Internet

IoTcloud-cybersecurity-securityofthings

Categories
Published
of 10
All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.
Related Documents
Share
Description
1. SECURITY of THINGS 2014 2. Everyone today is vulnerable to security breach since it is relying on 1976 D&H old PKI Technologies When D&H created PKI, it gave…
Transcript
  • 1. SECURITY of THINGS 2014
  • 2. Everyone today is vulnerable to security breach since it is relying on 1976 D&H old PKI Technologies When D&H created PKI, it gave birth to Alice and Bob(Key Exchange). However Alice and Bob, usually allow uninvited evil guests such as Eve, Chuck, Craig, Oscar, Sybill and Wendy, as Alice and Bob, attempt to secure IoT, M2M, Banks,ATM, EMV, Cloud, ConnectedCar, ConnectedHome, Industrial Internet, etc. Here is a short list of attacks / security issues with PKI: - Impersonation, MiTM (Main In the Middle), MiTB(Main in the Browser) - RA /VA Compromise - CA System Compromise - CA Signing Key Compromise - SideChannel, KnapSack, BruteForce http://www.reuters.com/article/2014/10/21/us-usa-justice-cybersecurity-idUSKCN0IA0BM20141021 http://www.businessinsider.in/Hackers-Are-Stealing-Millions-From-ATM-Worldwide-With-New-Malware/articleshow/44629993.cms The U.S. Department of Commerce estimates that the theft of intellectual property costs businesses more than US$250 billion and results in the loss of 750,000 jobs in the United States every year PROPOSED SOLUTION NEW GLOBAL CyberSecurity Infrastructure : Private Cloud - Hybrid Cloud forVetted Companies and their clients. Initial Tenants: Payment Processors, Banks, Financial Networks, ATM networks, Utilities,TelCOs, CableCOs, M2M, ISPs CyberSECURITY ISSUES 2014
  • 3. 2014
  • 4. BEAST ATTACK CRIME ATTACK PKI - CA - SSL VULNERABILITIES Poodle SSL DOS Man In The Middle SSL, Man in the Browser, Man In the Phone, Perfect Forward Secrecy, Strict Transport Security, Keylogger. http://www.macworld.com/article/2841965/swedish-hacker-finds-serious-vulnerability-in-os-x-yosemite.html
  • 5. CERTIFICATE AUTHORITIES Can be Fake SSL KEYS Can be Broken + PKI - CA - SSL Facebook - Twitter : Edpimentl 2014
  • 6. IDENTITY STRONG KEY + CERTIFICATES & WEAK KEY ESCROW NO iSEC InternetID Secured Encryption Facebook - Twitter : Edpimentl 2014
  • 7. EXCEEDS NIST - ISO - PCI-DSS - HIPPA REQUIREMENTS Security of Things HeTNet, FOG, SDN-NFV, Secured MicroServices, eSIM,TrustZone, SmartCity, Fintech, iIoT, IoT / WoT / WebRTC. mHealth,Wearable, 2014
  • 8. M2M EXCEEDS NIST - ISO - PCI-DSS - HIPPA REQUIREMENTS Bring Your Own Cloud viasip VIRTUAL INFRASTRUCTIRE - APPLICATIONS & SERVICES over IP 1 Dynamic Network Encryption - ISP - Cloud Provider Agnostic 2- WiFi Encrypted Personal Cloud Storage (Biometric Access) 3- Corporate and Personal DATA LEAK DETECTION and PROTECTION 4- Does not use Weak - Diluted PKI - CA - SSL 5- End to End Encrypted VOIP, eMail, Data, Messaging NO MITM 6- Private WEB & Encrypted File Sharing (Intellectual Property - Legal -HIPPA) 7- Vaulted (TOKENIZED) DebitCard / CC = Recurring Billing / Payment 8- Modified FireFox & Chrome Browser No MITB Man In The Browser 9- BitCOIN Wallet - Prepaid Debit - Prepaid Minutes - P2P Payment 10- Secure Social VPN - Providers and Consumer MUST be vetted 11- Software as a Contract MiddleWare / APIs (no unauthorized BigData ) 12- Modified Android CyanogenMod OS byoc viasip 1- Cyber-Secure and Cyber-Reslient Private / Hybrid / Embedded Cloud 2- Does not use today’s Weak - Diluted - Forgeable CA and SSL/TLS 3- Corporate & Personal DATA LEAK DETECTION and PROTECTION 4 - Dynamic Personal - Device - Network Encryption - ISP Cloud Provider Agnostic 5- End to End Encrypted MetaData - Messaging - Data - Email - Voice NO MITM 6- Next Gen eMAIL .. D2D / P2P Only and not Archaic Stored-Forward email 7- Private WEB & Encrypted File Sharing (Intellectual Property - Legal - PII - EMR ) 8- Software as a Contract MiddleWare / API (no unauthorized BigData data mining) 9- Modified Firefox & Chrome Browser .. no MITB Man In The Browser 10-BlockChain xPayment / Banking / IoT-M2M ATM / MobileMoney Networks 11- Modified Android CynaogenMOD OS and Embedded SOC OS 12- MRC “ Managed Relations by Customer” and “not” CRM Ed Pimentel - TEE-TrustZone 2014
  • 9. V.Risk Management - Fraud Detection - Using BigData - Machine Learning - Augmente Intelligence - Artificial Intelligence - Predictive & Prescriptive Analytics CyberResilient Financial Transactions ( IoT / FOG / EDGE / Cognitive Radio ) Beyond PCI - EMV Disable or Enable List of Merchants(National or Intl.) that can charge your ChainAPP Issue Prepaid Card Chain-APP BLE Sensor, (Voice, Face, Finger)Biometric, Blockchain, Image & Audio Capturing. AgileCHAIN (blockchain) APP Debit Card Issuing - HCE - eSIM - TrustZone- OTA Weak 3DES, MD5, CR4, SHA1, Unsafe PKI, CA, DH, or even the latest ECDSA 2014
  • 10. IoT Cloud - CyberSecurity Infrastructure WANT TO PARTNER WITH US? CONTACT MobileMondayATL at GMAIL dot COM SECURITY of THINGS Twitter / Skype : EdPimentl2014
  • We Need Your Support
    Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

    Thanks to everyone for your continued support.

    No, Thanks