Conferences and supporting programme
The IoT Requires Upgradable Security
Security is commonly viewed in a binary way: either a device, a service or a system is secure, or it is insecure. But the question one should ask is, secure against what? The reality is there are different levels of security, and a device can only be considered secure in the context of an attacker, when the level of security is higher than the capabilities of the attacker. Moreover, the capabilities of the attacker are typically non-static, and therefore, the security level will change over time. The improved capabilities of the attacker can come about in several different ways, from the discovery and/or publication of issues and vulnerabilities to broader availability of equipment and tools. We will look to historical data of how adversary capabilities have evolved, and discuss how these capabilities can be extrapolated into the future. This understanding gives a necessary background to evaluate what security functionality is necessary in an IoT design. Even with advanced security functionality, there will always be “unknown unknowns,” and it will be necessary to secure against attacks and adversaries of the future. We will discuss the typical properties of an attack that can be thwarted via updates and consequences for IoT designs.
--- Date: 28.02.2018 Time: 11:30 AM - 12:00 PM Location: Conference Counter NCC Ost