Index
A
- access control
- about / Authorization and access control
- within communication protocols / Access controls within communication protocols
- Access Security Management Entity (ASME) / Cellular communications
- accounts
- Advanced Encryption Standard (AES) / Symmetric encryption
- Advanced Message Queuing Protocol (AMQP) / Messaging protocols, AMQP
- Agile / The Secure Development Life Cycle (SDLC)
- Alliance for Internet of Things Innovation (AIOTI)
- reference / The IoT of today
- about / The IoT of today
- Amazon Resource Name (ARN) / Onboarding a device into AWS IoT
- Amenaza
- reference / Building an attack tree
- Anti-Tamper (AT) / IoT products and systems can be physically compromised
- anti-tamper mechanisms
- Apache Falcon
- reference / Data abstraction
- Application Programming Interface (API) / Introduce secure hardware components within your IoT system
- Application Programming Interfaces (APIs) / Applying cryptography to secure data at rest and in motion
- application security attacks / Application security attacks
- asset management / Managing assets
- assets, threat modeling
- sensor data / Step 1 – identify the assets
- video streams / Step 1 – identify the assets
- payment data / Step 1 – identify the assets
- lot sensors / Step 1 – identify the assets
- sensor gateway / Step 1 – identify the assets
- IP camera / Step 1 – identify the assets
- parking application / Step 1 – identify the assets
- analytic system / Step 1 – identify the assets
- Kiosk / Step 1 – identify the assets
- Assured Compliance Assessment Solution (ACAS) / Automated search for flaws
- asymmetric digital signature algorithms
- RSA / Digital signatures
- Digital Signature Algorithm (DSA) / Digital signatures
- Elliptic Curve DSA (ECDSA) / Digital signatures
- asymmetric encryption / Asymmetric encryption
- attacks
- about / Primer on attacks and countermeasures
- types / Common IoT attack types
- fault tree / Fault (failure) trees and CPS
- Cyber-Physical System (CPS) / Fault (failure) trees and CPS
- cyber-physical attack, example / Example anatomy of a deadly cyber-physical attack
- attack tree
- about / Attack trees
- reference / Attack trees
- building / Building an attack tree
- versus fault tree / Fault tree and attack tree differences
- attack tree analysis
- versus Fault Tree Analysis (FTA) / Merging fault and attack tree analysis
- Attribute-Based Access Control (ABAC) / Establish naming conventions and uniqueness requirements, Naming a device
- authenticated encryption
- about / Symmetric (MACs)
- Galois Counter Mode (GCM) / Symmetric (MACs)
- Counter mode with CBC-MAC (CCM) / Symmetric (MACs)
- Authentication, Authorization, and Accounting (AAA) / 802.1x
- Authentication and Authorization for Constrained Environments (ACE) / Authorization for the IoT
- authentication attacks / Authentication attacks
- Authentication Center (AuC) / Cellular communications
- authentication credentials
- about / Authentication credentials
- passwords / Passwords
- symmetric keys / Symmetric keys
- certificates / Certificates
- biometrics / Biometrics
- for IoT / Authorization for the IoT
- authorization
- managing / Managing accounts, passwords, and authorizations
- about / Authorization and access control
- OAuth 2.0 / OAuth 2.0
- within publish/subscribe protocols / Authorization and access controls within publish/subscribe protocols
- decentralized trust, via blockchain ledgers / Decentralized trust via blockchain ledgers
- Automated Content Recognition (ACR)
- about / A complex sharing environment
- reference / A complex sharing environment
- Automated Indicator Sharing (AIS)
- reference / Analyzing the compromised system
- automated security analysis / Automated security analysis
- Autonomous Network Segmentation (ANS) / Network segmentation and network access controls
- autonomous systems / Autonomous systems
- availability
- about / Design IoT systems that remain available
- cloud availability / Cloud availability
- unplanned equipment failure, guarding / Guarding against unplanned equipment failure
- load balancing / Load balancing
- Aviation ISAC
- reference / Analyzing the compromised system
- AWS IoT Device Defender
- reference / Defining your security policies
B
- Basic Safety Messages (BSMs) / Protecting against jamming attacks, IEEE 1609.2, New privacy approaches for credentials
- Bastille
- reference / Detection and analysis
- Binwalk
- reference / Post-incident device forensics
- about / Post-incident device forensics
- biometrics / Biometrics
- black box testing
- about / Black box testing
- activities / Black box testing
- block chaining modes / Block chaining modes
- blockchain ledgers
- for decentralized trust / Decentralized trust via blockchain ledgers
- Bluetooth-LE / Bluetooth-LE
- Bluetooth-LE, key type
- Temporary Key (TK) / Bluetooth-LE
- Short-Term Key (STK) / Bluetooth-LE
- Long-Term Key (LTK) / Bluetooth-LE
- Connection Signature Resolving Key (CSRK) / Bluetooth-LE
- Identity Resolving Key (IRK) / Bluetooth-LE
- Bluetooth-LE, options for device association
- numeric comparison / Bluetooth-LE
- Just works / Bluetooth-LE
- out of band / Bluetooth-LE
- passkey entry / Bluetooth-LE
- Bluetooth-LE, security concepts
- pairing / Bluetooth-LE
- bonding / Bluetooth-LE
- device authentication / Bluetooth-LE
- encryption / Bluetooth-LE
- message integrity / Bluetooth-LE
- Bluetooth Low Energy (BLE) / Data link and physical protocols, Bluetooth low energy, The concept of the fog
- Bluetooth security
- reference / Configuring device security
- bootstrapping / Bootstrapping and securely configuring devices
- Botnets
- Brain Computer Interfaces (BCI) / Cognitive systems
- Brain Machine Interfaces (BMI) / Cognitive systems
- Bring Your Own Device (BYOD) / An introduction to IAM for the IoT
- bug bounties / Engaging with the research community
- Bulk Electric System (BES) / NERC CIP
C
- cellular-connected devices
- reference / IoT compliance
- Certificate-Based Key Establishment (CBKE)
- reference / ZigBee
- Certificate Authority (CA) / Implementing secure OTA, Defining your security policies
- certificate management
- misbehavior, handling / Handling misbehavior
- about / Key and certificate management
- third-party solutions / Third-party solutions
- certificate response / PKI primer
- Certificate Revocation List (CRL) / Revocation support, OCSP
- certificates
- managing / Managing keys and certificates
- using / Certificates
- X.509 / X.509
