Orchestrating and Automating Security for the Internet of Things

Foreword xxvii
Introduction xxix

Part I Introduction to the Internet of Things (IoT) and IoT Security
Chapter 1 Evolution of the Internet of Things (IoT) 1
Defining the Internet of Things 2
Making Technology and Architectural Decisions 5
Is the Internet of Things Really So Vulnerable? 8
Summary 9
References 10

Chapter 2 Planning for IoT Security 11
The Attack Continuum 11
The IoT System and Security Development Lifecycle 13
The End-to-End Considerations 17
Segmentation, Risk, and How to Use Both in Planning the Consumer/Provider Communications
Matrix 21
Summary 30
References 30

Chapter 3 IoT Security Fundamentals 31
The Building Blocks of IoT 31
The IoT Hierarchy 35
Primary Attack Targets 37
Layered Security Tiers 43
Summary 46
References 47

Chapter 4 IoT and Security Standards and Best Practices 49
Today’s Standard Is No Standard 49
Defining Standards 53
The Challenge with Standardization 56
IoT “Standards” and “Guidance” Landscape 58
Standards for NFV, SDN, and Data Modeling for Services 63
Communication Protocols for IoT 70
Specific Security Standards and Guidelines 75
Summary 79
References 80

Chapter 5 Current IoT Architecture Design and Challenges 83
What, Why, and Where? A Summary 85
Approaches to IoT Architecture Design 88
General Approaches 120
Industrial/Market Focused 144
NFV- and SDN-Based Architectures for IoT 154
Approaches to IoT Security Architecture 156
The IoT Platform Design of Today 172
Summary 183
References 183

Part II Leveraging Software-Defined Networking (SDN) and Network Function Virtualization (NFV) for IoT
Chapter 6 Evolution and Benefits of SDX and NFV Technologies and Their Impact on IoT 185
A Bit of History on SDX and NFV and Their Interplay 185
Software-Defined Networking 188
Network Functions Virtualization 217
The Impact of SDX and NFV in IoT and Fog Computing 235
Summary 248
References 249

Chapter 7 Securing SDN and NFV Environments 251
Security Considerations for the SDN Landscape 251
Security Considerations for the NFV Landscape 272
Summary 285
References 285

Chapter 8 The Advanced IoT Platform and MANO 287
Next-Generation IoT Platforms: What the Research Says 287
Next-Generation IoT Platform Overview 291
Example Use Case Walkthrough 308
Summary 321
References 321

Part III Security Services: For the Platform, by the Platform
Chapter 9 Identity, Authentication, Authorization, and Accounting 323
Introduction to Identity and Access Management for the IoT 324
Access Control 336
Authentication Methods 35
Dynamic Authorization Privileges 367
Manufacturer Usage Description 390
Accounting 397
Scaling IoT Identity and Access Management with Federation Approaches 402
Evolving Concepts: Need for Identity Relationship Management 411
Summary 414
References 415

Chapter 10 Threat Defense 417
Centralized and Distributed Deployment Options for Security Services 418
Fundamental Network Firewall Technologies 422
Industrial Protocols and the Need for Deeper Packet Inspection 428
Alternative Solution: Deep Packet Inspection 430
Application Visibility and Control 433
Intrusion Detection System and Intrusion Prevention System 437
Advanced Persistent Threats and Behavioral Analysis 440
Malware Protection and Global Threat Intelligence 455
DNS-Based Security 462
Centralized Security Services Deployment Example Using NSO, ESC, and OpenStack 466
Distributed Security Services Deployment Example Using Cisco Network Function Virtualization Infrastructure Software (NFVIS) 486
Summary 495
References 495
Chapter 11 Data Protection in IoT 499
Data Lifecycle in IoT 507
Data at Rest 518
Data in Use 524
Data on the Move 527
Protecting Data in IoT 531
Summary 573
References 574

Chapter 12 Remote Access and Virtual Private Networks (VPN) 575
Virtual Private Network Primer 575
Site-to-Site IPsec VPN 576
Software-Defined Networking-Based IPsec Flow Protection IETF Draft 588
Software-Based Extranet Using Orchestration and NFV 594
Remote Access VPN 598
Summary 622
References 622

Chapter 13 Securing the Platform Itself 625
(A) Visualization Dashboards and Multitenancy 627
(B) Back-End Platform 631
(C) Communications and Networking 658
(D) Fog Nodes 660
(E) End Devices or “Things” 666
Summary 667
References 667

Part IV Use Cases and Emerging Standards and Technologies
Chapter 14 Smart Cities 669
Use Cases Introduction 669
The Evolving Technology Landscape for IoT 670
The Next-Generation IoT Platform for Delivering Use Cases Across Verticals: A Summary 672
Smart Cities 676
Smart Cities Overview 678
The IoT and Secure Orchestration Opportunity in Cities 688
Security in Smart Cities 693
Smart Cities Example Use Cases 696
Summary 725
References 727

Chapter 15 Industrial Environments: Oil and Gas 729
Industry Overview 733
The IoT and Secure Automation Opportunity in Oil and Gas 735
The Upstream Environment 738
The Midstream Environment 744
The Downstream and Processing Environments 749
Security in Oil and Gas 754
Oil and Gas Security and Automation Use Cases: Equipment Health Monitoring and Engineering Access 763
Evolving Architectures to Meet New Use Case Requirements 788
Summary 792
References 794

Chapter 16 The Connected Car 797
Connected Car Overview 800
The IoT and Secure Automation Opportunity for Connected Cars 809
Security for Connected Cars 830
Connected Car Security and Automation Use Case 849
Summary 871
References 871

Chapter 17 Evolving Concepts That Will Shape the Security Service Future 873
A Smarter, Coordinated Approach to IoT Security 876
Blockchain Overview 880
Blockchain for IoT Security 888
Machine Learning and Artificial Intelligence Overview 890
Machine Learning 893
Deep Learning 894
Natural Language Processing and Understanding 895
Neural Networks 896
Computer Vision 898
Affective Computing 898
Cognitive Computing 898
Contextual Awareness 899
Machine Learning and Artificial Intelligence for IoT Security 899
Summary 900

References 901