19ECF443: IOT SECURITY

19ECF443: IOT SECURITY

 Security Control

• Security Controls are the most important factor used to develop the actions taken to prevent the

organization’s security risks.

• Security controls are parameters implemented to protect the organization’s data and assets.
• IoT authentication is a model for building trust in the identity of IoT machines

• Devices to protect data

• To control access when information travels via an unsecured network

• such as the Internet.

• Strong IoT authentication is needed so that connected IoT devices

• Machines can be trusted to protect against control commands from unauthorized users or devices.

• Authentication also helps prevent attackers from claiming to be IoT devices in the hope of accessing

data on servers

• such as recorded conversations, images, and other potentially sensitive information.

Confidentiality – means information is not disclosed to unauthorized individuals, entities and process.
 For example if we say I have a password for my Gmail account but someone saw while I was doing a
login into Gmail account.
 In that case my password has been compromised and Confidentiality has been breached.

Integrity – means maintaining accuracy and completeness of data.

This means data cannot be edited in an unauthorized way.
For example if an employee leaves an organization then in that case data for that employee in all departments
like accounts, should be updated to reflect status to JOB LEFT so that data is complete and accurate
In addition to this only authorized person should be allowed to edit employee data.
 Access Control

• Access control is a set of permissions for a connected camera (or any IoT Device) that
specify which users are granted access and the operations they are permitted to perform.
• Each entry in an Access Control List (ACL) specifies a camera, a user, and an associated

access level.

Basically access control is of 2 types:

Physical Access Control: Physical access control restricts entry to campuses, buildings, rooms and physical
IT assets.
Logical Access Control: Logical access control limits connections to computer networks, system files and
data.
 Access Control

Access Control Models:

1.Attribute-based Access Control (ABAC): In this model, access is granted or declined by evaluating a
set of rules, policies, and relationships using the attributes of users, systems and environmental conditions.
2.Discretionary Access Control (DAC): In DAC, the owner of data determines who can access specific
resources.
3.History-Based Access Control (HBAC): Access is granted or declined by evaluating the history of
activities of the inquiring party that includes behavior, the time between requests and content of requests.
4.Identity-Based Access Control (IBAC): By using this model network administrators can more
effectively manage activity and access based on individual requirements.
 Access Control

Mandatory Access Control (MAC): A control model in which access rights are regulated by a central
authority based on multiple levels of security. Security Enhanced Linux is implemented using MAC on the
Linux operating system.
Organization-Based Access control (OrBAC): This model allows the policy designer to define a security
policy independently of the implementation.
Role-Based Access Control (RBAC): RBAC allows access based on the job title. RBAC eliminates
discretion on a large scale when providing access to objects. For example, there should not be permissions
for human resources specialist to create network accounts.
Rule-Based Access Control (RAC): RAC method is largely context based. Example of this would be only
allowing students to use the labs during a certain time of day.
Key Management
Key Management
Key Management
Key Management
Key Management
Key Management
Key Management
Key Management
Key Management
Key Management
Attacks – Dictionary and Brute force Attacks

• A Dictionary Attack is an attack vector used by the attacker to break in a system

• which is password protected, by putting technically every word in a dictionary as a form of password for
that system.
• The dictionary can contain words from an English dictionary
• It is also some leaked list of commonly used passwords
• when combined with common character replacing with numbers, can sometimes be very effective and
fast.
Attacks – Dictionary and Brute force Attacks

How is it done?
• It is trying every single word that is already prepared.
• It is done using automated tools that try all the possible words in the
dictionary.

Some Password Cracking Software:

John the Ripper
L0phtCrack
Aircrack-ng
Attacks – Dictionary and Brute force Attacks

How to be on the safer side?

•You can protect yourself from such kind of attacks by following ways:
•Choose a mix of upper and lower case letters, numbers and specials (i.e. special characters).
•Password must be a long string with more characters. The longer it is, the more time consuming it is to
crack (sometimes, time to crack is in years).
•Password reset should be done after a certain period of time.
 Attacks – Dictionary and Brute force Attacks

The main difference between a brute force attack and

a dictionary attack is that in a brute force attack
A hacker tries to crack a password using every
possible combination of characters.
Dictionary attack, the hacker tries a list of known or
commonly used passwords
• A Brute force attack is a well known breaking technique, by certain records, brute force attacks
represented five percent of affirmed security ruptures.
• A brute force attack includes ‘speculating’ username and passwords to increase unapproved access to a
framework. Brute force is a straightforward attack strategy and has a high achievement rate.
• A few attackers use applications and contents as brute force devices.
• These instruments evaluate various secret word mixes to sidestep confirmation forms.
• In different cases, attackers attempt to get to web applications via scanning for the correct session ID.
• Attacker inspiration may incorporate taking data, contaminating destinations with malware, or
disturbing help.
• While a few attackers still perform brute force attacks physically, today practically all brute force
attacks are performed by bots.
• Attackers have arrangements of usually utilized accreditations, or genuine client qualifications, got
through security breaks or the dull web.
• Bots deliberately attack sites and attempt these arrangements of accreditations, and advise the attacker
when they obtain entrance.
Types of Brute Force Attacks:
How to Prevent Brute Force Password
Hacking ?
 Security Hashing and Password Protection

• Protecting yourself with passwords is important.