- IEEE 1609.2 / IEEE 1609.2
- Certificate Signing Request (CSR) / PKI for the IoT, Device onboarding, Key and certificate management
- Certified Cloud Security Professional (CCSP) / Certifications
- Certified Information Privacy Professional (CIPP)
- reference / Certifications
- Children's Online Privacy Protection Act (COPPA) / Authorities, Understanding the privacy landscape
- chip de-capping / Post-incident device forensics
- Cipher-Feedback Chaining (CFB) / Block chaining modes
- Cipher Block Chaining (CBC) mode / Block chaining modes
- ciphertext / Encryption and decryption
- cloud
- role, in IoT systems / The role of the cloud in IoT systems
- notional cloud security, approach / A notional cloud security approach
- cloud-based security services
- about / Cloud-based security services for the IoT
- device onboarding / Device onboarding
- certificate management / Key and certificate management
- key management / Key and certificate management
- policy management / Policy management
- persistent configuration management / Persistent configuration management
- gateway, security / Gateway security
- device management / Device management
- compliance, monitoring / Compliance monitoring
- security, monitoring / Security monitoring
- cloud availability / Cloud availability
- cloud IoT services
- threats / Threats to cloud IoT services
- Cloud Security Alliance (CSA)
- reference / Cloud availability
- Cloud Service Providers (CSPs) / Introduce secure hardware components within your IoT system, Design IoT systems that are resilient, Install/update sensors, Moving back toward the edge
- CoAP, security modes
- cognitive systems / Cognitive systems
- Command and Control (C2C) servers / Design IoT systems that mitigate automated attack risks
- Common Names (CN) / X.509
- Communication Protocol
- GPRS / Cellular communications
- GSM / Cellular communications
- UMTS / Cellular communications
- CDMA / Cellular communications
- Long Range Wide Area Network (LoRaWAN) / Cellular communications
- 802.11 / Cellular communications
- 6LoWPAN / Cellular communications
- ZigBee / Cellular communications
- thread / Cellular communications
- SigFox / Cellular communications
- Near Field Communications (NFC) / Cellular communications
- Wave 1609 / Cellular communications
- Community Of Interest (COI) / Authorization and access control
- complex compliance environment
- about / A complex compliance environment
- IoT compliance, challenges / Challenges associated with IoT compliance
- compliance standards support, examining for IoT / Examining existing compliance standards, support for the IoT
- complex sharing environment
- about / A complex sharing environment
- wearables / Wearables
- smart homes / Smart homes
- compliance design
- about / Design IoT systems that are compliant
- US IoT Cybersecurity Improvement Act (draft) / The US IoT Cybersecurity Improvement Act (draft)
- ENISA's baseline security recommendations / ENISA's baseline security recommendations
- DHS guiding principles, for secure IoT / DHS guiding principles for secure IoT
- FDA guidance, on IoT medical devices / FDA guidance on IoT medical devices
- compliance management
- about / Managing compliance
- HIPAA / HIPAA
- GDPR / GDPR
- monitoring / Monitoring for compliance
- compliance standards
- examining, for IoT / Examining existing compliance standards, support for the IoT
- Underwriters Laboratory IoT certification / Underwriters Laboratory IoT certification
- NERC CIP / NERC CIP
- HIPAA/HITECH / HIPAA/HITECH
- PCI DSS / PCI DSS
- NIST Risk Management Framework (RMF) / The NIST Risk Management Framework (RMF)
- Compro DB server / Building an attack tree
- Concise Binary Object Representation (CBOR) / OAuth 2.0
- confidentiality and integrity protected design
- cryptography, applying / Applying cryptography to secure data at rest and in motion
- visibility, enabling into data life cycle / Enabling visibility into the data life cycle and protecting data from manipulation
- data, protecting from manipulation / Enabling visibility into the data life cycle and protecting data from manipulation
- secure OTA, implementing / Implementing secure OTA
- Connected Vehicle (CV) technology / Modernizing the transportation ecosystem
- connectivity
- about / Connectivity
- transport protocols / Transport protocols
- network protocols / Network protocols
- data link protocol / Data link and physical protocols
- physical protocols / Data link and physical protocols
- ZWave / ZWave
- Bluetooth Low Energy (BLE) / Bluetooth low energy
- cellular communications / Cellular communications
- Constrained Application Protocol (CoAP) / Messaging protocols, CoAP
- Continuity of Operations (COOP) / Step 4 – identify threats
- Continuous Integration (CI) / Automated search for flaws
- Controller Area Network (CAN) / Today's IoT attacks
- Corrupt Navigation Database / Building an attack tree
- Counter Mode (CTR) / Counter modes
- counter modes / Counter modes
- credential
- local access / Local access
- cross-industry collaboration
- importance / The importance of cross-industry collaboration
- cryptographic boundary
- reference / Cryptographic module principles
- cryptographic controls
- examining, for IoT protocols / Examining cryptographic controls for IoT protocols
- built into IoT communication protocols / Cryptographic controls built into IoT communication protocols
- ZigBee / ZigBee
- Bluetooth-LE / Bluetooth-LE
- Near Field Communication (NFC) / Near Field Communication (NFC)
- cryptographic controls, built into IoT messaging protocols
- about / Cryptographic controls built into IoT messaging protocols
- MQTT / MQTT
- CoAP / CoAP
- Data Distribution Standard (DDS) / DDS
- REST / REST
- cryptographic key
- reference / Security protocol attacks
- cryptographic key management
- fundamentals / Cryptographic key management fundamentals
- key generation / Key generation
- key establishment / Key establishment
- key derivation / Key derivation
- key storage / Key storage
- key escrow / Key escrow
- key lifetime / Key lifetime
- key zeroization / Key zeroization
- accounting / Accounting and management
- management / Accounting and management
- recommendations / Summary of key management recommendations
- cryptographic module
- principles / Cryptographic module principles
- cryptographic primitive types
- encryption (and decryption) / Types and uses of cryptographic primitives in the IoT
- hashing / Types and uses of cryptographic primitives in the IoT
