SlideShare a Scribd company logo

151022_oml_reinventing_cybersecurity_IoT_v1p

Stéphane Roule
Stéphane Roule
1 of 8
Download to read offline
Reinventing Cybersecurity in the Internet of Things 151022_oml_v1p | Public | © Omlis Limited 2015
1151022_oml_reinventing_cybersecurity_IoT_v1p | Public | © Omlis Limited 2015 Reinventing Cybersecurity in the IoT By 2020 the IDC predict that the IoT will incorporate 200bn sensors – most of which will be communicating over open networks. This mass of connected devices will be doubly susceptible as their physical security parameters will be exposed as well as their software based security mechanisms. It’s further predicted that by 2016, 90% of all IT networks will have experienced a breach stemming from the IoT. 1 These figures clearly illustrate that the mass production of IoT (Internet of Things) devices is accelerating beyond the capabilities of traditional security protocols, which have been left floundering in the wake of innovation. A number of security propositions have been mooted to assist in narrowing the gap, with few as compelling as Omlis’ mobile-first core technology. As the connected world continues to churn out increasing amounts of sensitive data, Omlis’ core technology will grow as a key enabler, neatly bundling the most powerful encryption and authentication qualities which this valuable data demands – as recognized by leading cloud infrastructure and IoT platform provider SoftLayer through our recent collaboration. The IoT is a media-friendly term which has very little prescriptive meaning, yet it perfectly captures the notion of a wild proliferation of non-uniform devices involved in open networks. Pulling this array of exposed devices into the safe realms of a secure network was never going to be an easy task. It would appear that we need to treat such a diverse ecosystem on a case-by-case basis, classifying in terms of risk and applying the appropriate security mechanisms. It’s implausible for the IoT to adopt some kind of ‘silver bullet’ security concept such as an evolved version of a PKI (Public Key Infrastructure) which would act as a panacea for all security concerns; practicalities will demand a layered approach, with different devices requiring different levels of protection according to capability and the value of the data being transmitted. Separating ‘mission critical’ aspects from sensors which may be involved in low risk networks with low risk applications seems a logical step. Encryption algorithms need to retain their basic strength whilst exhibiting a small software footprint which doesn’t place too high a demand on the processor; in addition, robust encryption needs to be supported by strong mutual authentication techniques for machine registration and updates. Methods such as digital certificates will inevitably have a place in the early stages, before we’re driven to define more practical methods of machine based authentication. An adaptable security architecture is the best response to the threat emerging from a complex mixture of devices operating over open networks. This in turn requires a number of solution providers the key enablers will be those firms which can successfully marry the core characteristics of their technology with the needs of the IoT. Many of these pioneers will come from the mobile-first security sector on the grounds that their core security platform enhances the offerings of more traditional mobile services; as was the case with Blackberry and the Good Technology acquisition. The idea of a collective response is becoming clear. VMWare enhanced their mobile base with the acquisition of AirWatch in recognition that the mobile would become the ‘remote control’ for the connected world 2 , and similarly, companies such as Hitachi are also looking to harness the synergies of complimentary industries to enhance their IoT offering; they recently acquired Pentaho Corp for their ability to analyze collated IoT data. As more and more data becomes ‘sensorized’ Omlis’ mobile-first design principles and core technology will increasingly represent an excellent fit for high value, mission critical IoT applications.
