Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
1
The Internet-of-Insecure-ThingsCauses, Trends and Responses
( @ RIPE 77 )
Arman Noroozian( Economics of Cybersecurity, TPM, @TU DelG, Netherlands )
https://xkcd.com/1966/
2
3https://www.ncta.com/sites/default/files/platform-images/wp-content/uploads/2014/05/growth-of-internet-of-things-hero-1024x585.jpg
NCTA — The Internet & Television Association
4
Whole Lo(a Ques-ons Raised!!• How?• How did we get into this mess?• How do we get out of this mess?
5
How did we get here?• Fragmented landscape• Vendors without competence or incen5ves• Lack of visibility into which ‘things’ fail• Dependencies in value chains
6
How do we get out of it?(Mopping While the Tap is S8ll Running)
7
► Awareness raising(but don’t blame the victim)
► Monitoring and transparency(name, shame, and praise)
► Certifications and standards (FTC fining ASUS, D-Link)
► Liability, duty to care(make vendors bear the cost)
► Intermediary Role(ask ISPs to cut off access)
► Strengthening user rights(opt in, data minimization)
Governance Strategies Being Discussed
8
► Awareness raising(but don’t blame the victim)
► Monitoring and transparency(name, shame, and praise)
► Certifications and standards (FTC fining ASUS, D-Link)
► Liability, duty to care(make vendors bear the cost)
► Intermediary Role(ask ISPs to cut off access)
► Strengthening user rights(opt in, data minimization)
Governance Strategies
9
Where are the hacked devices?
10
Monitoring IoT compromise• Honeypot infrastructure with Yokohama Na6onal
University (Japan)
• Emulated and physical devices
• Port 22, 23, 80, 8080, 53413, …
• Log interac6ons, scan back, aLacking devices
11
Who operates the network?
12
Infec&on rates across ISPs
13
Who operates the network (NL)?hosting3%
isp-broadband54%
isp-mobile1%
isp-other13%
NULL27%
other-intermediary2%
14
Cleaning IoT Devices (KPN)• Walled Garden• Cutting off access to infected devices• 1736 quarantining actions • 1208 customers• 50% clean infections• Most quarantined once
Let Me Out! Evaluating the Effectiveness of Quarantining Compromised Users in Walled Gardens. Orçun Çetin, Lisette Altena, Carlos Gañán, Michel van Eeten. In SOUPS 2018
15
Cleaning IoT Devices (Cont.)• Randomized Control
Experiment• 220 Customers
16
Cleaning IoT Devices (Cont.)• Randomized Control Experiment• 92% Cleaned• In 14 days!
17
► Awareness raising(but don’t blame the vic7m)
► Monitoring and transparency(name, shame, and praise)
► Cer7fica7ons and standards (FTC fining ASUS, D-Link)
► Liability, duty to care(make vendors bear the cost)
► Intermediary Role(ask ISPs to cut off access)
► Strengthening user rights(opt in, data minimization)
In ConclusionNetwork operators can significantly help
18
Future Research
MINIONS - Mi#gatINg IOt-based DDoS a3acks via the DNS
19
CPE
DVR
Environment Monitoring Unit
EOC
EOC Slave
Firewall
Gateway
HVR
IP Camera
mobile router
Modem
Motherboard
NAS
NVR
Router
Security Appliances
Set-Top-Box
USB Device Server
Web Accelerator and SSL appliance
Web Camera
Web Camera/DVR
Wi-Fi Disk
AR BG BR CA CL CN CO CR EG ES FR GB ID IL IN IR IT KR MD MX MY PH PK PL RO RU TH TR TT TW UA US VE VN ZA
100
1,000
5,000
20,000# Devices
20
Thank you!
Follow our research onhttps://www.tudelft.nl/cybersecurity