- digital signatures / Types and uses of cryptographic primitives in the IoT
- random number generation / Types and uses of cryptographic primitives in the IoT
- cryptography
- about / Cryptography and its role in securing the IoT
- IoT, securing / Cryptography and its role in securing the IoT
- security features / Cryptography and its role in securing the IoT
- types / Types and uses of cryptographic primitives in the IoT
- decryption / Encryption and decryption
- encryption / Encryption and decryption
- hashes / Hashes
- digital signature / Digital signatures
- random number generation / Random number generation
- ciphersuites / Ciphersuites
- cyber-physical attack
- example / Example anatomy of a deadly cyber-physical attack
- prerequisites / Example anatomy of a deadly cyber-physical attack
- Cyber-Physical System (CPS)
- defining / Defining cyber-physical systems
- reference / Defining cyber-physical systems
- about / Fault (failure) trees and CPS
- cyber resilience
- about / Resilience
- reference / Resilience
- cybersecurity
- versus IoT security / Cybersecurity versus IoT security
- Cyclic Redundancy Check (CRC) / Example anatomy of a deadly cyber-physical attack, Install/update sensors
D
- dark web / Vulnerability
- data abstraction / Data abstraction
- data accumulation / Data accumulation
- Data Distribution Protocol (DDP) / Messaging protocols
- Datagram Transport Layer Security (DTLS) / Transport protocols, CoAP
- data link protocols
- IEEE 802.15.4 / IEEE 802.15.4
- data retention / Data retention
- Data Security Standard (DSS) / IoT compliance
- DDS / DDS
- decentralized trust
- via blockchain ledgers / Decentralized trust via blockchain ledgers
- decryption / Encryption and decryption
- Dedicated Short Range Communications (DSRC) / Modernizing the transportation ecosystem, IEEE 1609.2
- Defect Reports (DRs) / DevOps
- Denial of Service (DoS) attacks / Step 4 – identify threats
- detection and analysis, of IoT devices
- about / Detection and analysis
- compromised system, analyzing / Analyzing the compromised system
- involved IoT devices, analyzing / Analyzing the IoT devices involved
- escalation / Escalation and monitoring
- monitoring / Escalation and monitoring
- containment / Containment, eradication, and recovery
- eradication / Containment, eradication, and recovery
- recovery / Containment, eradication, and recovery
- post-incident activities (recovery) / Post-incident activities (recovery)
- Deterministic Random Bit Generators (DRBGs) / Random number generation
- Device Identity Composition Engine (DICE) / Moving back toward the edge
- device management / Device management
- device onboarding
- about / Device onboarding
- hardware-to-cloud security / Hardware-to-cloud security
- identity registries / Identity registries
- into AWS IoT / Onboarding a device into AWS IoT
- device security
- device twins / Persistent configuration management
- DevOps
- about / The Secure Development Life Cycle (SDLC), DevOps
- deployment pipeline / DevOps
- goals / DevOps
- DHS guiding principles
- reference / DHS guiding principles for secure IoT
- Digital, Culture, Media and Sport (DCMS) / Privacy by design
- Digital Forensics and Incident Response (DFIR) / Detection and analysis
- digital signature
- about / Digital signatures
- symmetric (MACs) / Symmetric (MACs)
- Distinguished Name (DN) / Load balancing , X.509
- Distributed Denial of Service (DDoS) / Distributed Denial of Service (DDoS)
- Distributed Energy Resources (DER) / An IoT-enabled energy grid
- DNS-Based Authentication of Named Entities (DANE) / Network services
- Domain Name System (DNS) / Network services
- DREAD model
- Damage / Step 6 – rate the threats
- Reproducibility / Step 6 – rate the threats
- Exploitability / Step 6 – rate the threats
- Affected users / Step 6 – rate the threats
- Discoverability / Step 6 – rate the threats
E
- Eavesdropper / Encryption and decryption
- Electronic Code Book (ECB) / Symmetric encryption
- electronic control units (ECUs) / Design IoT systems that are safe
- Electronic Control Units (ECUs) / Modernizing the transportation ecosystem, Today's IoT attacks
- Electronic Key Management System (EKMS)
- Electronic Serial Number (ESN) / Bootstrapping and securely configuring devices, Naming a device, Onboarding a device into AWS IoT
- Electronic Vehicle (EV) / The IoT of today
- Elliptic Curve (EC) / Types and uses of cryptographic primitives in the IoT
- Elliptic Curve Qu Vanstone (ECQV) / ZigBee
- encryption
- about / Encryption and decryption
- symmetric encryption / Symmetric encryption
- asymmetric encryption / Asymmetric encryption
- end-of-life maintenance
- performing / Performing end-of-life maintenance
- zeroization / Secure device disposal and zeroization
- secure device disposal / Secure device disposal and zeroization
- data purging / Data purging
- inventory control / Inventory control
- End Entities (EE)
- about / PKI primer
- explicit trust / PKI primer
- cross-certification / PKI primer
- end entity / PKI primer
- Enhanced Cybersecurity Services (ECS)
- about / Escalation and monitoring
- reference / Escalation and monitoring
- Enhanced Privacy Identity (EPID) / Hardware-to-cloud security
- ENISA's baseline security recommendations
- reference / ENISA's baseline security recommendations
- exploit potential / Threats
- Exploit Transitive Trust / Building an attack tree
- Extensible Authentication Protocol (EAP) / Cellular communications
- Extensible Markup Language (XML) / XMPP
- Extensible Messaging and Presence Protocol (XMPP)
- about / Messaging protocols, XMPP
- reference / XMPP
F
- failure modes and effects analysis (FMEA)
- fault-tree analysis
- about / Fault-tree analysis
- reference / Fault-tree analysis
- fault tree
- versus attack tree / Fault tree and attack tree differences
- Fault Tree Analysis (FTA)
- about / Fault (failure) trees and CPS
- reference / Fault (failure) trees and CPS
- merging, with attack tree analysis / Merging fault and attack tree analysis
- Federal Communications Commission (FCC) / Protecting against jamming attacks
- Federal Trade Commission (FTC) / Understanding the privacy landscape
- FIDO alliance
- reference / Biometrics
- Firmwalker
- reference / Post-incident device forensics
- about / Post-incident device forensics
- firmware
- managing / Managing firmware and patching updates
- fog
- about / The concept of the fog
- reference / The concept of the fog
- future-proofing IoT cryptography
