CBL - Campus del Baix Llobregat

Projecte llegit

Títol: Seguretat en dispositius IoT

Estudiants que han llegit aquest projecte:


Departament: ENTEL

Títol: Seguretat en dispositius IoT

Data inici oferta: 09-02-2023     Data finalització oferta: 09-10-2023

Estudis d'assignació del projecte:
Tipus: Individual
Lloc de realització: Fora UPC    
        Supervisor/a extern: Jordi Bertran Valls
        Titulació del Director/a: Enginyer Superior de Telecomunicacions
Paraules clau:
Dispositius IoT, Ciberseguretat, Marc de control, Avaluació de riscos
Descripció del contingut i pla d'activitats:
L'objectiu d'aquest TFG és realitzar un anàlisi de l'estat de l'art
en seguretat en dispositius IoT i proposar una arquitectura per
garantir securitzar un ecosistema IoT dins de l'àmbit bancari.
Overview (resum en anglès):

This project is based on the viable and secure integration of a set of IoT devices into the network of an insurance company. Being a double degree work in Telecommunication Systems Engineering and Telematics Engineering, it has been divided into two main parts:
The first part, which corresponds to the degree in Telecommunication Systems, aims to incorporate a set of IoT devices into the company's infrastructure. It has been chosen to implement devices with different characteristics, among which there are video surveillance cameras, a new locking system for lockers, screens to facilitate the reservation of meeting rooms. Taking advantage of the project, the aim is to replace traditional temperature and humidity sensors with ones with IoT capabilities.
To address this challenge, an analysis of the requirements of the devices to be incorporated, along with the characteristics of the company's infrastructure, is carried out. To assess the viability of the new links, a set of power estimation calculations is carried out.
The second part, which corresponds to the Telematics Engineering degree, focuses on the field of cyber security in the context of IoT devices. Based on the analysis of the entity's virtual infrastructure, the existing security risks are extracted. Throughout the practical part, the different risks are evaluated and classified, using the tool of a risk matrix and the methodology followed to design the control framework is shown, with the aim of mitigating the security risks detected at the start.
Among the main conclusions, it is extracted that this case cannot be extrapolated to other cases, since, as reflected throughout the work, the analysis of the initial scenario is key. In such a way that, the type of devices that you want to incorporate, the physical characteristics of the infrastructure or the resources of the entity, delimit the strategy to follow.
On the cybersecurity side, there are endless measures to mitigate the risks. But, keeping in mind that the company's resources are not infinite, a strategy has been drawn up to prioritize the risks presented, with the help of tools such as the risk matrix and the control framework.
Finally, there are common solutions that can be addressed by all entities, no matter how small, that make a significant contribution to following a robust and reliable security strategy.

© CBLTIC Campus del Baix Llobregat - UPC