Host Organization
Wayang Golek
Supporting Organizations
Solution Graphics

<<< Back

Buckle up Security Belt When Enjoying Ride on Internet of Things ------ extended anti-malware infrastructure for RFID malware

* Peter Wei
Senior Software Architect, Trend Micro
* Liang-Seng Koh
Trend Micro Inc

Internet of Things enables system designers to connect their RFID products to Internet. RFID applications, such as Smart Building and Supply Chain Management, are widely adopted worldwide, especially in China in 2009 and 2010. However, due to the limitations of computation capabilities and power supplies of RFID sensors, the cyber criminals can easily exploit invariabilities in Internet of Things systems. Attack types against RFID systems are tag data manipulations attempting to perform an attack against backend databases or applications. Therefore, the security industry has to respond with new security technologies to combat new threats coming from this new area, and deliver robust and accurate reactive security functions to customers.

Limited computational capacity, poor resources and inefficient data management prevent RFID systems from gaining suitable protections by deploying anti-malware functionality on low-end RFID devices. Existing traditional security products, such as AV scanner and Intrusion Detection Systems cannot defend against RFID malware. On the other hand, more and more providers, e.g. Unisys, will plan on delivering RFID in the cloud for retailers. It is a challenge to take advantage of current AV infrastructure to secure RFID cloud-based systems. Hence, there is a demanding urge for AV companies to provide anti-malware solutions for RFID systems in the context of extend anti-malware product coverage.

Very less work has been done on defending against RFID malware in a systematic manner. In particular, almost no work has investigated on how to extend the latest cloud-based reputation security products into Internet of Things. The reality is that most RFID systems cannot safeguard their own RFID communication channels between RFID tag data and backend databases. The ideal solution should be embeded seamlessly into a given RFID application so that it can inspect RFID data before they reach the backend.

This talk will discuss the security and privacy in the Internet of Things (RFID). Starting with the definition of "Internet of Things". The author will explain why we need to protect RFID systems followed by the survey the state of the art in research on RFID and mobile malwares. He will also scenario where and how RFID protection can be enabled in Internet of Things. After this motivation for security mechanisms, the author propose an extended anti-malware model based on current security in-the-cloud framework. He will aslo deduce the requirements for protection concepts in the Internet of Things. In the final part of the talk he will discuss recent attacks and the lessons we should learn about it. A short outlook into the future developments will conclude the talk.

Keywords:Internet of Things, cloud, security, malware