Overview of the assessment:
The purpose of this assignment is twofold -
Task 1: In Task 1, students will explore Pretty Good Privacy (PGP) encryption program that provides asymmetric cryptographic privacy and authentication for data communication. PGP is used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications.
Task 2: To develop skills to independently think of a situation and apply skills to analyze complex problems in network security under supervision. In this task, students will analyze a recent case in a chosen field. Based on his/her analysis, the student will find out the causes of the breach and will provide a plausible theoretical solution to resolve the case.
Description of the assessment:
This task needs to be completed using the iGolder PGP Freeware tool. A text file with the public key is provided in the assessment folder. Use this key to encrypt the following plain text that can only be decrypted by your tutor, who has the corresponding private key.
This task consists of three steps – i) field selection ii) find a business case and iii) analyze the business case.
You should work on your assignment progressively in full co-ordination with your tutor.
In the first step of the assignment, you have to select one of the fields listed below. You should choose your field in consultation with your lab tutor –
- Software Defined Networking
· Internet of Things
· Cloud Network
· Wireless Sensor Network
In this step, you need to find a business case in your chosen field from last two years. The business case can be of two types –
- A real world example, where a security breach occurs in your chosen field.
· One IEEE Journal, where authors worked toward the security of your chosen field
The conception of Internet of Things (IoT) was for the first time made in the 20th century, on the other hand, much more research on IoT developed over the past 20 years. It was an idea where conceivably infinite number of 'things' –, like, smart gadgets and sensors – all networked together while utilizing the gadget to gadget technologies brought about by Internet or other IP-based technologies out there.
Be that as it may, attributable to the huge number of divisions attached and their impact on general everyday presence, the security issues can have cruel results, causing hurt, interference to exercises or, in a couple of circumstances, notwithstanding prompting death of users. Colin Tankard from Digital Pathways in his recent blog post took a gander at how we may take off these issues.
Business Case/Journal article
In 2016, a Japanese malware that was widely known as the MIRAI BOTNET was designed by black hats in Japan. The mirai botnet was aiming at attacking linux based devises that are connected to a network and eventally turn them into bots that are controlled remotely. The botnet was launched in 2016 to make rampant attacks on a huge number of IoT devices that were mostly home IP cameras, home routers, home smart devices like smart doors, smart windows, smart air conditioners and many more. This was a major security attack on Internet of Things.
The Mirai Botnet was the largets botnet attack that lead to a widespread Distributed Denial of Service (DDOS) attack as per the White-hat malware research group. Many online businesses that were interconnected on internal and external networks were overwhelmed with traffic from multiple sources. The home devices that got the malware were hacked and got controlled remotely like bots. Research concluded that the mirai botnet looked for devices that were vulnerable through a table of sixty default usernames and passwords. It thereafter signed in to infect the devices. Any infected devices would be controlled by the malware until when it would be rebooted and its password was changed. This IoT security breach clearly shows the levels of venerability of IoT devices if the basic rules of security are not well taken care of.
Analysis of the business Case
Internet of Things is the next big thing in technology; however, it has come with a couple of weaknesses that must be addressed now and in the future. The IoT devices contain many loopholes that can be utilized by black hats having the means and opportunity . As in the aforementioned business case where a team of Japan’s black hats developed a botnet to attack IoT devices, it is clear that they were just targeting devices that interconnect in a wireless network .
Many individuals all around the world using these devices do not care on the security of their devices. When the wireless network is utilizing the technologies of the past, and it does not allow for the encryption of data in transit, it will be surely vulnerable to any attack. All homes and businesses therefore making use of IoT devices and wireless networks must ensure that they are utilizing the best wireless encryption technologies to protect all its data in transit . Many end users of technology in Japan also did not know or had not received enough training on basic security tricks they need to practice while using IoT devices. They should have known how to configure very secure passwords on all their devices. IoT devices have this vulnerability of allowing a user to just provide any password that could not even be secure.
In order to address this, the various IoT manufacturers must provide for a functionality that does not allow one to set up weak passwords of their devices. This will prevent the DDOS attacks as the aforementioned mirai botnet. Moreover, various IoT devices are designed with open API interfaces which allow developers to extend the functionality of the devices . Many IoT designers make devices with these open APIs and give them public network standards such as Wifi and Bluetooth without any access control mechanism or privilege management . This has become a major flau for IOT(Internet of Things) devices that some people now call it a Botnet of Things.
IoT has greatly helped in making the life of many individuals easire by simplifying processes and communication. However, it is evident in this paper that even as we utilize IoT in the twenty first century, we must be careful of the manufacturers reputation with regard to security. Users need also to learn the basic security principles when using IoT devices.
- Folk C, Hurley D, Kaplow WK, Payne JF. The Security Implications of the Internet of Things. Fairfax: AFCEA International Cyber Committee. 2015 Feb.
- Perlman R, Kaufman C, Speciner M. Network security: private communication in a public world. Pearson Education India; 2016.
- Pettersson, Erik. "Comparison of System Performance During DDoS Attacks in Modern Operating Systems." (2017)..
- Botta, A., De Donato, W., Persico, V. and Pescapé, A., 2016. Integration of cloud computing and internet of things: a survey. Future Generation Computer Systems, 56, pp.684-700.
- Zanella, Andrea, and Michele Zorzi. "Applying internet of things paradigm to smart city: communication model and experimentation." IEEE ComSoc MMTC E-Letter 9.5 (2014).
- IEEE Press.Qu, Gang, and Lin Yuan. "Design things for the internet of things: an EDA perspective." Proceedings of the 2014 IEEE/ACM International Conference on Computer-Aided Design. IEEE Press, 2014