- about / Future-proofing IoT cryptography
- crypto agility / Crypto agility
- Post Quantum (PQ) cryptography / Post quantum cryptography
- fuzz testing
- activities / Fuzz testing
G
- Galois Counter Mode (GCM) / Counter modes, Ciphersuites
- Galois Message Authentication Code ( GMAC) / Symmetric (MACs)
- gateway
- about / Gateways
- configuring / Configuring gateway and network security
- deploying / Gateways
- security / Gateway security
- authentication / Authentication to the gateway
- GDPR / GDPR
- General Purpose Input/Output (GPIO) / The hardware
- Geographic Information System (GIS) / Building an attack tree
- Global Positioning System (GPS)
- about / Autonomous systems, Protecting against jamming attacks
- spoofing / Building an attack tree
- Governance, Risk, and Compliance (GRC) / IoT compliance
- GPRS Encryption Algorithm (GEA) / Cellular communications
- ground control station (GCS)
- spoofing / Building an attack tree
- group management
- reference / Group management
H
- Hardsploit
- about / Evaluating hardware security
- reference / Evaluating hardware security
- hardware protection measures
- using / Design IoT systems using hardware protection measures
- secure hardware components, using / Introduce secure hardware components within your IoT system
- anti-tamper mechanisms, incorporating / Incorporate anti-tamper mechanisms that report and/or react to attempted physical compromise
- Hardware Security Modules (HSM) / Physical security attacks, Cryptographic module principles, Trust stores
- hazard analysis
- about / Hazard analysis
- hazard and operability studies (HAZOPs) / Hazard and operability studies (HAZOPs)
- fault-tree analysis / Fault-tree analysis
- failure modes and effects analysis (FMEA) / Failure modes and effects analysis (FMEA)
- hazard and operability studies (HAZOPs)
- about / Hazard and operability studies (HAZOPs)
- reference / Hazard and operability studies (HAZOPs)
- Heartbleed
- reference / The need for software transparency
- High Tech Crime Investigation Association (HTCIA)
- about / Escalation and monitoring
- reference / Escalation and monitoring
- HIPAA / HIPAA
- HIPAA/HITECH / HIPAA/HITECH
- Home Automation Public Application Profile (HAPAP) / Configuring device security
- honeypots / Honeypots
- Hypr Biometric Security
- reference / Biometrics
I
- IAM infrastructure
- about / IoT IAM infrastructure
- 802.1x / 802.1x
- Public Key Infrastructures (PKI) / PKI for the IoT
- IBM X-Force Exchange
- reference / Analyzing the compromised system
- IDA-Pro
- reference / Post-incident device forensics
- about / Post-incident device forensics
- Identity and Access Management (IAM) / An introduction to IAM for the IoT
- identity life cycle
- about / The identity life cycle
- naming conventions, establishing / Establish naming conventions and uniqueness requirements
- uniqueness requirements / Establish naming conventions and uniqueness requirements
- bootstrap, securing / Secure bootstrap
- attribute, provisioning / Credential and attribute provisioning
- credential, provisioning / Credential and attribute provisioning
- account, monitoring / Account monitoring and control
- account, controlling / Account monitoring and control
- account updates / Account updates
- account suspension / Account suspension
- account/credential, deactivation/deletion / Account/credential deactivation/deletion
- identity registries
- about / Identity registries
- devices, naming / Naming your devices
- IEEE 802 wireless standards
- reference / Data link and physical protocols
- Incident Response Plan (IRP) / Incident response planning
- incident response planning
- about / Incident response planning
- IoT system categorization / IoT system categorization
- procedures / IoT incident response procedures
- incidents
- managing / Managing incidents
- forensics, performing / Performing forensics
- Industrial Control System (ICS) ISAC
- reference / Analyzing the compromised system
- industry-specific compliance regimens
- Payment Card Industry (PCI) / Managing compliance
- North American Electric Reliability Corporation (NERC) / Managing compliance
- US Postal Service (USPS) / Managing compliance
- Society of Automotive Engineers (SAE) / Managing compliance
- National Institutes for Standards and Technology (NIST) / Managing compliance
- HIPAA / Managing compliance
- COPPA / Managing compliance
- GDPR / Managing compliance
- European ePrivacy Regulation / Managing compliance
- Privacy Act / Managing compliance
- Information Assurance (IA)
- about / The classic pillars of information assurance, Cryptography and its role in securing the IoT
- confidentiality / The classic pillars of information assurance
- integrity / The classic pillars of information assurance
- authentication / The classic pillars of information assurance
- non-repudiation / The classic pillars of information assurance
- availability / The classic pillars of information assurance
- Information Security Continuous Monitoring (ISCM) / DevOps
- information sharing / Information sharing
- InfraGard
- reference / Escalation and monitoring
- infrastructure-as-a-service (IaaS) / Threats to cloud IoT services
- Initialization Vector (IV) / Symmetric encryption, Access controls within communication protocols
- Instant Messaging (IM) protocol / XMPP
- Integer Factorization Cryptography (IFC) / Types and uses of cryptographic primitives in the IoT, Asymmetric encryption
- Integrated Circuits (ICs) / The hardware
- Integrated Modular Avionics (IMA) / Example anatomy of a deadly cyber-physical attack
- Intelligent Transportation Systems (ITS) / Modernizing the transportation ecosystem
- internal compliance, monitoring
- about / Internal compliance monitoring
- sensors, installing / Install/update sensors
- sensors, updating / Install/update sensors
- flaws, searching automatically / Automated search for flaws
- results, collecting / Collect results
- triage / Triage
- bug fixes / Bug fixes
- reporting / Reporting
- system design updates / System design updates
- International Business Machines (IBM) / MQTT
- Internet Engineering Task Force (IETF) / Authorization for the IoT
- Internet of Things (IoT)
- defining / Defining the IoT
- Cyber-Physical Systems (CPSes), defining / Defining cyber-physical systems
- inventory control
- about / Inventory control
- records, managing / Data archiving and managing records
- data, archiving / Data archiving and managing records
- IoT attacks
- about / Today's IoT attacks, Attacks
