[Posted on Behalf of Rajeev Shukla, Chief Strategy officer Castellum Labs ]
Introduction to IoT Phenomenon (Internet of Things)
Computing and its pervasiveness
In the last few decades more and mode devices have been connected to the internet and to each other. There has been an explosion of count of devices connected to internet, networks and to us. We have started using devices which have computing resources and capacity in our daily lives, and they are connected to internet. Cars, home appliances, industrial equipment, and more, all are connected to internet and can interact with each other, with cloud platforms, with application and with us all the time. This has made our world smarter and our lives simpler.
Emergence of Internet of Things (IoT)
In recent years, this explosion of devices is being taken to another level with introduction of new paradigm of computing. This paradigm of computing is called IoT, or Internet of Things. Advent of lightweight sensors and their reduced cost has made it possible to place them on almost any object in our physical world and make that object share the data with pervasive computing infrastructure around.
This will obviously create an incredible value to the world, because now inanimate objects can talk to the world around them and thus making it possible for us to interact with them. This will simplify things which have traditionally been very complex to handle or else sometimes have not been possible. Our appliances, our cars, our machinaries and more can be operated, handled, used and maintained in real time. Their utility to us can grow exponentially and their cost of maintenance can come down, again exponentially.
Cyber Security Challenges in this New IoT World
But, this convenience comes at a cost. And, that cost is threats which will be posed to a super connected world where millions and billions of devices will be generating data, interacting with internet and with cloud platforms and interacting with humans in real time on a 24x7 basis. Quite a many of these challenges are going to be faced by the computing industry for the first time. Primary aspects of security challenges, in IoT world are
Scale of data in transition
Scale of distributed computing infrastructure
Pervasiveness of devices
Many of our existing technologies and current security vendors will not suffice for the security challenges created by IoT infrastructure and corresponding computing models.
Why these Challenges
Though the scale of challenges in the cyber security world of IoT is emerging, we will identify the key reasons this new world will have and pose challenges. These following factors make IoT driven world a lot more challenging to secure.
Large distributed device sprawl
Very large attack surface area
Variety of data in transition
Physical accessibility of connected devices
Number of vendors for devices
Nature of devices making it easy to simulate/fake them
These above mentioned, points make it complicated to secure IoT infrastructure and connected world. Large surface area exposes an IoT world to more exploits and threats. Device distribution makes it difficult to keep a physical security process in place. Nature and scale of data in transition and its variety makes it complicated to encrypt it and keep it secure during transition. Simple nature of these devices and basic identification makes it possible for hackers and intruders to fake a device identity and get connected to the network. More and more inclusion of IoT devices into our world enhances these threats.
Key Security Aspects for IoT
There are several key factors which need attention to ensure security in an IoT world. These factors have been reached at, after looking at what makes an IoT world more vulnerable and more challenging from security standpoint. Key points for protecting an IoT world and its infrastructure are following.
Devices need to have a robust authentication mechanism to eliminate the possibility of rogue or fake devices being connected to network
Devices need to have a physical protection, so that a stolen device cannot be compromised for stealing data and reused as rogue one after alteration
Device data storage needs to be designed for protection
Device and user identities should have a robust and functional inter-working design to ensure that any of these identities are not compromised
A security zoning framework and architecture needs to be developed and used to make it easy for organizations to manage and implement security policies
Since a large and continuous and sometime unpredictable data transfer takes place in an IoT world, network security is of utmost significance
Such a large sprawl of device warrants an ability to monitor security using data and state collection from the device
Device Authentication Framework for IoT World
Authentication of IoT devices, in all forms and formats will contain two initiating points for device to be registered and authenticated before it can be used by an application or else before it can communicate with network.
Device knocking the door
Network or application initiating the discovery
In both of the cases, a mechanism for the device to establish that it’s a genuine element and is allowed to be discovered and included in the network and can be used by application, is needed.
Device needs to publish its id and its willingness to be discovered by nodes and applications of a specific network. IoT device can also make an explicit request to a network for registration.
A network and its applications need to be able to discover the IoT devices, which can be registered and then used within the eco system.
For this bi-directional recognition and registration of an IoT device to stay secure and not succumb to the hackers’ attempt and not create or carry a vulnerability in process of registration, following things are critical.
Secure device database
Secure handshake between network/application and device
An authentication protocol, which is light and still secure
Token system which is not subjected to repeated validations and verifications
Physical Device Protection
IoT devices and their sprawl, combined with their need to be installed out in the open, posed a unique challenge for security. The challenge is to protect the device (remember it can be a small sensor, and, hence very easy to be plucked off the wall) from being stolen and then subsequently being used by a hacker or a miscreant, to gain illegal access to network using the device credentials and its access to network and its application.