 Passwords ensure the security
 the confidentiality of data.
• If you’re a web developer,
• you’ve probably had to make a user account system.
• The most important aspect of a user account system is how user passwords are protected.
• User account databases are hacked frequently, so one must do something to protect users’ passwords.
• The best way to protect passwords is to employ salted password hashing.
Security Hashing and Password Protection

cryptographic hash functions may be used to implement password hashing.

The .NET framework ships with 6 different hashing algorithms:

1. MD5: 16 bytes (Time to hash 500MB: 1462 ms)

2. SHA1: 20 bytes (1644 ms)
3. SHA256: 32 bytes (5618 ms)
4. SHA384: 48 bytes (3839 ms)
5. SHA512: 64 bytes (3820 ms)
6. RIPEMD: 20 bytes (7066 ms)
What is Password Hashing?

A hash is a way of encoding some data to a prefixed amount of bytes via formula
 in such a way that IT CAN NOT BE REVERSED
the possibility for two hashes to contain the same value is extremely slim.
 What is Password Hashing?

Hash algorithms are one way functions. They turn any amount of data into a fixed-length “fingerprint” that
cannot be reversed. They also have the property that if the input changes by even a tiny bit, the resulting
hash is completely different.
This is great for protecting passwords, because we want to store passwords in a form that protects them even
if the password file itself is compromised, but at the same time, we need to be able to verify that a user’s
password is correct.
It should be noted that the hash functions used to protect passwords are not the same as the hash functions
you may have seen in a data structures course. The hash functions used to implement data structures such as
hash tables are designed to be fast, not secure. Only cryptographic hash functions may be used to
implement password hashing.
 Lookup Tables

• Lookup tables are an extremely effective method for cracking many hashes
of the same type very quickly.
• The general idea is to pre-compute the hashes of the passwords in a
password dictionary and store them, and their corresponding password, in a
lookup table data structure.
• A good implementation of a lookup table can process hundreds of hash
lookups per second, even when they contain many billions of hashes.
Reverse Lookup Tables

This attack allows an attacker to apply a dictionary or brute-force attack to many hashes at the same time,
without having to pre-compute a lookup table.
First, the attacker creates a lookup table that maps each password hash from the compromised user account
database to a list of users who had that hash.
The attacker then hashes each password guess
Uses the lookup table to get a list of users whose password was the attacker’s guess.
This attack is especially effective because it is common for many users to have the same password.
Rainbow Tables
Rainbow tables are a time-memory trade-off technique.
They are like lookup tables, except that they sacrifice hash cracking speed to make the lookup
tables smaller.
 Because they are smaller
 the solutions to more hashes can be stored in the same amount of space
 making them more effective.
Rainbow tables that can crack any md5 hash of a password up to 8 characters long exist.
MD5
MD5
MD5
 MD5

1. Append Padding Bits: In the first step, we add padding bits in the original message in such a way that the total length of the
message is 64 bits less than the exact multiple of 512.
Suppose we are given a message of 1000 bits. Now we have to add padding bits to the original message. Here we will add 472
padding bits to the original message. After adding the padding bits the size of the original message/output of the first step
will be 1472 i.e. 64 bits less than an exact multiple of 512 (i.e. 512*3 = 1536).
Length(original message + padding bits) = 512 * i – 64 where i = 1,2,3 . . .
2. Append Length Bits: In this step, we add the length bit in the output of the first step in such a way that the total number of
the bits is the perfect multiple of 512. Simply, here we add the 64-bit as a length bit in the output of the first step.
i.e. output of first step = 512 * n – 64
length bits = 64.
After adding both we will get 512 * n i.e. the exact multiple of 512.
3. Initialize MD buffer: Here, we use the 4 buffers i.e. J, K, L, and M. The size of each buffer is 32 bits.
- J = 0x67425301 - K = 0xEDFCBA45 - L = 0x98CBADFE - M = 0x13DCE476
 MD5

4. Process Each 512-bit Block: This is the most important step of the MD5 algorithm. Here, a total of 64 operations are
performed in 4 rounds. In the 1st round, 16 operations will be performed, 2nd round 16 operations will be performed, 3rd
round 16 operations will be performed, and in the 4th round, 16 operations will be performed. We apply a different function
on each round i.e. for the 1st round we apply the F function, for the 2nd G function, 3rd for the H function, and 4th for the I
function.
We perform OR, AND, XOR, and NOT (basically these are logic gates) for calculating functions. We use 3 buffers for each
function i.e. K, L, M.
- F(K,L,M) = (K AND L) OR (NOT K AND M) - G(K,L,M) = (K AND L) OR (L AND NOT M) - H(K,L,M) = K XOR L XOR
M - I(K,L,M) = L XOR (K OR NOT M)
 MD5
After applying the function now we perform an operation on each block. For performing operations we need
add modulo 232
M[i] – 32 bit message.
K[i] – 32-bit constant.
<<<n – Left shift by n bits.
• Now take input as initialize MD buffer i.e. J, K, L, M. Output of K will be fed in L, L will be fed into M, and M will be fed into J. After
doing this now we perform some operations to find the output for J.
• In the first step, Outputs of K, L, and M are taken and then the function F is applied to them. We will add modulo 2 32 bits for the output of this
with J.
• In the second step, we add the M[i] bit message with the output of the first step.
• Then add 32 bits constant i.e. K[i] to the output of the second step.
• At last, we do left shift operation by n (can be any value of n) and addition modulo by 2 32.
• After all steps, the result of J will be fed into K. Now same steps will be used for all functions G, H, and I. After performing all 64 operations
we will get our message digest.
Data Mining