- authentication attacks / Authentication attacks
- Distributed Denial of Service (DDoS) / Distributed Denial of Service (DDoS)
- application security attacks / Application security attacks
- wireless reconnaissance / Wireless reconnaissance and mapping
- mapping / Wireless reconnaissance and mapping
- security protocol attacks / Security protocol attacks
- physical security attacks / Physical security attacks
- IoT compliance
- about / IoT compliance
- challenges / IoT compliance
- implementing / Implementing IoT systems in a compliant manner
- IoT compliance program
- about / An IoT compliance program
- executive oversight / Executive oversight
- documentation / Policies, procedures, and documentation
- policies / Policies, procedures, and documentation
- procedures / Policies, procedures, and documentation
- training / Training and education
- education / Training and education
- testing / Testing
- internal compliance, monitoring / Internal compliance monitoring
- periodic risk assessments / Periodic risk assessments
- IOT Device B / Encryption and decryption
- IoT ecosystem
- about / The IoT ecosystem
- physical devices and controllers / Physical devices and controllers
- connectivity / Connectivity
- messaging protocols / Messaging protocols
- data accumulation / Data accumulation
- data abstraction / Data abstraction
- applications / Applications
- collaboration / Collaboration and processing
- processing / Collaboration and processing
- IoT forensics
- about / IoT forensics
- post-incident device forensics / Post-incident device forensics, New data sources for crime solving
- IoT incident response
- executing / Defining, planning, and executing an IoT incident response
- defining / Defining, planning, and executing an IoT incident response
- planning / Defining, planning, and executing an IoT incident response
- cloud provider's role / The cloud provider's role
- team composition / IoT incident response team composition
- communication, planning / Communication planning
- IRP, operationalizing / Operationalizing an IRP in your organization
- IoT innovations
- about / The IoT of tomorrow
- autonomous systems / Autonomous systems
- cognitive systems / Cognitive systems
- IoT medical devices
- FDA guidance, reference / FDA guidance on IoT medical devices
- IoT penetration test tools
- BlueMaho / IoT penetration test tools
- FACT / IoT penetration test tools
- MobSF / IoT penetration test tools
- Bluelog / IoT penetration test tools
- crackle / IoT penetration test tools
- SecBee / IoT penetration test tools
- KillerBee / IoT penetration test tools
- scapy-radio / IoT penetration test tools
- Wireshark / IoT penetration test tools
- Aircrack-ng / IoT penetration test tools
- Chibi / IoT penetration test tools
- Hardsploit / IoT penetration test tools
- HackRF / IoT penetration test tools
- Shikra / IoT penetration test tools
- IoT security
- versus cybersecurity / Cybersecurity versus IoT security
- IoT system
- monitoring / Monitoring your system
- RF monitoring / RF monitoring
- IoT technology
- about / The IoT of today
- IoT-enabled energy grid / An IoT-enabled energy grid
- transportation ecosystem, modernizing / Modernizing the transportation ecosystem
- smart manufacturing / Smart manufacturing
- smart cities / Smart cities spread across the globe
- cross-industry collaboration, importance / The importance of cross-industry collaboration
- IPv6 over Low Power Wireless Personal Area Networks (6LoWPAN) / Network protocols
J
- JSON Web Tokens (JWT)
- about / Authentication to the gateway
- reference / Authentication to the gateway
K
- Key Derivation Function (KDF) / Key derivation
- Key Encryption Key (KEK) / Key establishment, Symmetric keys
- key establishment
- key agreement / Key establishment
- key transport / Key establishment
- key management / Managing keys and certificates, Key and certificate management
- Key Management Interoperability Protocol (KMIP) / Accounting and management
L
- leaf node / Building an attack tree
- Let's Encrypt
- reference / Account updates
- LO3
- about / An IoT-enabled energy grid
- reference / An IoT-enabled energy grid
- Location Obscurer Proxy (LOP) / Privacy impacting on IoT security systems
- Logical Access Control Systems (LACS) / An introduction to IAM for the IoT
- Low Rate Wireless Personal Area Networks (LRWPAN) / Network protocols
M
- machine Learning (ML) / Autonomous systems
- Management Information Bases (MIBs) / Automated search for flaws
- mapping / Wireless reconnaissance and mapping
- Media Access Control (MAC) / Metadata can leak private information
- Medium Access Control (MAC) / Cellular communications
- Memory Protection Unit (MPU) / Real-time operating systems
- Message Authentication Code (MAC) / Cryptography and its role in securing the IoT, Install/update sensors
- messaging protocols
- MITRE Principles
- about / Design IoT systems that are resilient
- reference / Design IoT systems that are resilient
- Modify GIS Tables / Building an attack tree
- MQTT / MQTT
- MQTT API
- about / Authentication to the gateway
- reference / Authentication to the gateway
- MQTT for Sensor Networks (MQTT-SN)
- MQTT Version 3.1.1
- reference / Passwords
N
- naming conventions
- device, naming / Naming a device
- National Security Agency (NSA) / Cryptographic module principles
- National Telecommunications and Information Administration (NTIA) / The need for software transparency
- National Vulnerability Database (NVD) / IoT penetration test tools
- navigation database
- corrupting / Building an attack tree
- Near Field Communication (NFC) / Bluetooth-LE, Near Field Communication (NFC)
- NERC CIP / NERC CIP
- Network Access Control (NAC) / Post-incident activities (recovery)
- network access controls / Network segmentation and network access controls
- Network Function Virtualization (NFV) / The IoT, networks, and the cloud
- network protocols / Network protocols
- network security
- configuring / Configuring gateway and network security
- ports / Ports, protocols, and services
- protocols / Ports, protocols, and services
- services / Ports, protocols, and services
- network services / Network services
- network segmentation / Network segmentation and network access controls
- Network Time Protocol (NTP) / Analyzing the compromised system
- NIST FIPS 199
- reference / IoT system categorization
- NIST Risk Management Framework (RMF) / The NIST Risk Management Framework (RMF)
- NIST SP 800-131A
