Seminario "Internet of Things (In)Security"
Ascolta
Lunedì 18 maggio alle ore 10 in Aula Rubino (Ed. 8, Piano 1°, Scala F10) i Proff. Samim Konjicija e Saša Mrdović dell'Università di Sarajevo terranno un seminario dal titolo: "Internet of Things - (In)Security".
Il Consiglio di corso di Laurea delibererà alla prima occasione utile sulla possibilità di riconoscere 1 CFU a studenti di I e II anno di LM e III anno di LT. Gli studenti interessati al possibile riconoscimento di 1 CFU devono produrre relazione e consegnarla al prof. Dindo.
ABSTRACT
"Internet of Things (IoT) security" is a hot concept in IT, however - as many other buzzwords - without clear meaning. We generally believe that we know what Internet of Things is: we know the Internet and we know the "things". Just connect the "things" using Internet (protocols, TCP/IP and other) and you have IoT. What exactly are the "Things" and is there one Internet of Things (all of Things connected to one network) or there could be more Internets of Things (independent and not connected)? These questions are too much to answer in one talk, but they stress an important issue: How can one secure something one cannot precisely define?
We are all aware that this "new" exciting opportunity raises some security concerns that need to be addressed. How these new security issues relate to previous - well know - security questions and solutions is less clear. Is this something entirely different or there is nothing new here? This talk tries to shed some light on the above questions.
At the very beginning "the things" will be defined. More precisely, some general properties of IoT, that relate to security, will be explained. In order to explain how to secure IoT we need to define what we need to protect. Basic components of security: confidentiality ( privacy); integrity of data and its source (authentication) and availability, in IoT environment will be described. Then, we need to know what we need to protect IoT from. General classes of threats to IoT and its components will be named. Threats exploit vulnerabilities so we need to define attack surface we need to protect. Although for IoT this surface is almost limitless (as is number and type of "things") some general classification and prioritization can be made. Regarding protection, lessons learned from OS, network, mobile and cloud security that apply to IoT will be pointed out.
Unfortunately, IoT brings some new security challenges that will be briefly explained. To stress out the need to protect IoT some more or less well known examples of successful attacks on various IoT will be mentioned. Towards the end of the talk a quick overview of standards and recommendations for IoT security will be given. SHORT BIOs
Dr. Samim Konjicija is Associate Professor and Dean of the Faculty of Electrical Engineering at the University of Sarajevo. His main research interest include embedded systems, heuristic algorithms, machine learning, optimization and optimal control. Samim is author of the book "Heuristic Algorithms" (in Bosnian), the book chapter in "Foundations of Computational Intelligence, Vol. 3" (Springer) and over 30 articles in peer-reviewed journals and proceedings. He is actively involved with various projects both in industry and academia.
Dr. Saša Mrdović is Associate Professor at the Faculty of Electrical Engineering, University of Sarajevo. His main research interest include digital information security, networks, NGN, forensics and cryptography. His recent focus is on mobile devices and IoT security. Saša has published the book "Computer Systems Security" and over 20 articles in peer-reviewed journals and proceedings. He holds the prestigious CISSP (Certified Information System Security Professional) certification.
Il Consiglio di corso di Laurea delibererà alla prima occasione utile sulla possibilità di riconoscere 1 CFU a studenti di I e II anno di LM e III anno di LT. Gli studenti interessati al possibile riconoscimento di 1 CFU devono produrre relazione e consegnarla al prof. Dindo.
ABSTRACT
"Internet of Things (IoT) security" is a hot concept in IT, however - as many other buzzwords - without clear meaning. We generally believe that we know what Internet of Things is: we know the Internet and we know the "things". Just connect the "things" using Internet (protocols, TCP/IP and other) and you have IoT. What exactly are the "Things" and is there one Internet of Things (all of Things connected to one network) or there could be more Internets of Things (independent and not connected)? These questions are too much to answer in one talk, but they stress an important issue: How can one secure something one cannot precisely define?
We are all aware that this "new" exciting opportunity raises some security concerns that need to be addressed. How these new security issues relate to previous - well know - security questions and solutions is less clear. Is this something entirely different or there is nothing new here? This talk tries to shed some light on the above questions.
At the very beginning "the things" will be defined. More precisely, some general properties of IoT, that relate to security, will be explained. In order to explain how to secure IoT we need to define what we need to protect. Basic components of security: confidentiality ( privacy); integrity of data and its source (authentication) and availability, in IoT environment will be described. Then, we need to know what we need to protect IoT from. General classes of threats to IoT and its components will be named. Threats exploit vulnerabilities so we need to define attack surface we need to protect. Although for IoT this surface is almost limitless (as is number and type of "things") some general classification and prioritization can be made. Regarding protection, lessons learned from OS, network, mobile and cloud security that apply to IoT will be pointed out.
Unfortunately, IoT brings some new security challenges that will be briefly explained. To stress out the need to protect IoT some more or less well known examples of successful attacks on various IoT will be mentioned. Towards the end of the talk a quick overview of standards and recommendations for IoT security will be given. SHORT BIOs
Dr. Samim Konjicija is Associate Professor and Dean of the Faculty of Electrical Engineering at the University of Sarajevo. His main research interest include embedded systems, heuristic algorithms, machine learning, optimization and optimal control. Samim is author of the book "Heuristic Algorithms" (in Bosnian), the book chapter in "Foundations of Computational Intelligence, Vol. 3" (Springer) and over 30 articles in peer-reviewed journals and proceedings. He is actively involved with various projects both in industry and academia.
Dr. Saša Mrdović is Associate Professor at the Faculty of Electrical Engineering, University of Sarajevo. His main research interest include digital information security, networks, NGN, forensics and cryptography. His recent focus is on mobile devices and IoT security. Saša has published the book "Computer Systems Security" and over 20 articles in peer-reviewed journals and proceedings. He holds the prestigious CISSP (Certified Information System Security Professional) certification.
