Close
0%
0%

Security for IoT HackChat

We'll be talking about adding security features to your IoT project

Friday, February 24, 2017 12:00 pm PST - Friday, February 24, 2017 12:30 pm PST Local time zone:
Hack Chat
Similar projects worth following

IoT security chat is happening this Friday February 24 at noon PST.

This HackChat focuses on security on lightweight devices, especially the microcontrollers commonly used in maker projects. We'll be discussing building things that in some way connect to a larger network, especially the internet.

The chat is hosted by the Big Crypto team, Wenchen Wang, Ziyue Sun, Brandon Contino, and Nick Albanese, all students at the University of Pittsburgh.

Big Crypto is looking to talk to people about IoT maker security, here's the form if you'd like to chat with them one on one about it: https://docs.google.com/forms/d/e/1FAIpQLScnXHiExCgd3d4-t-5pgw_lqv3nmrfazeDPtQh6IbNm4DGFrA/viewform?c=0&w=1

Big Crypto is thinking about these questions:

Are there roadblocks that people have to implementing any type of security in their projects?

Is apathy or ignorance one of the reasons security is usually not even considered in these projects?

Here's the list for discussion questions.

All events take place in the Hack Chat, join below!

  • (edited) Transcript for IoT Security HackChat

    Sophi Kravitz02/24/2017 at 20:33 0 comments

    nick.albo says:34 minutes ago

    That's great Nick Sayer! I am one of the students from Pitt who is doing a project. We are reall excited to get all of you guys' input on the subject

    mjbraun says:34 minutes ago

    Nick Sayer, same here. Who are you with?

    M.daSilva says:34 minutes ago

    That email was pretty useful last week, wouldn't have been here otherwise :)

    34 minutes ago

    welcome @nick.albo thanks for coming to share your projects

    Nick Sayer says:33 minutes ago

    I'm not sure I can mention them out loud or not. But I work for a company that has a very very large deployment of remotely addressable devices.

    mjbraun says:32 minutes ago

    No worries. I'm with NCC Group, FWIW.

    32 minutes ago

    @nick.albo is here to talk about maker IoT projects- but ... I'll him intro himself and the team once we get started

    themartinm says:31 minutes ago

    Silver Spring Networks? :P

    Nick Sayer says:31 minutes ago

    It's not a big secret or anything. I just am not sure I'm allowed to give the impression of being some sort of spokesman. :D

    30 minutes ago

    lol

    Nick Sayer says:30 minutes ago

    Well, I'm pretty sure I'm *not* allowed to do that, actually..

    mjbraun says:30 minutes ago

    "Your opinions are yours and not your employer's". Got it!

    Nick Sayer says:30 minutes ago

    :D

    30 minutes ago

    haha

    themartinm says:30 minutes ago

    I think it goes without saying that unless specified directly anyone's opinions are like mjbraun said, yours not your employers ;)

    30 minutes ago

    so it's time to get started

    30 minutes ago

    we have a sheet: https://docs.google.com/spreadsheets/d/1Y2Gq3zATBvBrVrG51wasoNmGRf97EFXvv94TvZxMR2E/edit#gid=0

    30 minutes ago

    for discussion questions

    steverobillard says:29 minutes ago

    @Nick can't say = NSA

    29 minutes ago

    ...and welcome to @nick.albo + team!

    j0z0r pwn4tr0n says:27 minutes ago

    warm hackaday welcome

    nick.albo says:27 minutes ago

    thanks @SophiOne. So like Sophi said, our group is doing a semester long project about IoT security. We are all from the University of Pittsburgh and are here today to learn from you guys about what the maker community feels about security in their projects.

    Bhavesh Kakwani says:26 minutes ago

    @nick.albo This is a great topic! I have pretty much avoided IoT till now because of fears of not being able to implement it securely

    Neil Cherry says:26 minutes ago

    There is no S in IoT (it's silent) :(

    Neil Cherry says:25 minutes ago

    I've got ideas but they need a 32b cpu to start (esp8266 seems okay)

    Mike D. says:25 minutes ago

    It is possible but like every thing in this space, there are some bumps to get over.

    Non-ICE says:25 minutes ago

    A lot of home security vendors are implementing IoT into their alarm systems these days. Anyone dug into their security measures?

    Non-ICE says:25 minutes ago

    A lot of home security vendors are implementing IoT into their alarm systems these days. Anyone dug into their security measures?

    Nick Sayer says:24 minutes ago

    IMHO step 1 is realizing just how hostile the Internet is. All you have to do to see that is expose a listener on TCP port 22 to the Internet and watch how often the doorknob gets rattled.

    nick.albo says:24 minutes ago

    @Bhavesh Gohel so thats the what we are talking about exaclty. What kind of security measures would you need to have in place to be comfortable with IoT?

    Non-ICE says:24 minutes ago

    and don't openport 3389 to your winblowsserver

    anfractuosity says:23 minutes ago

    I was wondering, if you use things like LoRa, are MCUs these days powerful enough for elliptic curve crypto etc. (I think some chips provide acceleration for symmetric)

    Neil Cherry says:23 minutes ago

    I've only been playing with MQTT (cloud and local)

    Mike D. says:23 minutes ago

    I think there are some pretty easy ones to consider right off the bat.. No hardcoded credentials in the firmware, don't expose any API keys to the internet or source code repositories right? TLS for any calls to cloud based services....

    Nick Sayer says:23 minutes ago

    infract: You can get crypto accelerators to do the heavy lifting for you. Highly recommended.

    Neil Cherry says:23 minutes ago

    It's easy to communicate...

    Read more »

  • More about this chat ...

    Sophi Kravitz02/18/2017 at 22:24 1 comment

    The Big Crypto team comes from the University of Pittsburgh, specifically from a class called Hacking for Defense (http://www.engineering.pitt.edu/hacking4defense/). The team consists of Wenchen Wang, Ziyue Sun, Brandon Contino, and Nick Albanese.

    Wenchen is a PhD student in the computer science department. Ziyue Sun is a masters student in the mechanical engineering program. Brandon and Nick are both undergraduate electrical engineering students.

    Big Crypto team is working on discovering/developing and promoting an easily implementable solution for lightweight cryptography. The maker community is an exciting place to start and try to push for security adoption that will hopefully go out into all IoT applications.

    Our vision for what our project would produce has ranged from actually coding an open source library that would do encryption, to educating the public on the dangers of IoT hacking in an attempt to push the market to force designers to secure devices. Currently we are thinking that we need to provide a resource for makers that will connect them with the available solutions and resources on how to use them.

    Big Crypto is looking to speak to makers/hackers who build devices that have a wireless connection (via wifi, Bluetooth, xbee, etc), or anyone who is interested in these kinds of devices. We are currently interested in the current feelings about the importance of security in the community as well as what roadblocks are currently preventing most projects from being secured.

View all 2 event logs

Enjoy this event?

Share

Discussions

ahakibmahamud wrote 02/28/2017 at 10:33 point

plz help me ...i need to facebook haking program

  Are you sure? yes | no

Interested in attending?

Become a member to follow this event or host your own