Has My IoT Device Been Hacked? Establishing Trust w/ Remote Attestation • Edlira Dushku • GOTO 2023

This presentation was recorded at GOTO Aarhus 2023. #GOTOcon #GOTOaar Edlira Dushku - Assistant Professor in Cyber Security at Aalborg University RESOURCES ABSTRACT IoT devices are becoming more prevalent in our daily lives, with applications ranging from smart homes to industrial automation systems. These devices are often connected to sensitive information and resources and are vulnerable to a wide range of security threats. For example, an adversary can use IoT devices to disrupt their operation, steal sensitive information, or gain unauthorized access to resources, and the consequence could be fatal. Aimed at providing integrity guarantees, Remote Attestation (RA) has been proposed as a security technique that allows a remote entity to verify the trustworthiness of a potentially compromised device. RA checks the software integrity and detects unexpected modifications in device configuration. In particular, RA allows an untrusted device to generate reliable evidence about the current state and convince a remote Verifier that the device is running legitimate software. RA can be used to respond to security threats to minimize the impact of security breaches and ensure that devices are operating securely. The RA protocols proposed in the literature make different assumptions regarding device architectures, attack scenarios, and security requirements. This talk first gives a brief introduction to IoT security and Remote Attestation. Then, it presents the most significant RA schemes in the IoT domain, including a three-fold discussion, (1) reviewing the working mechanisms of the state-of-the-art RA techniques in the IoT domain, (2) discussing the attestation mechanisms for IoT swarms, (3) presenting future challenges and promising research directions. [...] TIMECODES 00:00 Intro 01:37 Agenda 02:27 IoT security 12:08 Remote attestation protocols 32:27 Open challenges 39:00 Conclusions 39:54 Outro Download slides and read the full abstract here: RECOMMENDED BOOKS Aaron Parecki • OAuth 2.0 Simplified • Aaron Parecki • OAuth 2.0 Servers • Aaron Parecki • The Little Book of OAuth 2.0 RFCs • Erdal Ozkaya • Cybersecurity: The Beginner’s Guide • Richer & Sanso • OAuth 2 in Action • Wilson & Hingnikar • Demystifying OAuth 2.0, OpenID Connect, and SAML 2.0 • #IoT #Security #Cybersecurity #RemoteAttestation #RA #Programming #SoftwareEngineering #EdliraDushku #SecurityByDesign #AdversaryModels #SEDA #Privacy Looking for a unique learning experience? Attend the next GOTO conference near you! Get your ticket at Sign up for updates and specials at SUBSCRIBE TO OUR CHANNEL - new videos posted almost daily.