The now, no longer ‘new’, world of Internet of Things (IoT) creates incredible value to the world, because now inanimate objects can talk to the world around them – thus making it possible for us to interact with them.
This will simplify things which have traditionally been very complex, or impossible, to handle. Now our appliances, cars, machines and more can be operated, handled, used and maintained in real time. Their utility has grown exponentially and their cost of maintenance can come down, again exponentially.
Cyber Security Challenges
But this convenience comes at a cost – threats posed by (and to) a super connected world where billions of devices will be generating data, interacting with the Internet and humans in real time on a 24×7 basis.
And many of these challenges are going to be faced by the computing industry for the first time. Primarily these security challenges are due to:
- Scale of data, notably data in transition
- Scale of distributed computing infrastructure
- Pervasiveness of devices
Many of our existing technologies and services offered by security vendors will just not make the grade.
Why are these challenges, as we can now handle big data?
These factors make IoT driven world a lot more challenging to secure:
- Large distributed device sprawl
- Very large attack surface area
- Variety of data in transition
- Physical accessibility of connected devices
- Number of vendors for devices
- Nature of devices (making it easy to simulate/fake them)
All these make it very complicated to secure IoT infrastructure. For example, the large surface area exposes an IoT world to more exploits and threats. Device distribution makes it difficult to keep a physical security process in place. Nature and scale of data in transition and its variety makes it complicated to encrypt it and keep it secure during transition. Simple nature of these devices and basic identification makes it possible for hackers and intruders to fake a device identity and get connected to the network.
What then are the key Security aspects for IoT?
Key points are:
- Devices need to have a robust authentication mechanism to eliminate the possibility of rogue devices being connected to network
- Devices need to have physical protection, so that a stolen device cannot be compromised and reused as a rogue one
- Device data storage needs to be designed for protection
- Device and user identities should have a robust and functional inter-working design to ensure that none of these identities are not compromised
- A security zoning framework and architecture needs to be developed and used to make it easy for organizations to manage and implement security policies
- Since a large and continuous (often unpredictable) data transfer takes place in an IoT world, network security is of utmost significance
- Such a large sprawl of device warrants an ability to monitor security using data and state collection from the device
Device Authentication Framework for IoT World
Authentication of IoT devices will contain two initiating points for the device to be registered and authenticated before it can be used by an application or allowed to communicate with the network.
- Device knocking the door
- Network or application initiating the discovery
In both of the cases, a mechanism for the device to establish that it’s a genuine element and is allowed to be discovered and included in the network is needed.
The device needs to publish its ID and its willingness to be discovered by nodes and applications of a specific network. IoT device can also make an explicit request to a network for registration.
A network and its applications need to be able to discover the IoT devices, which can be registered and then used within the eco system.
For this bi-directional recognition and registration of an IoT device and to stay secure the following are critical:
- Secure device database
- Secure handshake between network/application and device
- An authentication protocol, which is light and still secure
- Token system which is not subjected to repeated validations and verifications
Physical Device Protection
IoT devices and their sprawl, combined with their need to be installed out in the open, pose a unique challenge for security. The challenge is to protect the device (remember it can be a small sensor that can be pocketed without notice) from being stolen and then subsequently being used by a hacker.
However here are measures which can be taken to ensure that if the device is stolen, it does not give hackers a way to compromise the network and its applications.
1. Tamper Proofing
A device can be made tamper proof in such a way that if a hacker is physically accessing the device, all the communication and all data (if any) on device is automatically deleted. Device can also send a distress signal to network and application, and, network should have the provision of blacklisting that device, so no further communication from the device is entertained.
Frequent self-checks and similar mechanisms can be employed within the device to detect if a tampering effort has taken place and initiate the sequence of protecting itself.
2. Data Destruction
A device should be capable of destroying its own data when it detects that it has (or may have) been compromised. As a precautionary measure no or very limited data should reside on the device, and whatever data is in transit or collection phase, should be destroyed as soon as device detects that it has been compromised
3. Tamper Aware Network and Application
In case of a tampered device, network and application will need to take a series of measures to ensure that no part of network and no application is communicating or exchanging information with that device. These steps are categorized as below.
- Device blacklisting & update of the device database
- Communication to the network and applications about the compromised device
- Clearing tokens and sessions related to the compromised device across network
Device Data Storage
IoT devices collect and transmit a lot of data, even fetching data from the network. These are classified as:
- Configuration data
- Collected data
- Token and token related data
- Device identification and related data
We need to ensure that none of this information is compromised. How?
1. Keep persisted data limited
The best protection is not to persist any data. Even if there is data which needs to be stored (and there probably will be some), it is good to send that data to the network and have it get persisted there.
2. Encrypt what you need to persist
If you need to store data on the IoT device ensure the right level of encryption – though employing an encryption solution at endpoint is difficult, given the common lack of storage and bandwidth.
3. Config controls from remote server
All IoT devices need some configurational data to define the scope of their working and to control their function. It is a better practice to keep this config data remotely on the network, and fetch it or even better consult it, when the device needs to use it.
4. Device identification data
It is a very poor security practice to embed the device identification into IoT devices. A composite identification scheme should be followed in to identify devices properly.
Device and User Identities for Security and Authentication
Some of the key considerations to ensure authentication of devices and users stays secure:
- Multi factor authentication for user
- Secure relationship between user identity and device identity (if any)
Security Zoning in IoT
Because of sprawl and variety of IoT devices in a typical infrastructure, it is a good practice to create zones for devices and define a policy framework with the help of zones. Thousands and millions of devices will be more manageable from a security standpoint if a zoning paradigm is developed.
Some of the ways, this zoning concept can be effective are:
1. Zones for physical location
Devices which are installed within a secure perimeter can be grouped together in one zone and security processes and policies for those devices can be applied based on consideration that they are within that secure perimeter.
2. Device Data Criticality
Another way to create a zone is to group those devices together which carry sensitive data. Data can be categorized based on its sensitivity and multiple sub zones can be created to manage the policy and configuration for those devices.
3. In-Built Security Features
Another way to group the devices is to identify the embedded security features (or sometime vulnerabilities) and create a zone for them.
IoT Device Monitoring
A single device, on average, transmits a small amount of data per unit of time, but over a long period can send a large quantity of data. A large number of devices can collectively send very large amounts of data.
At the same time:
- IoT devices’ local capacity for processing and communication is very limited.
- The number of IoT points even in mid-sized enterprise infrastructure can be very large, and are often geographically dispersed.
Following are some key challenges when it comes to monitoring security in real time, due to the above realities:
- What to collect for monitoring
- Capability of an IoT device generating security specific data
- Sustainability of collected security data from IoT devices, (from network bandwidth)
- Alerting framework for security incidents
A completely different approach to events formation and usage is needed in the world of IoT to make real-time monitoring possible and viable. Events need to be trapped from the communication which takes place between IoT devices and network or cloud, and, they need to be stored for aggregation and correlation. Due to the non-real-time nature of communications from many IoT devices (to conserve power and bandwidth) one can at best expect near-real-time monitoring and alerting with an IoT infrastructure and this must be accounted for when designing the overall security system.