R I S C ‘ 1 7 S E S S I O N S
Take a look at the conferences we have planned for you.
IOT Security: Preventing a Global Disaster(Download PPT)
By Faud Khan, Chief Security Analyst, TwelveDot, Canada (view full speaker profile)
Key takeaways from session for delegates:
- What’s the anatomy of an attack on IOT?
- How can you learn all the possible ways to attack and understand it’s counter-measures?
- What kind of attacks has the world seen so far? Why should we as producers worry about it?
- How can we address these issues – what do we need to learn about best practices and policies around security and privacy?
- How does Privacy, Security and Policy + Standards work?
- A very high level introduction to the topic with an example where we take one product and show how it would have to be tweaked to work in US vs Canada vs Europe vs Other nations.
- How to think about security and privacy for your project?
- Wrapping up with a case study, that the speaker believes could have been avoided, and how it could have been avoided.
IoT in Healthcare and its Security (Download PPT)
By Minatee Mishra, Lead Engineer at Security Center of Excellence (ScoE), Philips HealthTech (view full speaker profile)
IoT is set to revolutionize the healthcare delivery. The adoption of IoT in healthcare has been fast and with visible positive outcomes. However, the security issues in IoT still lingers. With examples, we would look at security issues of these devices and mitigation of the same. We would also touch upon the software development best practices and regulators view of these healthcare threats.
- IoT in Healthcare, the increasing trend.
- Common flaws and best practices in securing the devices.
- Regulations around security on Healthcare devices.
How to Protect Your Device from Hardware Trojans? (Download PPT)
By Sudeendra Kumar K, National Institute of Technology Rourkela. (view full speaker profile)
Globalized semiconductor design and manufacturing process has led to several security issues like Counterfeiting, IP violations, Hardware Trojans (HT), etc. Original Design Manufacturers (ODM) integrates IP cores from 3 rd party vendors into system on chip (SoC) devices. Different service providers and consultants will take part in SoC design process. An adversary from an in-house design team or consultant may insert hardware Trojans into design with malicious intentions. 3 rd party IP (3PIP) core sourced from an untrusted company may have hardware Trojans. Hardware Trojans are defined as malicious modification of a design which leads to unexpected behavior. Intentions of an adversary who perform malicious modifications can be leaking sensitive information, denial of service and degradation of performance. So every chip maker should address the problem of HT to ensure there is no malicious designs in their products. There is a need to develop HT detection techniques to ensure chips are free from malicious inclusions.
- Survey on HT detection schemes,
- HT defense mechanisms and a new HT benchmarks design.
- Taxonomy of Hardware Trojans and ways to protect your device aginst HTs
How to Legally Deal with a Security Breach at Work (Download PPT)
By Biju K Nair, Advocate & Executive Director, SFLC.in
- Legal framework in India around security breaches
- Protected systems and what is “Critical Information Infrastructure”
- Incident response – national agency
- Cyber security incident and breach
- Mandatory reporting of cyber security incidents
- Order of priority for providing support – CERT-In
- Disclosure of information by CERT
- Compensation for failure to protect data [S. 43A – IT Act]
- Banking, Insurance and Case studies
- How to produce electronic evidence in Court
How NOT to Implement Cybersecurity in Industrial IoT
By Rohan Vibhandik, Scientist – Cyber Intelligence, ABB corporate research center (view full speaker profile)
The talk will have a quick overview of the recent and past attacks in the world of automation and power industry. It will showcase what could have been done to avoid such attacks, i.e. Do’s and Don’ts of security enforcements. How to gear up for cyber war by knowing hacking trends and hackers’ mindset in the new cyberwar strategies. It will provide a guideline on incorrect or illegal techniques of providing end-to-end security for industrial systems. The session will conclude on benefits of adhering to standards in products and how to effectively implement (Do’s) certain countermeasures for vulnerabilities in legacy devices or systems.
- The Dos and Don’ts points out the actions user must take to remain vigilant.
