物联网安全需求与对策.docxVIP

IoT Security Requirements and Countermeasures Security Requirements Threats and Countermeasures Privacy Protection Threats Data-based Privacy Threats: Private data information leakage during data acquisition, transmission and processing Location-based Privacy Threats: Private location information leakage of each node and location services Countermeasures Communication encryption Minimize data collection Anonymous data collection and processing The relevant users decide whether to authorize data collection The routing protocol privacy protection method protects the accurate location of nodes Authentication Threats Some accesses have no authentication, or use default or weak password Countermeasures Design to ensure that the user modifies the default password the first that he uses the device Use two-factor authentication as much as possible Require re-authentication for sensitive features Ensure that the user adopts strong password and changes password periodically Access Control Management Threats Unauthorized access Security configuration is not checked or updated in a long time Countermeasures Identity and Access Management, Border Security (Secure Access Gateway) Continued vulnerability and misconfiguration detection and removal Data Protection Threats Data leakage and tampering Countermeasures DLP (Data leakage prevention) products Physical Security Threats IoT devices that are remotely located and lack of physical security control may be stolen or compromised Countermeasures Use existing physical security precautions whenever possible Equipment Protection and Asset Management Threats The devices configuration file is modified The huge amount of data on the device puts routine updates and maintenance operations at risk Unauthenticated code execution Abnormal result of power failure Reverse engineering of equipment Countermeasures Review configuration periodically Automatically Firmware update (over the air, OTA) Define the life-cycle control of IoT devices Sign