By Sudheer P N
The advent of 'Internet' brought in a paradigm shift in the way humans learn, communicate, work etc. Internet was a revolution and humans benefited from it in every aspect of life. Along with its success, internet also brought in major security risks. Despite having security systems in place, attackers have been successful in breaching the security and hack the systems.
As internet evolved over the decades, security mechanisms also evolved from firewall to unified threat management system (UTM), encryption and stronger authentication to wage war against intruders. As the security solution of today may not work tomorrow, the only way to be safer and smarter is to periodically update the security patch.
Like the Internet, 'Internet of things' (IoT) is gaining momentum with time. No doubt that IoT would be the next big thing in future. Using IoT, everything can be controlled and monitored remotely with ease. As per the research, IoT implementation would start from the year 2015 and reach to its pinnacle by 2020. As IoT is in its nascent state and evolving, it also poses a lot of security threats. Let's discuss some of the security risks this technology can bring:
Any sensor, which connects to the IoT server and sends out information, will be a connected device. Smart meter is one such example. Smart meter sends water consumption information at fixed interval to the server.
Connected devices are vulnerable to various attacks in the IoT ecosystem.
Solutions
Below stated solutions can resolve security concerns in the IoT space:
As internet evolved over the decades, security mechanisms also evolved from firewall to unified threat management system (UTM), encryption and stronger authentication to wage war against intruders. As the security solution of today may not work tomorrow, the only way to be safer and smarter is to periodically update the security patch.
Like the Internet, 'Internet of things' (IoT) is gaining momentum with time. No doubt that IoT would be the next big thing in future. Using IoT, everything can be controlled and monitored remotely with ease. As per the research, IoT implementation would start from the year 2015 and reach to its pinnacle by 2020. As IoT is in its nascent state and evolving, it also poses a lot of security threats. Let's discuss some of the security risks this technology can bring:
Reasons for Security Threats
- Connected devices
- Lack of availability of IoT standards
Any sensor, which connects to the IoT server and sends out information, will be a connected device. Smart meter is one such example. Smart meter sends water consumption information at fixed interval to the server.
Connected devices are vulnerable to various attacks in the IoT ecosystem.
Why connected devices are prone to attacks?
Connected devices are built with low power, having less memory, slow processor and run on embedded operating system (OS).
Connected devices are built with low power, having less memory, slow processor and run on embedded operating system (OS).
- Embedded OS is not designed to handle security issues. As access control is not present in OS, the devices are vulnerable for attacks.
- Due to low memory, firewall capability cannot be embedded within the device. Hence, the devices have no support to guard intruders.
- Slow processor makes it difficult to validate and encrypt/decrypt data in real time.
- Distributed Denial of Service (DDOS) attack: Enterprise network will have many connected IoT devices. Imagine, if all the compromised devices try to access a company website or try to access unavailable information from a server. This will choke the server and make it slow. These attacks cost heavily for the company.
- Attackers gaining access to the devices can introduce viruses, BOTS, Trojan horses etc.
- Hackers can manipulate the data generated from devices. For example, wrong information about the trains on track would be devastating, and can lead to head on collision, costing thousands of lives.
- Difficult to update software patches on compromised devices.
Privacy Issues
- Compromised smart water meter would give a hint to the attacker about whether or not a house is occupied.
- Hackers can easily manipulate sensitive personal information like health, location, bank account details etc.
IoT standards
Groups like ETSI, OneM2M and IEEE are working towards generating a standard for an IoT ecosystem. But, these standards are still evolving. Its capability can be felt only after deployments.
Groups like ETSI, OneM2M and IEEE are working towards generating a standard for an IoT ecosystem. But, these standards are still evolving. Its capability can be felt only after deployments.
Below stated solutions can resolve security concerns in the IoT space:
- Standards should evolve fast and should be followed end-to-end.
- Device manufacturers should come up with a device having more memory, faster processors and that which are compact in size. But, this would take time to reach the market.
- Device should authenticate itself before sending or receiving any data.
- Role-based access control should be built into the operating system used in devices. This would limit the component usage.
- Devices should have deep packet inspection capability to validate the data received for any kind of attacks.
- Authenticity of the software on the device should be verified by a cryptographically generated digital signature.
- Devices should authenticate the regular software updates it receives from admins/operators.
No comments:
Post a Comment