- Do’s and Don’ts for the legacy or age-old IoT devices while connecting to cyber world
- Do’s and Don’ts of implementing cyber security techniques, policies and compliances
- Do’s and Don’ts for protecting privacy; safeguarding the organization’s information assets and infrastructure
- Do’s and Don’ts to securely design, architect, develop and release the product – i.e. Secure Development Lifecycle
- Do’s and Don’ts for incidence response teams
Pentesting and Attacking Industrial Control Systems
By Aditya Gupta, Founder and & Principal Consultant, Attify (view full speaker profile)
How to Implement Secure Coding for IoT Devices
By Deepu Chandran, Sr. Technical Consultant, LDRA Technology Pvt. Ltd (view full speaker profile) and Priyasloka Arya, Senior Technical Manager, LDRA Certification Services (view full speaker profile)
Due to increase in connectivity and complexity of devices in modern world, end users need assurance that their devices are safe and secure. This session covers the transition from traditional reactive to proactive testing for IoT devices and the role of Secure coding guidelines in achieving an early stage detection of vulnerabilities.
Key takeaways :
- Understanding the importance of coding standards (CERT C) for Secure coding.
- Understanding the latest trends in safe and secure code testing.
- Discussion on IoT Standardization and Implementation Challenges, needfor standard model.
P A N E L D I S C U S S I O N S
We have two very high quality panel discussions scheduled at RISC. Details will be made available soon.
1. Panel Discussion on “Security Threats in IoT paradigm – A Hype? or a Scary Reality?” (Download PPT)- Moderated by Narang N Kishor, Founder, Narnix Technolabs
The Panel Discussion shall provide a comprehensive 360-degree view of security implications in various aspects of the IoT paradigm… Attend, interact with heterogeneous mix of design & security experts and go back with actionable insights within your own area of interest within the heterogeneous IoT Ecosystem. (read more)
2. Panel Discussion on “What are the Biggest IoT Security Threats, and How do we Tackle Them?”(Download PPT) – Moderated by Kaustubha Parkhi, Principal Analyst – Insight Research
The panel shall discuss the security vulnerabilities at various stages in IoT setups and technology and business challenges faced in addressing these vulnerabilities. It would focus on the specific learnings from the industrial user, freight management and developer and implementer perspective. The panel will discuss various suggested approaches in increasing security. (read more)
W O R K S H O P S A T R I S C
We have two very high quality workshops scheduled at RISC. These are limited-seating events, and therefore you need to separately register for these events.
2. Early Detection of Security Vulnerability in IOT Devices (Rs. 2999): The workshop for pros who want to be upgrade their expertise in early detection of vulnerabilities in IOT security (read more)
S P E A K E R S AT R I S C
Designation: Chief Security Analyst
Company: TwelveDot, Canada
Faud Khan is an industry veteran with more than 20 years of IT security experience with network equipment manufacturers, managed security services provider, financial services, and government agencies. As the CSA for TwelveDot and TwelveDot Labs, Faud is responsible for product strategy, architecture, deployment, and service delivery. Faud is the current Canadian Chair for ISO/IEC SC27; the ISO standards group that develops cyber security standards. He has worked with this group for over 15 years and 8 years as the Chair, which includes being the co-chair of the WG10 committee that is focused on IoT standardization. He is working on the development of standards related to cloud computing, vulnerability disclosure, smart grid and IoT. His expertise and personable approach are fundamental to providing secure, cutting edge solutions for his clients.
Narang N Kishor
Company: Narnix Technolabs
Kishor is a Technology Consultant, Mentor & Design Architect with Organizations of National & International repute in the fields of Electrical, Electronics & ICT. He has over 39 years of professional experience in education, research, design and consulting. After a brief stint in Design, Industry & Academics, he started narnix in 1981 to act as the “Technology Interface” for the Industry, Business and Society. Narnix is one of the pioneer “Independent Design Houses” in India, engaged in design & technology consultancy, providing complete Design & Development Support to Electronic Products & Systems Manufacturing, as well as Solution Deploying Organizations. He has over 200 research & design mentees in the STI (Science Technology & Innovation) and ESDM (Electronics System Design & Manufacturing) Ecosystems. His current focus is to develop Framework, Architecture & Standards for end-to-end unified & secure ICT Infrastructure for Smart Cities.
Biju K Nair
Designation: Licensing Lead (India)
Company: Open Invention Network
Biju.K.Nair, is a litigator having worked in various jurisdictions across India.He is the Executive Director @ SFLC.in His areas of practice extend from Corporate and Commercial Law, Competition Law.. He worked with Luthra & Luthra Law Offices and Amarchand Mangaldas in New Delhi. Biju.K.Nair earned his Law Degree(B.A LLB) from Army Institute of Law in 2004.