Though stealing of a senor in physical world is something can not be completely ruled out, but, there are measures which can be taken to ensure that if the device is stolen, it does not give hacker a way to compromise the network and its applications.
Tamper Proofing
A device can be made tamper proof in such a way that if a hacker is physically accessing the device, all the communication and all data (if any) on device is automatically deleted. Device can also send a distress signal to network and application, and, network should have the provision of blacklisting that device, so no further communication from the device is entertained.
Frequent self-checks and similar mechanisms can be employed within the device to detect if a tampering effort has taken place, and, then initiate the sequence of protecting itself.
Data Destruction
A device should be capable of destructing its own data when it detects that it has been compromised. Though as a precautionary measure no or very limited data should reside on the device, but, whatever data is in transit or collection phase, should be destructed as soon as device detects that it has been compromised
Tamper Aware Network and Application
In case of a tampered device, network and application will need to take a series of measures to ensure that no part of network and no application is communicating or exchanging information with that device. These steps are categorized as below.
Device blacklisting & Update of the device database
Communication to all network and all application about compromised device
Clearing tokens and sessions related to the compromised device across network
"Device tampering is most Critical Security Challenge in the world of IoT"
Device Data Storage
IoT devices collect and send a lot of data and some fetch data from network, to stay functional. There four different kind of data which an IoT device can communicate.
Config data
Collected data
Token and token related data
Device identification related data
Given the nature of these devices, there are certain measures, which need to be taken, to ensure that any of this data is not compromised and is not used to gain unlawful access to network and applications.
Keep persisted data limited
It is a good practice to not to keep any data at any IoT device in a persisted state. The best protection is not to persist any data, which you can live without storing. Even if there is data, which needs to be stored, it is good to send that data to network and have it get persisted there.
Encrypt, what you need to persist
If you need to store data at IoT device, ensure the right level of encryption. Though employing an encryption solution at endpoint is difficult, given the lack of storage and lack of bandwidth, which is commonplace in IoT devices.
Config controls from remote server
All IoT devices need some configurational data, to define the scope of their working and to control the function. It is a better practice to keep this config data remotely at the network, and, fetch it or even better consult it, when device needs to use it.
Device identification data
It is a very poor security practice to embed the device identification into IoT devices. A composite identification scheme should be followed in to identify the devices properly.
Device and User Identities for Security and Authentication
IoT world makes physical world around us smarter and interactive. In a lot of IoT applications, end user is interacting with the device directly or indirectly through an appliance or gadget. User identity and its authentication in conjunction to device authentication becomes of significance in these situations. Some of the key considerations to ensure authentication of device and user stays secure, are as following.
Multi factor authentication for user
Secure relationship between user identity and device identity (if any)
Security Zoning in IoT
Because of sprawl and variety of IoT devices in a typical infrastructure, it is a good practice to create zones for devices, and, define a policy framework with the help of zone applicability. Thousands and some time millions of devices will be more manageable from security standpoint, if zoning paradigm is developed for IoT and applied to overall security measures and programs for IoT.
Some of the ways, this zoning concept can be effective, are following.
Zones for physical location
Devices which are installed within a secure perimeter can be grouped together in one zone, and, security processes and policies for those devices can be applied based on consideration that they are within secure perimeter.
Device Data Criticality
Another way to create a zone is to group the devices together which carry sensitive data. The data can be categorized based on its sensitivity and multiple sub zones can be created to manage the policy and configuration for those devices.
In-Built Security Features
Another way to group the devices and create a zone will be, to identify the embedded security features (or sometime vulnerabilities) and create a zone.
IoT Device Monitoring
IoT devices can generate a lot of data. Though from a single device amount of data transferred per unit of time is small, but, over a period even a single IoT device can send large quantity of data to networks. Large number of devices, which collect and send data into cloud/network can collectively send very large amount of data.
IoT devices’ local capacity for processing and communication is not very high.
Number of IoT points even in mid-sized enterprise infrastructure can be very large. And, sometime these devices can be geographically dispersed.
These two realities of IoT world mentioned above, make it very difficult to do real time monitoring of an IoT infrastructure. Following are some key challenges when it comes to monitoring security in real time.
What to collect for monitoring
Are devices even capable of generating security specific data
Sustainability of collected security data from IoT devices, (from n/w bandwidth)
How alerting should be structured for a security incident in world of IoT
One model of monitoring can be around creation and aggregation of log events at networks instead of IoT endpoints. A completely different approach to events formation and usage is needed in the world of IoT to make real-time monitoring possible and viable. Events need to be trapped from the communication which takes place between IoT devices and network or cloud, and, they need to be stored for aggregation and correlation.
Comments