Securing the Internet of Streams


The evolution of IoT is now at a point that it will require a comprehensively redesigned approach to security threats in order to ensure its continuous growth and expansion.


The relentless flow of new product introductions keeps fueling the gargantuan estimates of billions of connected communicating computing devices which is projected to imminently make the Internet of Things ubiquitous within every facet of our lives. The IoT has been portrayed as the key enabler of a smarter world with compelling use cases that cut across a wide array of both personal and industrial ecosystems.

A great description is that the IoT is the global nervous system. This could be a pun, as IoT is increasingly producing troubling headlines. Stories abound, detailing security breaches that sound as if they were taken from a sci-fi movie, from hacked security cameras to a spamming refrigerator.

IoT-Global-Nervous-System

Figure 1 (Source: re-workblog.tumblr.com)

The explosive growth of the IoT coincides with an alarming increase in reported rates of identity theft and hacker attacks on everyday gadgets and appliances. Security researchers have easily established the feasibility of attacks against TVs, cars, security cameras, and medical equipment. There is much more than stolen money on the line if these types of attacks are carried out. The evidence demonstrates that existing security mechanisms are insufficient or ill-suited to address the risks inherent with the ubiquitous deployment of the IoT.

The need for a new original approach

The traditional approach to security, applied to both consumer and business domains, is one of separation – preventing those who are considered bad actors from accessing devices and networks. However, the dynamic topology of the network environments in which IoT applications are deployed largely invalidates the separation approach, making it both impractical and overly rigid. For example, with BYOD (bring-your-own-device), enterprises struggle to apply traditional security schemes to devices that may have been compromised while outside the perimeter firewall.

Many IoT devices self-configure and run autonomously. User interaction is limited to the devices’ operations, and there are no means to change security parameters. These devices rely on the manufacturer to implement security, both in the hardware and the software.

Moreover, manufacturers have to consider the broader ecosystem, not just their own products. For example, recent research has revealed inherent security flaws in USB memory stick controller hardware and firmware. Users must be concerned not only about the safety of the data on the memory stick, but if the memory stick controller itself has somehow been compromised.

To thwart similar issues, IoT device vendors are rushing to upgrade their product portfolios to low-power, high-performance microcontrollers that include firmware upgrade and data encryption mechanisms.

Atmel's IoT Layered Security Solutions

Figure 2 (Source: Atmel’s White Paper: Integrating the Internet of Things)

In the hyper-connected world of IoT, security breaches will gravitate towards the weakest link in the chain. It will become very hard to maintain the confidence that any particular device, user, application or service maintains its integrity; instead, the assumption will be that things will occasionally break for a variety of reasons, over which there is little control and no method for fixing. As a result, IoT will force the adoption of new concepts for the establishment of trust.

A smarter network combined

In the loosely coupled world of IoT, security issues are driving a need for greater collaboration among the vendors participating in the ecosystem, recognizing their respective core competencies. Hardware vendors make devices smarter. Software developers make applications and services smarter. The connective tissue, the global Internet with its myriad of communication transports and protocols, is tasked with carrying the data that powers IoT. This begs the question – can the network be made an enabler of IoT security by becoming smarter in its own right?

Context is essential for identifying and handling security threats and is best understood at the application level, where the intent of information is processed. This points towards a higher-level communication framework for IoT – the Internet of Data Streams. This framework enables apps and services to view things as consumers and producers of data. It allows for descriptive representations of devices’ operational status and real-time detection of their presence or absence.

Elevating the functional value of the Internet, from a medium of communication to a network of data streams for IoT, would be highly beneficial to ease collaboration among the IoT ecosystem participants. The smarter network can provide apps and services with the ability to implement logic that detects things that break or misbehave, flagging them as suspect while ensuring graceful and consistent operation using the redundant resources.

InternetOfThingsHorizontal

For example, a smarter network can detect that a connected sensor stopped functioning (e.g. due to a denial of power attack, possibly triggered through some obscure security loophole) and allow the apps that depend on the sensor to provide uninterrupted service to users. Additionally, a network of data streams can foster a global industry of security-as-a-service solutions, which can, as an example, send real-time security alerts to app administrators and device manufacturers.

The evolution of IoT is now at a point that it will require a comprehensively redesigned approach to security threats in order to ensure its continuous growth and expansion. Addressing the surfaced issues from an ecosystem standpoint calls for apps, services and “things” to explicitly handle communication via a smarter data network, which has the promise of placing IoT in safer hands, courtesy of the Internet of Streams.

5 thoughts on “Securing the Internet of Streams

  1. Larry Karisny

    Doron. this is one of the best explanations of the security issues of IoT that I have seen. You come close to defining where we need to address IoT security. Let me see if I can get you a little closer.

    We again think we secure even IoT at the network layer or in some specialized intelligent sub-net stream connect to some specific ecosystem. In the real world what happens is that even a small IoT can send a microsecond action and you need to authenticate, view, audit, analyse or block that action real time before that microsecond action during data in motion not after the streamed action.

    If we are to achieve true security in IoT we need to make the software application action smart not just the network. We also need to use digital process management to define whether the use of the IoT is part of the correct ecosystem or process. See my article that more specifically defines how we can do this in what is called 5GL DPM. http://www.govtech.com/dc/articles/Will-DPM-5GL-save-cybersecurity.html . Great article and now it the time to get ahead of IoT security before we have billions of devices that could get out of control.

    Like

    Reply
  2. Pingback: LifeQ is tapping into the human sensor | Bits & Pieces from the Embedded Design World

  3. Pingback: Analyzing real-time tweets with PubNub’s Data Stream | Bits & Pieces from the Embedded Design World

  4. Pingback: Report: Half a billion wearables to be in use by 2019 | Bits & Pieces from the Embedded Design World

  5. Pingback: The 10 challenges of securing IoT communications | Bits & Pieces from the Embedded Design World

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s