- reference / Summary of key management recommendations
- Non-Deterministic Random Number Generator (NDRNG) / Random number generation
- non-functional requirements
- handling / Handling non-functional requirements
- reference / Handling non-functional requirements
- security / Security
- safety / Safety
- resilience / Resilience
- notional cloud security
- approach / A notional cloud security approach
O
- OAuth 2.0 / OAuth 2.0
- reference / OAuth 2.0
- On-Board Equipment (OBE) / IEEE 1609.2, New privacy approaches for credentials
- Online Certificate Status Protocol (OCSP) / Managing keys and certificates, OCSP
- onward transfer / Information sharing
- Open Effect
- reference / Metadata can leak private information
- Open On-Chip Debugger
- reference / Post-incident device forensics
- Open Threat Exchange (OTX)
- reference / Analyzing the compromised system
- Operational Security (OPSEC) / The IoT introduces new threats to user privacy
- Output Feedback Modes (OFB) / Block chaining modes
- OWASP Firmware Analysis Project
- reference / Automated search for flaws
P
- Passive Vulnerability Scanner (PVS) / Automated search for flaws
- Password-Based Key Derivation (PBKDF) / Key derivation
- Password Authenticated Key Exchange (PAKE) / Cellular communications
- passwords
- managing / Managing accounts, passwords, and authorizations
- using / Passwords
- precautions / Passwords
- Payment Card Industry (PCI) / IoT compliance
- Payment Card Industry (PCI) Data Security Standard (DSS)
- penetration testing
- performing / Performing penetration testing
- red and blue teams / Red and blue teams
- Perfect Forward Secrecy (PFS) / Summary of key management recommendations
- periodic risk assessments
- performing / Periodic risk assessments
- black box testing / Black box testing
- white box testing / White box assessments
- fuzz testing / Fuzz testing
- permissions
- reference / Permissions
- persistent configuration management / Persistent configuration management
- Personal Area Network (PAN) / Cellular communications
- Personally Identifiable Information (PII) / Characterizing collected information
- Physical Access Control Systems (PACS) / An introduction to IAM for the IoT
- physical devices and controllers
- about / Physical devices and controllers
- hardware / The hardware
- Real-Time Operating System (RTOS) / Real-time operating systems
- gateways / Gateways
- IoT integration platforms / IoT integration platforms and solutions
- IoT integration solutions / IoT integration platforms and solutions
- physical security attacks / Physical security attacks
- plaintext / Encryption and decryption
- Point Of Contact (POC) / IoT incident response team composition
- policy management
- about / Policy management
- group management / Group management
- permissions / Permissions
- post-incident device forensics
- about / Post-incident device forensics, New data sources for crime solving
- smart electrical meters / Smart electrical meters and water meters
- water meters / Smart electrical meters and water meters
- wearables / Wearables
- home security cameras / Home security cameras
- home assistants / Home assistants
- Post Quantum (PQ) cryptography / Post quantum cryptography
- Power Line Communication (PLC) / Data link and physical protocols
- reference / Data link and physical protocols
- Pre-Master Secret (PMS) / Asymmetric encryption, Ciphersuites
- Privacy by Design (PbD)
- about / Privacy by design
- principle / Privacy by design
- privacy challenges
- about / Privacy challenges introduced by the IoT
- complex sharing environment / A complex sharing environment
- metadata / Metadata can leak private information
- for credentials / New privacy approaches for credentials
- on IoT security systems / Privacy impacting on IoT security systems
- surveillance / New methods of surveillance
- privacy engineering
- recommendations / Privacy engineering recommendations
- throughout organization / Privacy throughout the organization
- professionals / Privacy-engineering professionals
- activities / Privacy-engineering activities
- privacy landscape / Understanding the privacy landscape
- regulations / Understanding the privacy landscape
- Privacy Impact Assessment (PIA)
- performing / Guide to performing an IoT PIA
- overview / Overview
- authorities / Authorities
- collected information, characterizing / Characterizing collected information
- collected information, usage / Uses of collected information
- security / Security
- notice / Notice
- data retention / Data retention
- information sharing / Information sharing
- redress / Redress
- accountability / Auditing and accountability
- auditing / Auditing and accountability
- Product Security Incident Response Team (PSIRT) / Managing incidents
- Programmable Logic Controllers (PLCs) / Managing incidents
- Protected Health Information (PHI) / Understanding the privacy landscape
- Protocol Data Unit (PDU) / Bluetooth-LE
- Provider Service Identifier (PSID) / IEEE 1609.2
- Public Key Infrastructure (PKI) / Key and certificate management
- Public Key Infrastructures (PKI)
- about / IoT IAM infrastructure
- for IoT / PKI for the IoT
- PKI primer / PKI primer
- trust stores / Trust stores
- architecture for privacy / PKI architecture for privacy
- revocation support / Revocation support
Q
- Quality of Service (QoS) / DDS
R
- Radio Frequency (RF) protocols / Data link and physical protocols
- Random Access Memory (RAM) / The hardware
- random number generation / Random number generation
- Random Number Generators (RNGs) / Random number generation
- Ravello nested hypervisor
- reference / Testing
- Read-Only Memory (ROM) / The hardware, Secure bootstrap
- Real-Time Operating System (RTOS)
- about / Real-time operating systems
- TinyOS / Real-time operating systems
- Contiki / Real-time operating systems
- Mantis / Real-time operating systems
- Nano-RK / Real-time operating systems
- Lite-OS / Real-time operating systems
- FreeRTOS / Real-time operating systems
- SapphireOS / Real-time operating systems
- BrilloOS / Real-time operating systems
- uCLinux / Real-time operating systems
- ARM Mbed OS / Real-time operating systems
- RIOT OS / Real-time operating systems
- VxWorks / Real-time operating systems
- LynxOS / Real-time operating systems
- Zephyr / Real-time operating systems
- Windows 10 IoT / Real-time operating systems
- QNX (Neutrino) / Real-time operating systems
- Ubuntu Core / Real-time operating systems
