From the very beginning of developing an IoT product, IoT security must be a forethought.
One of the hottest topics at last week’s IoT StreamConf was security. In other words, how are we going to secure communication for billions of connected devices? How can we ensure that attackers can’t take control of our devices, steal information, disrupt services, or take down entire networks of expensive, imperative devices?
With IoT is still in its early stages, security is not fully understood and well-defined when compared to other industries, like the financial and e-commerce sectors. From the very beginning of developing an IoT product, whether it’s small-scale like a wearable device, to massive-scale IoT deployments, like an oil field sensor network or global delivery operation, IoT security must be a forethought.
In this talk, Rohini Pandhi, Product Manager at PubNub, walks through the ten challenges of securing Internet of Things communication. Rohini discusses flexible and secure messaging design patterns for IoT communication, and how they can be implemented and scaled. There are a number of security considerations, but after watching this talk, you should have a good idea of how you can secure your IoT deployment.
(Scroll below video for a table of contents of when individual concepts are talked about in the video).
Video Table of Contents
- Defining the Internet of Things (10:27)
- Unprotected devices will be attacked (13:15)
- Encryption (15:46)
- Single security model for all communications (17:56)
- Access control (20:13)
- Tracking device metadata (21:14)
- Provisioning in the field (22:38)
- Firmware updates in the field (24:07)
- Compliance with regulations (25:15)
- Reinventing the wheel (26:17)
More Resources on Securing IoT Communication
Below are a couple great pieces on IoT security, and some code tutorials for IoT developers:
- The Next Generation of IoT: PubNub CEO Todd Greene walks through the evolution of the IoT stack, and how it’s continuing to change, with security at the forefront.
- Securing the Internet of Streams: Doron Sherman discusses the need for a new approach to IoT security, built on a loosely-coupled, smarter network.
- World-class embedded security solutions ensures trust for every system design: Data security is directly linked to how exposed the cryptographic key is to being accessed by unintended parties. How to thwart? Keep the “secret key secret” locked in protected hardware devices.
- IT cloud vs. IoT cloud: Kaivan Karimi, Atmel VP and GM of Wireless Solutions, shares the top 10 factors to consider when transitioning from IT cloud to IoT cloud.
- Become a Crypto Expert by securing all the layers of IoT. Securing valuable pieces to solve your security puzzle for any stage or level of the design cycle.
- Ultra-secure Hardware-based Key Storage: CryptoAuthentication installed into the architecture of element devices with hardware-based key storage ensure that a product, consumables it uses, firmware it runs, accessories that support it, and the network nodes it connects to are not cloned, counterfeited, or tampered with.
- Complete Security for PCs and Embedded Systems: The TPM includes integrated, protected nonvolatile storage for cryptographic keys, secrets, and authorization information.
- Making EEPROMs a Safe Place for Sensitive Data: CryptoMemory chips are the world’s largest family of EEPROMs with a 64-bit embedded hardware encryption engine, four sets of nonreadable, 64-bit authentication keys, and four sets of nonreadable, 64-bit session encryption keys.