(Source: LeoWolfert/shutterstock.com)
Security and other aspects of trustworthiness are of paramount importance to Internet of Things (IoT) networks. We are all aware of the well-publicized data breaches of the past, where millions of credit card numbers were compromised, privacy regulations were violated, or media were pirated. This type of data breach is embarrassing and costly to owners of the effected systems, but they didn’t result in physical damage. Now, with the additions of actuators to IoT networks that can affect the physical operation of potentially dangerous systems (locomotives, refineries, medical devices, reactors, etc.) under computer control, hackers will be targeting these systems, and the stakes to get network security right get much higher. It’s only a matter of time before some hacker compromises the security of an IoT system and causes significant physical harm.
Security is a key aspect of the trustworthiness of systems. Without basic security, other aspects of critical systems operations, such as privacy, safety, resiliency, and reliability, can’t be guaranteed.
IoT systems must be secure against attacks, especially IoT networks in control of life-critical systems. Engineers must pay close attention to all possible security threats and countermeasures to keep their systems secure. The first step is to understand the threat vectors. Hackers will attempt to attack IoT systems in many different ways, and the system is only as good as its weakest response. Examples of attack vectors include compromising IoT element hardware or software during manufacture; spoofing the authentication or configuration of nodes during installation; providing bogus software updates; eavesdropping on network traffic; cracking passwords; physical assault on IoT nodes; and various compromises to network management systems, policies, and processes. Threat analysis must take into account the likelihood of certain security threats as well as the consequences of the exploitation of vulnerabilities. Systematic analysis, including the preparation of detailed threat models, is best practice for assessing the security capabilities of IoT systems.
When the basic threat models are in place, system hardware and software must be designed with a rigorous approach to system security. Five key steps are required:
Good IoT security must start with secure hardware. The processor chips should have a hardware root of trust that functions to ensure the basic compute infrastructure can’t be compromised. Secure boot makes sure the software running on a processor isn’t compromised either. A Trusted Platform Module extends the hardware trust to the software platform, resulting in a Trusted Execution Environment, where application software can be run with confidence. All components of IoT systems, including chips, modules, boxes, software infrastructures, protocol stacks, security policies, and development tools, must be designed with security in mind. Security must also be of paramount importance to the various services and support infrastructures needed for IoT systems, such as communication networks, field-service organizations, management systems, and network operations centers. All aspects of IoT system architecture, development, deployment, and operations must consider security from the start.
Data in IoT networks must be secured in all stages of their life cycle. As soon as data are created (typically at a sensor), they should be evaluated for their security implications and treated accordingly. Often, this means choosing a cryptography standard and crypto key management system, and then applying strong cryptography as close to the data source as possible. Data in motion (traveling on wired or wireless links in IoT systems) require protection from eavesdropping and unauthorized interception or modification. Data at rest (stored in IoT sensors, edge nodes, or the cloud) also need appropriate encryption. Once data is no longer needed, the system should provide for its secure destruction. The appropriate application of emerging distributed ledger techniques such as blockchain can really help authenticate and control access to data in IoT systems.
Edge computing techniques are helpful in securing IoT systems, as well. Often, inexpensive sensors don’t have the energy, size, or budget to provide strong native encryption. Edge nodes, gateways, and fog processors are often the first stop for the data after the sensors perform sophisticated encryption on the data before it is sent to the cloud. Edge computing nodes are also ideal places to run security threat detection analytics and response software, greatly improving the security threat responses of IoT and network systems.
A word about testing: Testing is necessary but not sufficient to the creation of secure IoT. It’s important to test systems before, during, and after their deployment for security vulnerabilities. This testing could be traditional development lab or acceptance tests, but ongoing white-hat hacker testing is also valuable to identify subtle and freshly emerging security hazards. You can’t test security into systems whose architectures are inherently insecure.
Several resources are available for learning more about IoT security practices. The Industrial Internet Consortium has an extensive security framework document. The Open Web Application Security Project (OWASP) models of IoT attack vectors and Microsoft’s STRIDE model are also valuable. It is the responsibility of every IoT engineer to understand and design systems to address the security concerns. Security is the key component to creating a safe and trustworthy IoT infrastructure.
CHARLES C. BYERS is Associate Chief Technology Officer of the Industrial Internet Consortium, now incorporating OpenFog. He works on the architecture and implementation of edge-fog computing systems, common platforms, media processing systems, and the Internet of Things. Previously, he was a Principal Engineer and Platform Architect with Cisco, and a Bell Labs Fellow at Alcatel-Lucent. During his three decades in the telecommunications networking industry, he has made significant contributions in areas including voice switching, broadband access, converged networks, VoIP, multimedia, video, modular platforms, edge-fog computing and IoT. He has also been a leader in several standards bodies, including serving as CTO for the Industrial Internet Consortium and OpenFog Consortium, and was a founding member of PICMG's AdvancedTCA, AdvancedMC, and MicroTCA subcommittees.
Mr. Byers received his B.S. in Electrical and Computer Engineering and an M.S. in Electrical Engineering from the University of Wisconsin, Madison. In his spare time, he likes travel, cooking, bicycling, and tinkering in his workshop. He holds over 80 US patents.