- OpenWRT / Real-time operating systems
- GreenHills IntegrityOS / Real-time operating systems
- Real-Time Protocols (RTP) / Ciphersuites
- red and blue teams
- about / Red and blue teams
- hardware security, evaluating / Evaluating hardware security
- airwaves / The airwaves
- IoT penetration test tools / IoT penetration test tools
- Redirect UAS / Building an attack tree
- Registration Authority (RA) / Credential and attribute provisioning, PKI primer, Privacy impacting on IoT security systems
- research community
- engaging with / Engaging with the research community
- resilient design
- designing / Design IoT systems that are resilient
- jamming attacks, protecting / Protecting against jamming attacks
- device redundancy / Device redundancy
- gateway, caching / Gateway caching
- digital configurations / Digital configurations
- gateway, clustering / Gateway clustering
- rate, limiting / Rate limiting
- congestion control / Congestion control
- security management features, providing to administrators / Provide flexible policy and security management features to administrators
- flexible policy, providing / Provide flexible policy and security management features to administrators
- logging mechanisms, providing / Provide logging mechanisms and feed integrity-protected logs to the cloud for safe storage
- integrity-protected logs, feeding to cloud / Provide logging mechanisms and feed integrity-protected logs to the cloud for safe storage
- responsible disclosure
- reference / Today's IoT attacks
- Returns On Investment (ROI) / Vulnerability
- Return to Launch (RTL) / Protecting against jamming attacks
- revocation support, PKI
- about / Revocation support
- Online Certificate Status Protocol (OCSP) / OCSP
- OCSP stapling / OCSP stapling
- SSL pinning / SSL pinning
- RF monitoring / RF monitoring
- risks
- about / Primer on threats, vulnerability, and risks , Risks
- managing / Risks
- Rivest, Shamir, Adelman (RSA) / Asymmetric encryption
- Road Side Equipment (RSE) / Biometrics
- Roadside Equipment (RSE) / Design IoT systems that are safe
- RoadSide Units (RSU) / Modernizing the transportation ecosystem, IoT products and systems can be physically compromised, Protecting against jamming attacks, PKI architecture for privacy
- role type
- user roles / Policy management
- application roles / Policy management
- gateway roles / Policy management
- Root Cause Analysis (RCA) / Failure modes and effects analysis (FMEA)
S
- Safe Harbor privacy principle
- reference / Information sharing
- safety, cyber-physical IoT
- reference / The classic pillars of information assurance
- safety, non-functional requirements
- about / Safety
- hazard analysis / Hazard analysis
- secure design, goals
- defining / Secure design goals
- automated attack risks, mitigating / Design IoT systems that mitigate automated attack risks
- secure points of integration, designing / Design IoT systems with secure points of integration
- confidentiality and integrity, protecting / Designing IoT systems to protect confidentiality and integrity
- safe system, designing / Design IoT systems that are safe
- hardware protection measures, using / Design IoT systems using hardware protection measures
- availability / Design IoT systems that remain available
- resilient design / Design IoT systems that are resilient
- compliance design / Design IoT systems that are compliant
- Secure Development Lifecycle (SDL) / Automated security analysis
- Secure Development Life Cycle (SDLC)
- about / The Secure Development Life Cycle (SDLC)
- waterfall / Waterfall
- Spiral / Spiral
- Agile / Agile
- DevOps / DevOps
- Secure Device Onboard (SDO) / Hardware-to-cloud security
- secure IoT development, challenges
- about / The challenge of secure IoT development
- speed to market matters / Speed to market matters
- deluge of attacks / Internet-connected devices face a deluge of attacks
- threats to user privacy / The IoT introduces new threats to user privacy
- physically compromised devices / IoT products and systems can be physically compromised
- skilled security engineers / Skilled security engineers are hard to find (and retain)
- Secure Sockets Layer (SSL) certificates / Managing keys and certificates
- SecurITree tool
- about / Building an attack tree
- features / Building an attack tree
- Security Credential Management System (SCMS) / Managing keys and certificates, PKI architecture for privacy, Privacy impacting on IoT security systems
- Security Development Lifecycle (SDL)
- reference / The Secure Development Life Cycle (SDLC)
- Security Event Information Management (SIEM) / Provide logging mechanisms and feed integrity-protected logs to the cloud for safe storage
- Security Guidance for Critical Areas of Focus
- reference / The cloud provider's role
- Security Incident and Event Management (SIEM) / Implementing IoT systems in a compliant manner
- Security Information and Event Management (SIEM) / Detection and analysis
- security non-functional requirements
- handling / Security
- threat modeling / Threat modeling
- sources / Other sources for security requirements
- security policies
- defining / Defining your security policies
- secure communications / Defining your security policies
- cryptography / Defining your security policies
- key and certificate management / Defining your security policies
- password management / Defining your security policies
- security posture
- evaluating / Lessons learned and systematic approaches
- Self-Driving Vehicles (SDVs) / Autonomous systems
- Service Level Agreement (SLA) / Cloud availability, Information sharing
- Service Specific Permission (SSP) / IEEE 1609.2
- Shared Access Signature (SAS) token / Authentication to the gateway
- Short-Term Key (STK) / Bluetooth-LE
- Signal Phase and Timing (SPaT) / New privacy approaches for credentials
- Simple Network Management Protocol (SNMP) / Automated search for flaws
- small Unmanned Aerial Systems (sUAS) / Data accumulation
- smart cities
- about / Smart cities spread across the globe
- reference / Smart cities spread across the globe
- Smart City Open Urban Platform (SCOUP) / Smart cities spread across the globe
- smart manufacturing / Smart manufacturing
- reference / Smart manufacturing
- smart parking system
- reference / Threat modeling an IoT system
- Software-Defined Radio (SDR) / RF monitoring
- Software as a Service (SaaS) / Data accumulation
- Software Bill of Materials (SBOM) / The need for software transparency
