1. Mod-1 :
Understanding IoT system risks & challenges

Disruption and Denial of Service attack
Vulnerability of API end points
Vulnerability of Gate way devices
Vulnerability of connected sensors and devices
Vulnerability of Gateway- Server communication
Vulnerability of Cloud services
2. Mod-2 :
OSASP 2014, Top 10 security risk :

I1 Insecure Web Interface
I2 Insufficient Authentication/Authorization
I3 Insecure Network Services
I4 Lack of Transport Encryption
I5 Privacy Concerns
I6 Insecure Cloud Interface
I7 Insecure Mobile Interface
I8 Insufficient Security Configurability
I9 Insecure Software/Firmware
I10 Poor Physical Security
References to OWASP and other related resources
3. Mod-3 :
Understanding challenges of IoT security:

Massive deployments – Many simultaneous connections – Huge increase in data traffic
Constrained devices (Sensors, Actuators) – 16 KB RAM, 128 KB Flash, battery-driven
Low-Power Lossy Networks – 100 kbit/s, high packet loss ( ~ 20%) – Physical layer
packet size limited ( ~ 100 bytes) :
Too much network traffic – Too many messages ? TLS: 2 round trips – Too large
messages ? TLS certificates > 1 KB
Too much RAM needed – Example: Minimal TLS ~ 4 KB
Too large libraries required – Example: TLS has over 100 algorithm options → Standard
security needs profiling

4. Mod-4 :
4 Recent case studies of IoT hacking

5. Mod-5 :
Security issues in Industrial Internet of Thing ( IIOT )- how secure Industrial control network like PLC, DAC interacting with IoT systems

6. Mod-6 :
Security issues in Medical/Health care IoT system : Securing patients from IoT hackers

7. Mod-7 :
Security issues in Connected cars

8. Mod-8 :
IoT Security implementation case study and prevailing art from known IoT Platform

AWS IoT standard for device authentication
Microsoft Azure IoT security standards
IBM IoT security standards
9. Mod-9 :
Legal issues in different verticals of IoT

Manufacturing
Healthcare
Connected Car
Service aggregation like Uber
Banking
10. Mod-10 :
Block Chain and IoT security :

Conventional security and privacy approaches tend tobe inapplicable for IoT, mainly due to its decentralized topology and the resource-constraints of
the majority of its devices. BlockChain (BC) that underpin the cryptocurrency Bitcoin have been
recently used to provide security and privacy in peer-to- peer networks with similar topologies to
IoT. However, BCs are computationally expensive and involve high bandwidth overhead and
delays, which are not suitable for IoT devices. Therefore new kind of BC approaches are evolving
for IoT security specially when control is involved. This module will touch the BC initiative in IoT
security with 3 case studies.

11. Mod-11 :
IoT security and standards: IETF, Most relevant for IoT: – ACE (Authorization and
Authentication in Constrained Environments) – CoRE (Constrained Restful Environments) – COSE
(CBOR Object Signing & Encryption). Existing standards – CoAP (Constrained Application
Protocol) ? Similar to HTTP but for constrained devices – CBOR (Concise Binary Object
Representation) ? Similar to JSON but binary and more compact ? Work in progress – COSE
(CBOR Object Signing and Encryption) ? Securing CBOR objects – OSCoAP (Object Security for
CoAP)

12. Mod-12 :
Active areas of IoT security research, future and Q/A session.