1402  Visual Reference Gallery: IoT Security

1402.2 Source Figures

IoT attack scenario diagram showing device-level compromise through physical access, firmware extraction, and credential theft leading to network infiltration and lateral movement to other devices

IoT attack scenario - Device compromise

Source: CP IoT System Design Guide, Chapter 6 - Security & Privacy

IoT attack scenario showing network-level attack with man-in-the-middle interception, traffic analysis, and command injection between IoT device and gateway

IoT attack scenario - Network interception

Source: CP IoT System Design Guide, Chapter 6 - Security & Privacy

Botnet architecture diagram showing command and control server directing thousands of compromised IoT devices (cameras, routers, DVRs) to launch coordinated DDoS attacks against target infrastructure

IoT botnet attack architecture

Source: CP IoT System Design Guide, Chapter 6 - Security & Privacy

Distributed Denial of Service attack flow showing attacker commanding botnet of compromised IoT devices to flood target server with overwhelming traffic, causing service unavailability

DDoS attack flow diagram

Source: CP IoT System Design Guide, Chapter 6 - Security & Privacy

Man-in-the-Middle attack diagram showing attacker positioned between IoT device and server, intercepting and potentially modifying communications in both directions while appearing transparent to legitimate endpoints

Man-in-the-Middle attack diagram

Source: CP IoT System Design Guide, Chapter 6 - Security & Privacy

IP protocol vulnerability diagram showing common network-layer attacks including IP spoofing, fragmentation attacks, and routing manipulation that affect IoT device communications

IP protocol vulnerabilities

Source: CP IoT System Design Guide, Chapter 6 - Security & Privacy

TCP SYN Flood attack diagram showing attacker sending massive volume of SYN packets with spoofed source addresses, exhausting server resources waiting for ACK responses that never arrive

TCP SYN Flood attack mechanism

Source: CP IoT System Design Guide, Chapter 6 - Security & Privacy

Hardware Trojan classification diagram showing different types of hardware-level attacks including combinational triggers, sequential triggers, and their activation mechanisms in IoT device chipsets

Hardware Trojan attack types

Source: CP IoT System Design Guide, Chapter 6 - Security & Privacy

TCP connection termination diagram showing the four-way FIN-ACK handshake between hosts A and B, critical for detecting TCP reset injection attacks

TCP connection termination sequence

Source: CP IoT System Design Guide, Chapter 6 - Security & Privacy

Security Context: TCP Reset (RST) injection attacks exploit knowledge of this termination sequence by forging RST packets with valid sequence numbers to forcibly disconnect legitimate IoT device sessions.

1402.3 AI-Generated Visualizations

Artistic visualization of SQL injection attack showing how malicious SQL code is inserted into web form input fields and processed by the database
Figure 1402.1: SQL Injection Attack - Artistic visualization of input manipulation to database exploitation

SQL injection remains one of the most dangerous web vulnerabilities, allowing attackers to read, modify, or delete database contents.

Geometric diagram showing TCP SYN flood denial of service attack and resource exhaustion through half-open connections
Figure 1402.2: TCP SYN Flood Attack - Resource exhaustion through half-open connections
Artistic visualization of side-channel power analysis attack on IoT device cryptographic operations, showing power consumption pattern analysis for key extraction
Figure 1402.3: Side-Channel Power Analysis - Key extraction through power consumption patterns

Side-channel attacks exploit physical characteristics like power consumption, electromagnetic emissions, or timing to extract secrets from otherwise secure cryptographic implementations.

Artistic diagram showing the vulnerability lifecycle from discovery through disclosure to patching
Figure 1402.4: Vulnerability Lifecycle - Discovery, disclosure, and remediation process
Geometric framework for vulnerability management in IoT environments showing continuous security improvement cycle
Figure 1402.5: Vulnerability Management Framework - Continuous security improvement cycle
Geometric comparison of hardware Trojan detection approaches including visual inspection, power analysis, delay testing, logic testing, and machine learning methods
Figure 1402.6: Hardware Trojan Detection Approaches - Comparison of detection methodologies
Artistic visualization of hardware Trojan attack types showing combinational Trojans, sequential Trojans, and analog Trojans
Figure 1402.7: Hardware Trojan Attack Types - Artistic representation of hardware-level threats
Geometric schematic of a sequential hardware Trojan circuit showing trigger mechanism with counter or state machine
Figure 1402.8: Sequential Hardware Trojan Circuit - State-based trigger mechanism
Artistic visualization of man-in-the-middle attack on fitness tracker intercepting BLE communication between fitness band and smartphone app
Figure 1402.9: MITM Attack on Fitness Tracker - Interception of health data

1402.4 Side-Channel Attack Analysis for IoT

Side-channel attacks bypass cryptographic security by observing physical phenomena during computation. For IoT devices deployed in physically accessible locations, these attacks represent a critical threat.

1402.4.1 Power Analysis Attacks

Simple Power Analysis (SPA): Directly observes power consumption during cryptographic operations. Different instructions consume different power levels, revealing secret key bits.

Differential Power Analysis (DPA): Statistical attack requiring thousands of traces but works even with noisy measurements. With 1,000-10,000 traces, DPA recovers AES keys from unprotected implementations.

1402.4.2 Electromagnetic Analysis (EMA)

EM emissions reveal more localized information than power analysis:

  • Can target specific chip areas (isolate crypto unit)
  • Works through device enclosures
  • Higher signal-to-noise for targeted captures

1402.4.3 Timing Attacks

Execution time variations leak secret-dependent information. Vulnerable implementations include early-exit password comparisons where timing differences reveal correct characters.

1402.4.4 Defense Strategies

Attack Type Hardware Defense Software Defense
SPA Shielding, dummy ops Balanced algorithms
DPA Masking, secure MCU Higher-order masking
EMA Faraday cage, noise injection Same as DPA
Timing Constant-time hardware Constant-time code
Cache Cache partitioning Flush cache before crypto

Key Takeaways:

  1. Assume physical access: Field-deployed devices cannot rely on physical security
  2. Use certified hardware: FIPS 140-3 Level 3+ includes side-channel resistance
  3. Limit crypto operations: Rate-limit authentication attempts
  4. Defense in depth: Combine hardware countermeasures with intrusion detection

1402.5 Summary

IoT threats come from diverse actors using various attack vectors. Key visual concepts:

  • STRIDE Model: Spoofing, Tampering, Repudiation, Information Disclosure, DoS, Elevation of Privilege
  • Attack Vectors: Physical, network, web/API, firmware, side-channel
  • Botnet Architecture: C2 servers directing compromised device networks
  • DDoS Patterns: Volumetric, protocol, and application-layer attacks
  • Side-Channel: Power, EM, and timing attacks on cryptographic operations

1402.6 What’s Next

Continue exploring IoT security topics: