Is Security an Afterthought in Internet of Things?
The exuberance around Internet of Things and the enormous volume of connected devices are attracting many companies, big and small into the IoT bandwagon. Manufacturers are adding connectivity to their devices based on the assumption that customers will prefer a connected device to its not-connected counterpart if the cost is not significantly higher. Though many companies are aware that the customers are not always taking advantage of their internet enabled refrigerator to refill eggs, nobody wants to be left out of this huge opportunity. The popular theory seems to be: connect first and the use cases and return on investment will follow. In this rush to connect things, what seems to not be getting the attention it deserves is security.
Internet is a double edged sword. On one side, all of us enjoy the many benefits of connectivity such as having a video call to the other side of the globe or making purchases while not leaving home. The darker side is identity theft, illegal financial transactions, masquerading, snooping, etc. While these threats are real and have huge financial impact, the threats on IoT devices can be fatal. For example, leaving an oven or hot plate on can potentially kill people. How about playing around with someone’s pace maker? Imagine getting locked inside a car wash.
While automobiles have not been hacked by real criminals, researchers have exposed the vulnerabilities and how it affects safety leading to catastrophic incidents. Cyber-attacks are increasing in frequency. In many cases, companies do not know they are violated until months later. The proliferation of connected devices significantly increases the risk and aggravates the impact, especially if the tools are in the wrong hands. Many suspect the biggest terrorism threat will be through the internet in the future.
The ubiquitous nature of Internet Protocol has its downside when it comes to security. We need a strategy for end-to-end security, starting from the device to the cloud applications, to insure the device is protected there by guaranteeing confidentiality, integrity and availability (CIA) to the customer.
The CIA triad is a model used to discuss the security aspects of IT systems, and the same can be extended to IoT. Confidentiality is making sure the data at rest or data exchanged between end points remains private through encryption. We need to make sure there is no gap in security while message flows from one node to another. Integrity is to make sure the software in the device or any part of the system is protected against unauthorized modification. This can be achieved by having a range of techniques from simple hashing to digital signatures using Public key cryptography. Availability is to make sure the system is available based on the service level expectations. This requires systems to be aware of their weakness and have counter measures built in. Typical counter measures are using load balancers, redundancy, clustering, etc.
While designing for security, instead of relying on one trusted mechanism, we should have multiple levels of defense. Every layer should incorporate their own security mechanism and not rely on the layer below.
We should start at physical layer security and go all the way to application security while incorporating data link, IP and session layer security.
Devices should implement a Trusted Computing Block and implement a security perimeter to separate the TCB from the untrusted part of the system. Devices need to be authenticated at boot-up and device signatures for the drivers and associated software needs to be validated before allowing access. We need to make sure packets are filtered out intelligently. A mere protocol header based filtering might not be sufficient and would need state based firewalls.
Devices need to have security mechanisms in place in the data lank layer to prevent rouge devices from attaching to the network by employing MACsec (802.1AE) or IEEE 802.1AR, incorporating device identity. Wireless access should be encrypted using 802.11i (WPA2). Bluetooth is more prone to attacks and should be guarded against bluesnarfing or bluejacking kind of attacks.
It is also important to limit the exposure. Subnets and hardware or software firewalls can be used to limit the exposure of your internal network with sensitive information from the appliance network. There is no reason to have your smart garage opener access data from your personal computer. Basic guidelines on passwords, authentication and authorization should be followed and only run if absolutely needed. Weaknesses need to be identified early and countermeasures should be incorporated to minimize vulnerabilities.
While Cloud computing and resource virtualization reduces administration costs, it poses a new set of challenges on protecting sensitive information. In addition to implementing the familiar defenses in the physical security world, like firewalls, IPD/IDS mechanisms, and machine hardening, we will need mechanisms like Hypervisor, a security gateway to protect the VMs. Organizations need to have strong security policy and monitoring in place especially because of the dynamic nature of resources.
Security cannot be built into the system at the tail end of product development. It has to be incorporated and prioritized right from the design process. In the rush to connect devices to the internet, if security is forgotten, the results can be disastrous as we are dealing with safety critical applications.