The IoT vs Security

By 2020, more than 24 billion internet-connected devices will be installed globally — that’s more than 4 devices for every human on earth.

The Internet of Things first reached users on PCs. Then it migrated to smartphones, tablets, smartwatches, and TVs.

This growth surely brings several benefits, as it will change the way people fulfill everyday tasks and potentially change the world. Having a smart home is undoubtedly cool and will amaze your guests, but smart lighting can also reduce overall energy consumption and lower your electric bill.

New developments would allow connected cars to link up with smart city infrastructure to create an entirely different ecosystem for the driver, who is simply used to the traditional way of getting from Point A to Point B. And there are many other examples of positive changes IoT may bring to our lifes.
But with all of these benefits comes risk, as the increase in connected devices gives hackers and cyber criminals more entry points.

Late last year, a group of hackers took down a power grid in a region of western Ukraine to cause the first blackout from a cyber attack. And this is likely just the beginning, as these hackers are looking for more ways to strike critical infrastructure, such as power grids, hydroelectric dams, chemical plants, and more.

What is already being done to Secure The IoT?

The great thing about IoT security is that previously ignored, it has now become an issue of high concern, even at the federal government level. Several measures are already being taken to gap holes and prevent security breaches at the device level, and efforts are being led to tackle major disasters before they come to pass.

Now security firms and manufacturers are joining ranks to help secure the IoT world before it spins out of control. IT giant Microsoft has started taking measures and has promised to add BitLocker encryption and Secure Boot technology to the Windows 10 IoT, their operating system for IoT devices and platforms such as the Raspberry Pi.

BitLocker is an encryption technology that can code entire disk volumes, and it has been featured in Windows operating systems since the Vista edition. This can be crucial to secure on-device data. Secure Boot is a security standard developed by members of the PC industry to help make sure that your PC boots using only software that is trusted by the PC manufacturer. Its implementation can prevent device hijacking.

The IoT security issue has also given rise to new alliances. A conglomeration of leading tech firms, including Vodafone, founded the Internet of Things Security Foundation, a non-profit body that will be responsible for vetting Internet-connected devices for vulnerabilities and flaws and will offer security assistance to tech providers, system adopters and end users.

Other companies are working on setting up platforms that will enable large networks of IoT devices to identify and authenticate each other in order to provide higher security and prevent data breaches.

What should we know to protect ourselves and minimize risks of hacking attacks?

Security must be addressed throughout the device lifecycle, from the initial design to the operational environment:

1. Secure booting: When power is first introduced to the device, the authenticity and integrity of the software on the device is verified using cryptographically generated digital signatures. In much the same way that a person signs a check or a legal document, a digital signature attached to the software image and verified by the device ensures that only the software that has been authorized to run on that device, and signed by the entity that authorized it, will be loaded. The foundation of trust has been established, but the device still needs protection from various run-time threats and malicious intentions.

2. Device authentication: When the device is plugged into the network, it should authenticate itself prior to receiving or transmitting data. Deeply embedded devices often do not have users sitting behind keyboards, waiting to input the credentials required to access the network. How, then, can we ensure that those devices are identified correctly prior to authorization? Just as user authentication allows a user to access a corporate network based on user name and password, machine authentication allows a device to access a network based on a similar set of credentials stored in a secure storage area.

3. Firewalling and IPS: The device also needs a firewall or deep packet inspection capability to control traffic that is destined to terminate at the device.

4. Updates and patches: Once the device is in operation, it will start receiving hot patches and software updates. Software updates and security patches must be delivered in a way that conserves the limited bandwidth and intermittent connectivity of an embedded device and absolutely eliminates the possibility of compromising functional safety.

What is evident is that the IoT will play an important role in our lives in the near future, and its security is one of the major issues that must be addressed via active participation by the entire global tech community. Next several years will show whether all of the innovations will revolutionize the world or will bring us to a new era of digital insecurity and chaos. Time will tell.