IoT Architecture Stages Part 2

00:00

Hi, I'm Matthew Clark and this is less than 3.3 I o t architectures stages Part two

00:07

in this lesson will look at different I o T architectures stages and investigate data acquisition and security edge systems and Security and cloud services and associated security. So let's get started.

00:21

Let's start our discussion about taking a brief look at this slide again

00:25

to see where we are. We spent less than 3.2 discussing the things in I o. T. Namely sensors, actuators and tags.

00:35

Now we're going to focus on the remaining three areas. Data acquisition edge, I T and Cloud Services.

00:42

Well, let's start with data acquisition.

00:44

Here you have data aggregation.

00:47

Once a sensor obtains analog data, that data has to be aggregated and converted into digital form, and this could be done at the gateways.

00:56

Gateways usually operate in close physical proximity to the sensors,

01:00

and this is helpful because they can convert one communication type to another. This stage transfers data to the edge and then on to the cloud.

01:11

This stage gets the data ready for processing by the edge systems.

01:15

There is some limited decision making that could be made At this stage

01:19

Gateway features include reliability, connectivity, manageability and, above all, security.

01:26

The security is important because gateways responsible for managing the information flow in both directions

01:33

in gateways need to have proper security tools in order to protect against data leaks and risk of attacks against the I. O. T. Devices that communicate with him.

01:42

The data acquisition system is responsible for aggregating and converting the data.

01:49

So what are some of the security concerns at this stage? But we have banned in the middle attacks, which allows eavesdropping.

01:57

We have botnets. Remember, don't feed the bottom yet.

02:00

We have ransomware and other types of malware and denial of service.

02:05

And these are the types of things that they can happen that you need to think about when you're designing security for the I. O. T. Systems and the communication into the Gateway

02:15

Inch systems further process the data

02:20

With a stage approach, you can pre process the data pre process data. You can then generate meaningful results and Onley pass those meaningful results on up to the cloud

02:30

i o. T devices collect a lot of data.

02:34

Age systems can limit that impact on the network performance through this pre processing

02:39

instead of sending every measurement from the outie device to the cloud, um, they only send aggregated data, or they could only send are they only send differential data depending on how they're configured.

02:51

H I T systems. Reduce the processing load on the core idea infrastructure.

02:57

It's systems have learning algorithms. This could be where machine learning can occur, and it's really the last stop in handling decisions that require media processing. Remember our example of a fire suppression system in our previous lesson. This is where you would need to conduct. Processing

03:15

is close to the sensors and actuators as possible,

03:19

because time is very important

03:21

and because you don't want to send that type of decision up to the cloud and put it into a queue to be processed whenever that turn happens.

03:30

So let's talk about security concerns as related thio edge systems. What are those security concerns that we should build an address in r i o t architectural designs? Um, well, you have authentication and authorization attacks.

03:46

These could be dictionary attacks or attacking your better passwords.

03:49

Protocol attacks force. That's always something

03:53

maybe you create an I o. T. device and you signed too many privileges and they can go attack those.

04:00

Now we're injection. That's always something to think about. Suicide injection. It could be a sequel. Injection across a scripting. Um, if you're dealing with XML, maybe there's an attack format for that

04:14

device. Side injection. That's something else. So think about

04:16

side channel attacks.

04:18

They could attack the communication channel. They could take a look of power consumption. Maybe they could attack the mobile app.

04:27

Of course, you have DDOS attacks, flooding attacks,

04:30

udp, icmp ping of death. Just pull out the really, really old ones here.

04:35

Um, of course. Zero day attacks something. Think about really doubt Someone's gonna waste a zero attack zero day attack by attacking my i o t fridge. But you never know.

04:47

So great time to bring up the OAS Top 10 Web application risks,

04:53

injection, broken authentication, sensitive data exposure,

04:57

broken access control, cross site scripting and sufficient logging your mom during. I think we're all probably pretty familiar with this list. But, you know, at this level, whenever you're dealing with the application side, um, if you're writing code, this is always a good list to run bump your code up against and see if their vulnerabilities,

05:15

or if any of this really applies to what you're doing.

05:19

So then you have cloud services is their last one. This includes data storage visualization and trending predictive analysis. You know, this stage really provides deep insights into the data.

05:32

I've heard it said that the cloud is really the brain of the i o T. System. It handles the resource intensive processing.

05:40

Um, if you wait until the step to get the data, then it really has the longest processing time.

05:46

This stage includes back in systems which could be public or private cloud infrastructures or hybrid. Your This is where your azure, your aws, your google cloud your rack spaces are located.

06:01

He also need to consider, like product architecture here. There's most likely a combination of multi tiered, multi tenant architectures. Er, so when you're considering security of this layer, consider cross the main flows.

06:15

Um, if you're selling industrial I o t systems, you could have data from different clients who happen to be competitors, um, that are just isolated from each other in different domains. You wanna make sure that you really understand that security and it's pretty tight.

06:31

You could have multiple exposure points, you know, is a consequence. So it's really where threat modeling,

06:39

um, really plays A. Really, it's really good tool to utilize.

06:46

So what are the security concerns at this stage, if you're mapping out your architecture? Er,

06:53

this is really privacy is a big one

06:56

denial with services another one? Obviously, I think that was just place to come and thread

07:00

through everything.

07:01

Social engineering. That's something to think about, really, At this stage, this is high level, so people there will be accounts. And if you're able, Thio assess information either about the architecture of the ecosystem or if you're lucky to social engineer credentials that would have far ranging effects.

07:19

Supplier security is is a big deal. I think it's Ah, it's a deal so that I think about all the way from the sensors, actuators and tags all the way through to this stage. But at this point you have a really a lot of different players that are involved

07:34

s so that's something to think about

07:36

malware ransomware. It's still something that would be on there as well as anything from the old washed up 10. Uh, because certainly a lot of code development is gonna happen here. It this level.

07:47

So consider the different security concerns in this ecosystem. It's not always about the i o t. Device security itself. So, for example, if an engineer leaves a web server running on I o t device, you know, that definitely would create a new attack point

08:05

for that specific device for every device

08:07

that's sold that has that that Web server running,

08:11

um, physical access to something else to think about the U. S. P port. Um, if that's left on like an auto run state where someone concert something that's gonna auto, load the code, that's gonna have an impact there

08:24

on. But then I o t device level.

08:26

And it's not just enough that for us to secure the i o. T. Device, but we have to secure the interfaces and the infrastructure and the ecosystem itself, because a compromise in one area can compromise all the other areas.

08:39

Ah, small wheat weakness can lead to a systematic failure.

08:45

So, um, so just a reminder. You need to look at individual parts, but you can't. You can't lose sight of the whole either right? The integration of everything.

08:58

So that's it for this lesson. What do we learn?

09:01

Well, we discussed I ot architecture. Er we took a deep dive into the unknown world of data acquisition edge systems and cloud services. Specifically, we considered how I ot data is gathered, transported and processed within the i o t ecosystem.

09:18

And we thought about the security of each one of these steps.