He is a member of Bar Council of Delhi, licensed to appear before the Supreme Court of India, all the State High Courts in India.
Designation: Lead Engineer
Company: Security Center of Excellence at Philips
Minatee leads the Security Center of Excellence (ScoE) in Philips HealthTech and has been instrumental in setting up the SCoE within Philips. The SCoE , which is a central organization which is responsible for doing cutting edge work in the field of security testing, doing secure code analysis , finding the vulnerable components within the software and more. Minatee has been in the field of software for 18 years right from designing and architecting systems to securing in systems, She is a Masters from IIT Kharagpur. She holds CISSP, GCIH, CEH certifications.
Dr. Harish Pant
Designation: Managing Director
Company: Hampson Industries
Dr. Harish Pant, is the Managing Director of Hampson Industries Pvt.Ltd, Bangalore. He is a Fellow of Institution of Engineers and Member IET, SAE, Aeronautical Society of India, Vice chairman of IIIE-BC, IEI AA and Corporate Member of various Institutions and trade bodies and associations. In addition to his responsibilities at Hampson Industries, he is a Mentor, Sustainability Evangelist, Poet, Author, Blogger, Columnist, Key Note Speaker, Block-chain, Crypto Currency and Fin-tech enthusiast. He has developed Global Vision and Sustainability Model and further carrying out research on Three Currencies Model for Social, Environmental and Economic impacts. He has 32 years of global experience in Aerospace, Automotive and Steel sector. He has been awarded with Outstanding Corporate Award by MTC Global, IMMAI Operational Excellence Award, Mother Teresa Excellence Award and Award for Industrial Development.
Designation: Scientist – Cyber Intelligence
Company: ABB corporate research center
Rohan Vibhandik received his MS in Computer Science (Security) from California, USA. He was awarded with the National Scholarship by Directorate of Technical Education, Pune University. He has pursued Cyber Security certifications like CEH, CHFI, ECSA, LPT as well as ITIL, Business Modelling. He has published several research papers at IEEE & SVG Conferences and recently published Journal paper at IEEE Granular Computing Conference.Before joining ABB, he was working as a Lead Network Security Engineer at Cisco Systems. Earlier he has assisted Government of India authorities for cyber-crime investigations and computer forensics. He has worked with San Jose Research Foundation, CA, USA & Stanford University, CA, USA where he was actively involved in research & development for e-Commerce Platform Security. His interests include Industrial IoT security, OWASP web security and CMS web server security, policy & standardization.
Designation: CEO and Founder
Sachin Sinha is an alumni of IIT Kanpur and is currently the CEO and founder of IQLECT, a real-time big data analytics company. IQLECT’s platform allows security experts to detect threat, monitor devices and applications for security measures in real-time. Sachin is also the author & creator of BangDB, a NoSQL database designed for real-time analysis and monitoring. Prior to IQLECT Sachin was the CTO at Jabong.com, Co-founder and CTO at Limeroad.com, Engineering lead at Amazon & Microsoft. He has over 18 years of experience in software design, development, and project leadership in building high performance, scalable, distributed software products and platforms for cluster/distributed computing and database.His Goal is to develop critical software products to solve complex problems and leave lasting impressions on users and customers across the world. His Specialties are Idea generation, collaboration conceptualisation, Design and POCs, implementation and release, collaboration, project management
Designation: Principal Analyst
Company: Insight Research
Kaustubha has seventeen years of work experience in areas of pre-sales, product management, network operations, technology documentation and business development; apart from market research. Kaustubha holds a Bachelor of Engineering degree in Electronics and Telecommunications and a Master of Management Studies (equivalent of M.B.A.) degree in Systems. He is based in Bangalore. Kaustubha has worked on Compound Semiconductors, Digital Rights Management, Handset Input Interfaces, Hydraulics, Interconnects, Machine-to-Machine (M2M) Communications, Managed Services, Mashups, Medical Electronics Nanotechnology in Mobile Devices, Optical Fiber Technologies, OSS-BSS, Pneumatics, Printed Circuit Boards, Software Defined Radios, Solid State Devices, Semiconductor Packaging, Transparent Electronics and Unified Communications among other areas. He has authored close to thirty market research reports and worked on custom-consulting assignments. He specializes in covering new and emerging technologies in markets that are relatively information-opaque. He is presently working on SDN, NFV, 5G and BYOD apart from IoT.
