It is called the Internet of Everything – the burgeoning phenomenon of day-to-day consumer products and services that connect to the Internet. The IoE/IoT acronym could range from simple concepts like a home automation system that turns your lights on and off remotely to the innovations that could potentially be used to save lives – for example, a connected car that contacts first responders instantly in case of an accident or a mobile app that allows a patient to share vital signs with a doctor.
What distinguishes the Internet of Things is the product’s ability to use the Internet to communicate with us, with others, or with other devices. The Internet of Things has the potential to offer enormous benefits to consumers.
As with any online activity, it’s important to protect consumers’ sensitive data from fraudsters. IoT however, adds new security dimensions to consider. For example, an insecure connection could give a hacker access not just to the confidential information transmitted by the device, but to everything else on a user’s network. And in IoT, the risk isn’t just to data. If that home automation system isn’t secure, a criminal could override the settings to unlock the doors. And just think of the consequences if a hacker were able to remotely recalibrate a medical device – say, an insulin pump or a heart monitor.
The transition from closed networks to enterprise IT networks to the public Internet is accelerating at an alarming pace—and justly raising alarms about security. As we become increasingly reliant on intelligent, interconnected devices in every aspect of our lives, how do we protect potentially billions of them from intrusions and interference that could compromise personal privacy or threaten public safety?
IoT Security Concerns
Even before we jump into solutions, we should look into some of the potential concerns associated with IoT security:
- The attack surface has increased: Extensive leverage of open networks like public clouds, sensors hubs, web applications, wifi, and bluetooth
- Unidentified, unauthorized and invalidated devices: Identification, authentication and access control of devices which may not have an OEM supplied unique ID could lead to identity spoofing, phishing, rogue devices and impersonation among others
- Unauthorized remote access: Remote monitoring and maintenance of devices carries the risk of interception and tampering. Failure to use end-to-end secure communications and pinning could lead to MITM (man-in-the-middle) and other attacks
- Sensitive data exposure: Exposure of sensitive or personal information such as patient data on electronic health records when connected to ECGs and ventilators could be problematic
Some Thoughts on IoT security
Unfortunately, there is no “silver bullet” that can effectively mitigate every possible cyberthreat. The good news, though, is the IT security controls that have evolved over the past 25 years can be just as effective for IoT—provided we can adapt them to the unique constraints of the embedded devices that will increasingly comprise networks of the future as well sophisticated behavioral solutions based on artificial intelligence. Security must be addressed throughout the device lifecycle, from the initial design to the operational environment:
- Secure booting: When power is first introduced to the device, the authenticity and integrity of the software on the device is verified using cryptographically generated digital signatures. In much the same way that a person signs a check or a legal document, a digital signature attached to the software image and verified by the device ensures that only the software that has been authorized to run on that device, and signed by the entity that authorized it, will be loaded.
- Access control: Different forms of resource and access control should be applied.Mandatory or role-based access controls built-in limit the privileges of device components and applications so they access only the resources they need to do their jobs. If any component is compromised, access control ensures that the intruder has as minimal access to other parts of the system as possible
- Device authentication: When the device is plugged into the network, it should authenticate itself prior to receiving or transmitting data. Deeply embedded devices often do not have users sitting behind keyboards to input the credentials to access the network. Just as user authentication allows a user to access a corporate network based on their unique identification, machine authentication allows a device to access a network based on a similar set of unique identifier stored in a secure storage area
- Fire walling and IPS: The device also needs a firewall or deep packet inspection capability to control traffic that is destined to terminate at the device. Why is a host-based firewall or IPS required if network-based appliances are in place? Deeply embedded devices have unique protocols, distinct from enterprise IT protocols. For instance, the smart energy grid has its own set of protocols governing how devices talk to each other. That is why industry-specific protocol filtering and deep packet inspection capabilities are needed to identify malicious payloads hidden in non-IT protocols. The device needn’t concern itself with filtering higher-level, common Internet traffic—the network appliances should take care of that—but it does need to filter the specific data destined to terminate on that device in a way that makes optimal use of the limited computational resources available
- Updates and patches: Once the device is in operation, it will start receiving hot patches and software updates. Operators need to roll out patches, and devices need to authenticate them, in a way that does not consume bandwidth or impair the functional safety of the device Software updates and security patches must be delivered in a way that conserves the limited bandwidth and intermittent connectivity of an embedded device and absolutely eliminates the possibility of compromising functional safety