnostic passwords. How about using the MAC address to "securely" identify a system? Note that IT systems have long been targeted by a wide range of attacks and have developed tools, technologies, techniques, and strategies for dealing with hostile environments.
In this session we explore how to apply IT Systems experience to IoT - system hardening, system integrity, identity management, access
controls, proactive system management and defensive programming techniques. Quick tip - assume everything on your network is lying to you and is hostile! Be ready to deal with that.
Many of the lessons from financial services, stock markets, military systems and similar environments are directly applicapable to IoT. Building on a secure foundation and leveraging the hard lessons learned in deploying real world systems is easier and stronger than "re-inventing the security wheel".