Recently, I conducted a Workshop at the India Electronics Week - EFYCON 2018 held at KTPO, Bangalore. This session was focussed on sensitising the audience about how we can leverage the anonymity & containerisation benefits of TOR & Docker technologies respectively to address the security & privacy challenges in IOT Businesses and stop Surveillance Capitalism.
There were several Live Demos on how to build an Internet of 'Hidden' Things by creating confidential, authenticated and anonymous IOT Applications using TOR Hidden Services amalgamated with Docker Containers. The demos showed that these 'Hidden' Things/Devices can even hide the fact they exist at all, if you don’t know the necessary cookie. One can neither crawl nor probe your IOT device through the Internet while your device uses the Onion Authentication feature of TOR Hidden Services. The workshop also covered the dark-side of using Internet of Hidden Things in future.
Here's the digest of the presentation.
1. Introduction to TOR Hidden Services (HS)
- HS Rendezvous Protocol
- Analysis of hiddenness of HSs
2. Introduction to Docker Containers
- Virtualization vs Containerization
- Security Advantages of using Docker Containers
3. Dark-Side of Internet of Things
- Smart Devices: bridging the gap between Digital threats & Physical threats
- Recent Hacks: Jeep Cherokee, Mattel's Wi-fi Hello Barbie, Mirai DDoS Botnet
- Era of Ubiquitous Surveillance: Data being the new Oil of 21st century
- Security vs Privacy vs Anonymity: Importance of Trust in IOT Privacy
4. Need for Internet of 'Hidden' Things
- Security by Obscurity vs Security by Design
- Achieving Privacy with Hidden IOT Devices
- Leveraging the anonymity & containerisation benefits of TOR & Docker in IOT
- How hidden & anonymous IOT Devices can stop Surveillance Capitalism
5. Live Demos:- Hosting Tor Hidden Service in seconds with Docker Containers
- Pushing hidden containers to Linux-based IOT devices for hiding them
- Connecting anonymously to hidden IOT devices with proper authentication
6. Dark-Side of Internet of Hidden Things
- How hidden IOT devices can be exploited for malicious purposes
7. Discussion & Takeaways
- Conclusion & Futuristic Thoughts.
Below is the presentation material for the delivered session.
No comments:
Post a Comment