Company: Preva Systems
Ramaraj is an entrepreneur, running his technology start-up in Internet of Things. Prior to founding Preva, he was with Sasken. At Sasken, he was initially heading a Customer account and moved on to play the roles of Global Delivery Head and eventually Senior Vice President and General Manager of Service Provider and ISV Business. Earlier, he co-founded Communication Technologies division of Mascon Global in Bangalore. At Mascon, he built a team of 400+ telecom engineers with clients such as Motorola and Alcatel Lucent. Prior to Mascon, he worked in Motorola for a decade mainly in India and Singapore, building their Wireless 3G platforms. He had won several awards in Motorola including “Engineering excellence” award for his work. As part of his long career, he has trained many professionals in technology as well as management. He holds an MS degree in Management of Technology from National University of Singapore. He is a mathematics Olympiad gold medalist as well. He has co-authored a book on Parallel Computing in 1992 and recently published a technical paper in IEEE in IoT.
Nagendra S Bykampadi
Nagendra is a member of the Bell Labs CTO Standardization team in Nokia with over 20 years of experience in the wireless industry. He is currently the 3GPP Security WG (SA3) standardization delegate for Nokia. The SA3 WG is responsible for specifying security and privacy architecture, protocols in 3GPP based networks including 4G and 5G. His areas of contribution include defining security specifications for C-IOT, BEST (Battery efficient security mechanism for constrained IOT devices), and various security areas in 5G including UE authentication and authorization, device authentication and remote credential provisioning for eUICC based IOT devices. He has previously worked on defining OpenID Connect and OAuth-based security specifications for IMS_WebRTC and Mission critical services including public safety. He is also the TSDSI prime for Nokia India, responsible for Nokia’s standardization activities in TDSDI. TSDSI is a regional partner of 3GPP and OneM2M and is responsible for defining standardized specifications for India-specific telecom requirements. He has a Master of Science (MS) in Computer Science from the University of Texas, Arlington, USA.
Designation: Founder & Principal Consultant
Aditya Gupta (@adi1391) is the founder and principal consultant of Attify , an IoT and Mobile security firm. He has done a lot of in-depth research on Mobile application security and IoT device Exploitation. He is also the author of the popular Android security book “Learning Pentesting for Android Devices”. He has also discovered serious web application security flaws in websites such as Google, Facebook, PayPal, Apple, Microsoft, Adobe, Skype, and many more. He has also published a research paper on ARM Exploitation titled “A Short Guide on ARM Exploitation.” In his previous roles, he has worked on security of mobile devices, apps, networks, developing automated internal tools to prevent fraud, finding and exploiting vulnerabilities and so on. He currently researches on Internet of Things and “smart” devices security research and identifying new vulnerabilities in the devices and standards. He is also a frequent speaker and trainer at numerous international security conferences including Black Hat, Syscan, OWASP AppSec, PhDays, Brucon, Toorcon, Clubhack etc, and also provides private training for organisations for developers and red teams all over the world.
Designation: Software Architect (SDN and Cloud Infrastructure)
Nishant is a Software Architect, Innovator and Inventor with 16+ years of experience working on Network Management Systems (NMS), Cloud and Virtualization, Software-Defined Network (SDN) and Internet of Things (IoT) technologies. Nishant has 2 patent granted and 5 patents filed/pending with US Patent Office in the areas of Network Management Systems, Cloud, Virtualization and SDN Technologies. He participates actively in User Experience (UX) and Wireframing related activities. He is an active member and contributor to numerous technical meetups. He is also a contributor to IEEE conferences and standards and is a member of subcommittees working on defining standards for IoT and Smart Cities. His areas of interest include Cloud and Virtualization, SDN, IoT, UX, User Interfaces, Network Security, Cryptography, System and OS Hardening, public speaking and latest tech and gadgets. Nishant has a Master of Science (MS) in Software Engineering degree from BITS, Pilani, along with many technical certifications.
Designation: Senior Information Security Professional
Mahesh is Senior Information Security Professional with over 20 years of versatile experience in Information Security Management, Governance, and Compliance. Have completed CISSP, CISA, CISM and currently pursuing PhD in Cloud Security from the University of Madras. Currently part of Corporate Security team of Tata Communications Limited having global responsibility for the role which I am into. Supporting Universities / Colleges in designing and delivering Cyber Security courses. Currently nominated as Co – Editor for re-development of ISO 27008 (Technical Guidelines for Auditors on Information Security).
