April 26, 2017

IoT Security is too critical to be an optional extra – Security by design, from the beginning

$6 trillion will be invested in the Internet of Things (IoT) between 2015 and 2020, which will yield $12.6 trillion ROI over the next decade.

Until now, security has been treated as an afterthought; by adding layers of security after devices are delivered, and infrastructure and applications are already in place. Security for the IoT is too important to be treated an afterthought. To realize the full potential, the IoT ecosystem is forcing security from the beginning, built as part of the device and infrastructure.

In this series of blogs, we will look at the key security issues and how to address them.

The Ghost of IoT is yet to come – Traditional IT security approaches are not sufficient for IoT

The IoT is a new interconnection of technology heralded as the next industrial revolution – implying radical change, disruption, and an entirely new paradigm for the planet. Specifically, the IoT is an extension of the existing connections between people and computers to include digitally-connected “things.”

One of the things that makes the IoT so disruptive is that its impact isn’t restricted to a single sector or function. From consumer devices to jet engines, logistics to product development, healthcare to municipal planning, enterprise IoT is having a huge impact. It’s helping farmers tackle climate change issues and dramatically increase yields. It’s helping cities meet the challenges of rapid urbanization and making life better for citizens in the process. And it’s enabling utilities companies to modernize ageing infrastructure while increasing efficiency and monitoring costs.

The compelling economic and social benefits envisioned with this disruptive IoT ecosystem (Digital and Physical) is at risk as we do not have a way to manage the scale and complexity of the device centric relationships and data.

IoT brings new security challenges introduced by the scale and pace of adoption, as well as the physical consequences of compromised security. We have already read stories about companies being hacked, identities stolen, and even app-connected cars being hijacked. Often, default device settings equate to “wide open” and even when access controls are present, many organizations do not have strong security protocols in place. This is the IoT equivalent of having a username/password combo of “admin” and “password”, which was the case in the last major attack.

Existing security solutions evolved as an afterthought for the changing digital world. We now have an opportunity to include security in the design stage, in the new IoT world.

An IoT security breach goes beyond simple data loss, it’s also a safety issue, with potentially disastrous impact. We need to ensure IoT security is built in from the start to realize its full potential.  The IoT has many economic impacts and value creation capabilities across many industries and for the consumer. Everyone, including Governments, regulatory bodies and standards groups are being forced to rethink this issue.

IoT security will be complicated by the fact that many ‘things’ use simple processors and operating systems that may not support sophisticated security approaches.

What is the big change in IoT?

Disruptive Change – Identity:

Security by design

The key theme of this blog is “Trust the Device, Trust the data” as the IoT device is the weakest link in the chain.

Securing the perimeter with IoT begins and ends with the device.

How do we secure from the beginning?

Before we go into the details on implementation approaches, let’s look at the key areas that require immediate attention:

Register/Enroll the devices into IoT IAM platform and Applications

  • Many approaches are being proposed to onboard devices to IoT platforms and applications. Unlike user onboarding, enrolling or registering headless devices involve API driven automated steps without human intervention. Typically, a trust anchor is required at the device, either provisioned by the manufacturer or added as an agent by distributors, solution providers or customers. The trust anchor based agent allows secure registration, provisioning and updating of devices through active, policy-based security controls which are designed to protect IoT applications and services. The IoT platforms must support suitable whitelisting and policy capabilities to automate this without human intervention.

Provision owner controlled security

  • Owner-controlled security posture is very important for IoT. Manufacturers are promoting certain trust anchors; certificates provisioned in the devices during the manufacturing itself for strong security from the beginning. These could work well in closed platforms and applications but the open platforms need owner controlled and application specific security. Also, the compliance and regulations demand the changing of manufacturer security model to owner controlled security.

IoT Authentication

  • In the user identity world, we have been applying the strong authentication models based on multi-factor and out of the band approaches. These models are simply not suitable for IoT devices.
  • IoT calls for devices to authenticate themselves to other devices and to the IoT security management plane as per the application requirements. The methods might use a combination of:
    • Application specific credentials
    • Trust anchor (hardware or software) based, API driven
    • PKI certificate
  • Another big problem is making sure the credentials or certificates in the devices are not tampered or copied to another device. This requires secure storage at the device and strong binding of credentials with the device as part of authentication process.

“Things” (Device) Integrity

  • In the user world, a device is used as a pass through and the trust is established through multi-factor authentication. The trusted computing group has been promoting the attestation models for device integrity. These models have failed to achieve their goals as they remained as technologies, difficult to implement, and not suitable for IoT scale.

Data Privacy, Integrity

  • The IoT is not just about “things”, it’s also about data. Securing the sheer number of devices is a daunting task but the ever-increasing volume of data driven by IoT introduces an entirely new challenge. To secure the sensitive information from devices, the data needs to be encrypted as close to where it’s generated as possible. Typical transport level security models do not provide end-to-end security and privacy of the data. Another big dimension to consider is to protect the sensitive data at field level as the new protocols like MQTT delivers the content to multiple subscribers.

Secure Upgrades

  • Another key IoT security strategy should include software and firmware upgrades to remote devices while ensuring only trusted software is installed. The secure device authentication, data privacy and integrity at the device mentioned above form a pre-requisite for this to be successful. The security management plane must be able to control access to devices for updates, verify the source of updates, and validate the integrity of the updates themselves.

Please stay tuned for the next blog in this series, including detailed design recommendations for many of the problems/challenges listed above, and more. 

If you want to hear more, please register for our next webinar with MultiTech and NextGenID; “IoT IAM – What’s it all about?”

Register Now

Rao Cherukuri