CLOUD DATA

SECURITY
Group No. 3
Team Members

Arnish Baruah 22BSA10014

Vijay Vinod Mane 22BSA10048
Kshatriya Nandini Kuldeep Singh 22BSA10057
Jayesh Dubey 22BSA10058
Akshat Barve 22BSA10066
IoT and Cloud Computing: A Dynamic Duo

Overview of IOT:
IoT refers to a vast network of interconnected devices that
communicate and share data with each other over the internet.
Used in smart homes, healthcare, agriculture, and transportation
for improved efficiency and real-time monitoring.
Role of Cloud Computing in IoT:
Cloud services ensure interoperability between various IoT
devices, regardless of the manufacturer, through standardized
protocols
While IoT provides the "things" (devices) and data, the cloud
offers the infrastructure to store, manage, and analyze that
data.
Why Data Security Matters in IoT ?
Ensuring User Privacy
Many IoT devices collect and transmit personal information, such
as location, daily habits, or biometric data.
Without robust security measures, attackers can exploit this data
for surveillance, stalking, or targeted attacks.
Preventing System Disruptions
Compromised IoT devices can lead to malfunctions or failures in
critical systems, such as smart grids, healthcare equipment, or
connected vehicles.
Maintaining Trust and Market Growth
Consumer trust is vital for the adoption of IoT technology.
High-profile breaches can deter users, stalling innovation and
market expansion.
 Threats to Cloud Data in IoT

Data Breaches Unauthorized Access Denial of Service Malware &

(DoS) Ransomware

Exploitation of Weak authentication Attackers overload Cybercriminals infect IoT

vulnerabilities in cloud methods, such as default
infrastructure leads to passwords or lack of multi-
unauthorized access and factor authentication, can
exposure of sensitive IoT allow attackers to gain
data. control over IoT devices
and data.
cloud-hosted IoT devices via cloud
systems, disrupting connections, leading to
services and making compromised functionality,
devices unavailable to data theft, or ransom
legitimate users. demands to restore access.
Key Security Principles Confidentiality:
Ensures that sensitive information is accessible only to
authorized users or devices.
Conceals sensitive information during processing or
display to unauthorized parties.
Integrity:
Integrity ensures that data remains consistent, accurate,
and unaltered throughout its lifecycle.
Validates data integrity during transmission between IoT
devices and servers.
Availability:
Ensures that IoT systems and their data are accessible
whenever needed, even during attacks or failures.
Keeps critical systems (e.g., healthcare devices, smart
grids) operational, minimizing downtime and disruption.
Authentication:
Confirms the identities of devices, users, or systems
accessing IoT networks or data.
Security Measures & Best Practices
1. Encryption Techniques:
Symmetric Encryption: Fast and suitable for bulk data
encryption; uses the same key for encryption and decryption.
Asymmetric Encryption: Public-private key pairs enhance
security during data transmission.
TLS/SSL Protocols: Ensure secure communication between
IoT devices and cloud servers by encrypting data in transit.

2. Multi-Factor Authentication (MFA):

Adds an extra layer of protection beyond passwords, using
biometrics, OTPs, or hardware tokens.
Reduces the risk of unauthorized access, even if credentials
are compromised.
Security Measures & Best Practices
3. Role-Based Access Control (RBAC):

Assigns permissions to users based on their specific roles,

ensuring granular control over data and resources.
Minimizes the impact of compromised accounts.
Enables easier management of access rights, especially in large
IoT ecosystems with multiple users and devices.

4. Secure APIs and Firmware Updates:

APIs must use authentication tokens and be shielded against

common attacks like injection or cross-site scripting.
Regular firmware updates help patch vulnerabilities and add
new security features, ensuring devices remain protected.
Utilize secure delivery mechanisms for updates to prevent
tampering during deployment.
Case Study
The Mirai Botnet Attack (2016):
In 2016, the Mirai botnet conducted one of the largest Distributed
Denial-of-Service (DDoS) attacks in history.
The attack targeted DNS provider Dyn, disrupting major websites like
Twitter, Netflix, Reddit, and Amazon.
The botnet exploited insecure IoT devices, such as IP cameras,
routers, and DVRs, by taking advantage of default credentials.
This incident highlighted the need for industry-wide measures,
including secure device configurations, proactive vulnerability
management, and robust defenses against DDoS attacks.
Ultimately, it demonstrated how a lack of IoT security can lead to
widespread disruptions and underscored the importance of building
resilient and secure IoT ecosystems.
Case Study
The Mirai Botnet Attack (2016):
This attack affected places like Brazil, Taiwan and India.
The fundamental exploit was not patched until 2021. The
industry relied on Hotfixes of devices within service lifetime
and abandoned those that had reached EOL.
This means that there are still devices in circulation that can
be accessed with the MIRAI BASHLITE code exploit.
Rutgers University, Deutsche Telekom were also among the
affected stakeholders. This incident highlighted how
negligent security measures can jeopardize the operations
of a normal entity.
In 2017, The FBI arrested an Indian-American named Paras
Jha following the Rutgers University Cyberattack.
Case Study
The Mirai Botnet Attack (2016):

An image of the leaked Mirai BASHLITE Source

code uploaded to Github.
Emerging Trends
AI in Threat Detection:
Real-time monitoring and
predictive analytics.

Blockchain for Data Integrity:

Secure decentralized data
validation.

Zero-Trust Security Models:

"Never trust, always verify" for
IoT ecosystems.

Edge Computing:
Reduces reliance on central
systems, improving security and
efficiency.
Conclusion Key Challenges:
IoT devices often have weak security, creating
vulnerabilities.
The expanded attack surface increases risks like
unauthorized access and data breaches.
Advanced threats (e.g., APTs, zero-day exploits)
challenge traditional defenses.

Solutions:

AI and ML: Detect and respond to threats in real time.

Blockchain: Offers tamper-proof authentication and
secure data exchange.
Zero Trust Architecture: Ensures strict access controls.
Edge Computing: Reduces reliance on central
systems, improving security and efficiency.
 Thank you
for your attention