- Software Defined Networking (SDN) / The IoT, networks, and the cloud
- Software Development Kit (SDK) / Onboarding a device into AWS IoT
- software transparency
- need for / The need for software transparency
- automated security analysis / Automated security analysis
- research community, engaging with / Engaging with the research community
- Spiral / The Secure Development Life Cycle (SDLC)
- Standards Organizations (SOs) / Lessons learned and systematic approaches
- Supervisory Control and Data Acquisition (SCADA) / Lessons learned and systematic approaches
- symmetric (MACs) / Symmetric (MACs)
- symmetric encryption / Symmetric encryption
- block chaining modes / Block chaining modes
- counter modes / Counter modes
- Symmetric Key Establishment (SKKE) / ZigBee
- symmetric keys / Symmetric keys
- system-on-module (SoM) / Introduce secure hardware components within your IoT system
- system on chip (SoC) / Introduce secure hardware components within your IoT system
- system roles
- defining / Defining system roles
- gateway / Defining system roles
- privileged gateway / Defining system roles
- device / Defining system roles
- privileged device / Defining system roles
- management application / Defining system roles
- system application / Defining system roles
- privileged application / Defining system roles
- administrator / Defining system roles
- user / Defining system roles
- auditor / Defining system roles
- third party / Defining system roles
- System Security Plans (SSPs) / Policies, procedures, and documentation
- system stakeholders
- training / Training system stakeholders
- security awareness training, for employees / Security awareness training for employees
- security administration training, for IoT / Security administration training for the IoT
T
- Texas Instruments (TI) / The hardware
- Thing Shadow
- about / Persistent configuration management
- reference / Persistent configuration management
- Threat Dragon
- reference / Threat modeling
- threat intelligence
- setting up / Setting up threat intelligence and vulnerability tracking, Threat intelligence
- honeypots / Honeypots
- threat modeling
- about / Threat modeling an IoT system
- example / Threat modeling an IoT system
- assets, identifying / Step 1 – identify the assets
- system/architecture overview, creating / Step 2 – create a system/architecture overview
- IoT system, decomposing / Step 3 – decompose the IoT system
- threats, identifying / Step 4 – identify threats
- threats, documenting / Step 5 – document the threats
- threats, rating / Step 6 – rate the threats
- reference / Threat modeling
- threats
- about / Primer on threats, vulnerability, and risks , Threats
- to safety / Threats to both safety and security
- to security / Threats to both safety and security
- Time Division Multiple Access (TDMA) / Cellular communications
- TinyOS
- reference / Real-time operating systems
- Traffic Management Centers (TMCs) / Modernizing the transportation ecosystem, IoT products and systems can be physically compromised
- training program
- skills assessments / Skills assessments
- on cybersecurity tools / Cybersecurity tools
- data security / Data security
- defense-in-depth / Defense in depth
- privacy / Privacy
- networks / The IoT, networks, and the cloud
- IoT / The IoT, networks, and the cloud
- cloud / The IoT, networks, and the cloud
- threats/attacks / Threats/attacks
- certifications / Certifications
- Transport Control Protocol (TCP) / Transport protocols
- Transport Layer Security (TLS) / Transport protocols, Ciphersuites, Passwords
- Trust Center (TC) key / Establishing good key management practices for WSNs.
- Trust Center Link Keys (TCLK) / ZigBee
- Trusted Computing Group (TCG) / Moving back toward the edge
- Trusted Platform Modules (TPMs) / Trust stores
- TrustZone
- security services / Introduce secure hardware components within your IoT system
U
- uCLinux
- reference / Real-time operating systems
- Ultra Narrow Band (UNB) / Cellular communications
- Underwriters Laboratory IoT certification
- Unified Extensible Firmware Interface (UEFI) / Real-time operating systems
- Uniform Resource Indicators (URIs) / CoAP, OAuth 2.0
- Universally Unique Identifier (UUID) / Establish naming conventions and uniqueness requirements
- Unmanned Aerial Systems (UAS) / An IoT-enabled energy grid
- Unmanned Aircraft Systems (UAS) / Building an attack tree
- updates
- patching / Managing firmware and patching updates
- UrJTAG
- reference / Post-incident device forensics
- User Datagram Protocol (UDP) / Transport protocols
- User Equipment (UE) / Cellular communications
- user privacy threats
- privacy concerns / The IoT introduces new threats to user privacy
- anonymity concerns / The IoT introduces new threats to user privacy
- location-tracking concerns / The IoT introduces new threats to user privacy
- US IoT Cybersecurity Improvement Act
- reference / The US IoT Cybersecurity Improvement Act (draft)
- uVisor
- reference / Real-time operating systems
V
- Vehicle-to-Infrastructure (V2I) communications / IEEE 1609.2
- Vehicle-to-Vehicle (V2V) technology / Modernizing the transportation ecosystem
- Virtual Local Area Network (VLAN) / Network segmentation and network access controls
- Virtual Machines (VMs) / DevOps
- vulnerability / Primer on threats, vulnerability, and risks , Vulnerability
- vulnerability tracking
- setting up / Setting up threat intelligence and vulnerability tracking
- reference / Vulnerability tracking
- about / Vulnerability tracking
W
- waterfall / The Secure Development Life Cycle (SDLC)
- white box testing
- activities / White box assessments
- Windows Server Update Service (WSUS) / Real-time operating systems
- wireless reconnaissance
- about / Wireless reconnaissance and mapping
- reference / Wireless reconnaissance and mapping
- Wireless Sensor Network (WSN)
- about / Design IoT systems that are resilient, Configuring gateway and network security, Install/update sensors
- securing / Securing WSN
- key management, establishing / Establishing good key management practices for WSNs.
- physical protections, establishing / Establishing physical protections
X
- XMPP-IoT
- reference / XMPP
Z
- Z-Wave networks / Establishing good key management practices for WSNs.
- ZigBee
- reference / Security protocol attacks, ZigBee
- about / ZigBee
- ZigBee Light Link (ZLL) / Configuring device security
- ZigBee networks / Establishing good key management practices for WSNs.
- ZWave / ZWave