Designation: Head of Emerging Technologies and Innovation
Chandrasekaran Vasudevan is currently heading Ericsson’s NFV, SDN,Cloud and IOT initiatives in India. He has more than 20 years of experience in the field of Telecom and software gained from his engagements with various Regional and Global Telecom operators such as SingTel, Telstra, Softbank, Bharti, Axiata and Maxis. He is a recognized expert in multiple areas such as Cloud, NFV, IoT, Service Delivery Architecture, Software Systems and Multimedia Technologies.
Chandra has been part of Ericsson Research and is a member of its global principal architect group. He has published in various European Telecom R&D program publications and IEEE GlobeCom. He has represented Ericsson as a technology expert in various industry events in India and abroad.
Chandra holds Masters degree in Communication and Network Systems Engineering from Nanyang Technological University , Singapore. He holds patents and fillings in the area of mobile network applications.
Designation: Director and Country Head
Company: The IET
Shekhar is the Director and Country Head of the Institution of Engineering and Technology India (IET). He joined IET India in October 2009. Shekhar Sanyal graduated from Delhi University in 1992 with a BA (Honours) in English Literature. He also holds an MBA from the Institute of Management Studies. He spent his early career with ABP limited as the Regional Sales Manager for Western India. He joined Tata Infomedia in 1994 where he was appointed as a Head of Sales (Directories) for Chennai. In 2004, he moved to Achieve Global India where he served as a Director for 4 years. Prior to joining IET, he worked with Nortel as a Sales Training Head for Asia Pacific region.
Designation: IoT Security Expert
Arun Magesh works as an IoT security expert with Attify and has worked on numerous smart devices pentest in the past couple of years.
He serves as a core committee member for several IoT local chapters and hackerspaces in India, where he also regularly delivers talks and hands-on workshops. He has 5+ years hands-on experience in both building and breaking IoT devices and has been previously awarded for India’s Top 25 under 25 technologist and Intel Software Innovator. He is also the lead content creator for Offensive IoT Exploitation and Practical SDR Exploitation for IoT device courses and has delivered training to numerous governmental and private organizations around the world.
Designation: Sr. Technical Consultant
Company: LDRA Technology Pvt. Ltd
DeepuChandran is a Sr. Technical Consultant with LDRA’s India office. Deepu specializes in the development, integration and certification of mission- and safety-critical systems in avionics, nuclear, industrial safety and security. With a solid background in development and testing tools, Deepu guides organizations for more than 10 years in selecting, integrating, and supporting their embedded systems from development through certification.His paper on “Building Secure Embedded software” is published in international journals and he is active in presenting papers on Verification and Validation of Secure and Safe Embedded Systems.
Designation: IoT Security Expert
Mounish is an IoT penetration tester and security researcher at Attify. During his work at Attify, he created and developed hardware devices such as Attify Badge and Damn Vulnerable IoT device. He has researched extensively on serial interfacing techniques, exploiting communication protocols such as Zigbee, Zwave and 6LoWPAN. In his previous roles, he was involved in developing embedded systems for automated water treatment plants and solar plant monitoring. He is an active speaker at local IoT chapters and Embedded device development meetups.
Designation: Senior Technical Manager
Company: LDRA Certification Services
Priyasloka Arya has 16 years of professional experience in Defence and Aerospace domains. He has served Honeywell and Defence Research Development Organization (DRDO) in various capacities as a leader and as well as an individual contributor. Arya is PMP, PRINCE2, ITIL, Six Sigma Black Belt, AS9100 (Internal Auditor), CPRE (IREB), ISTQB and ASEP (INCOSE) certified professional. Arya has worked as a certification specialist In Honeywell with delegation to approve airborne software (complying with DO-178B/C, DO-297, DO-330, DO-332) of various Communication, Navigation and Surveillance projects. Arya has worked in multiple system development projects complying with ARP-4754A as a candidate certification specialist.
Sudeendra Kumar K
Organisation: National Institute of Technology, Rourkela
Sudeendra Kumar K has a BE degree from VTU Karnataka, India and M.Tech from National Institute of Technology Rourkela, India, and is currently working towards the PhD degree in electronics engineering at National Institute of Technology Rourkela. He has many publications in premier conferences in the areas of hardware security and validation. He was a member of product engineering team at Qualcomm, Bangalore.