2151022_oml_reinventing_cybersecurity_IoT_v1p | Public | © Omlis Limited 2015 Problems With Securing the IoT and the Shortcomings of Traditional Methods Many of the sensors in the IoT don’t have the computational capacity to implement any form of complex cryptography with interpretation and encryption of data duties falling on the smartphone or web-based device in front of the sensor. Of the sensors which do, traditional encryption delivered through protocols like SSL / TLS is often too much of a burden on low processing power. Traditional security mechanisms such as PKI are trying to adapt and frantically rediscover themselves with new methodologies such as elliptic curve cryptography using reduced key lengths. Omlis on the other hand offers an entirely new solution which isn’t conditioned by the demands of outdated architectures and is suited to the emerging practicalities of IoT security. PKI is buckling under the weight of heavily manual processes already, and its methodology will be further tested by the IoT, for which it was never designed. If PKI is to be used in the IoT, it will represent a shift from a near universal human user base, to tens of billions of additional interconnected non-human devices. The design remit for PKI was very much for public consumption and how we secure what effectively represents a seismic population growth is a question which cybersecurity vendors need to answer. Whereas a few years ago, certificates were the domain of servers, laptops and personal computers, they’re now commonplace in everything from TVs to medical equipment. There’s a fundamental difference between PKI setup for public usage and PKI in a closed or M2M (Machine-to- Machine) sense in the fact that humans can’t interfere as easily. This could be construed as a good thing or also as something which could be disastrous in terms of device registration, authentication, cloning and malicious substitution. 3 Highvolumeissuanceofcertificatesonthemassproduction lines of IoT devices would represent an extremely awkward process and the ongoing management of these certificates would be particularly difficult, especially with regards to revocation. Providing lifetime certificates is an option but is wholly inappropriate due to increasing calls for lifecycle management. PKI might be suited to many low value IoT communications if it can be repackaged for devices which have low processing power and thus limited ability to continually generate keys, but for data that demands complete integrity it’s far from ideal. This question of how to provide a unique identifier for each IoT object is therefore very much open and as yet unanswered. Solutions such as DNSSec have been touted as a method of securing crowded networks and guaranteeing communications between client and server but is hugely susceptible to eavesdropping. This leaves the door open for more targeted solutions such as those offered by Omlis, which can wrap robust encryption of data with mutual authentication and lifecycle management. Omlis’ software defined core technology can be tailored in such a manner that it can perform state of the art key management and authentication from low power devices using robust encryption. This facilitates the safe transfer of remote software updates and enhanced mobile device access, whilst at the same time negating the threats we associate with open networks and malware.
3151022_oml_reinventing_cybersecurity_IoT_v1p | Public | © Omlis Limited 2015 Industry Specific IoT Security Issues Automotive: Remote Software Updates The automotive industry is often cited as one of the emerging areas for connectivity, with ‘Autonomous Cars’ assuming the pinnacle of the Gartner 2015 ‘Hype Cycle’ 4 , but security issues are beginning to overshadow this sense of opportunity. Quite pertinently, SDS (Software Defined Security) follows on the heels of Autonomous Cars, highlighting how security has lagged behind product innovation. As cars become increasingly connected, clear security gaps have appeared, particularly in terms of remote software updates, digital rights management and highly publicized cyber-physical attack vectors. Tesla’s connected cars provide an active example of how vehicle infotainment and telematics have fully incorporated mobile technology, with the Model S regularly receiving software updates over-the-air in a near identical manner to the updates you’d receive on your smartphone. When updates impinge on cyber-physical features such as steering, autopilot and collision avoidance, it’s clear that strong authentication and encryption need to be high priority. The need for wireless patching and remote updates will become ever more pressing as cars and IoT devices in general acquire increasing amounts of complex software. Because this software is attached to high value / high liability products, mass car recalls have sometimes been the only option in terms of securing a mission critical update. The growth of these recalls in recent years exhibits the manufacturer’s inability to update remotely through wireless patches. BMW recently updated its wireless patch distribution system to use https, which shows that despite taking an industry lead, even the most conscientious manufacturers are still behind the times in terms of actually applying security in the first place. A recent HP research project pointed out that 60% of the IoT devices they studied didn’t use any form of encryption on software updates. 6 Omlis’ core technology can provide the levels of strong mutual authentication which is required for secure software updates, guaranteeing that products are communicating with the intended source and encrypting communications throughout the entire product lifecycle.
4151022_oml_reinventing_cybersecurity_IoT_v1p | Public | © Omlis Limited 2015 Healthcare: Mobile Device Access and Authentication According to MarketResearch.com there will be a $117bn market for IoT in the healthcare sector by 2020, but this kind of growth is fully dependent on security as the great enabler. As well as the latent privacy issues associated with such personal information, health records are estimated to be worth ten to twenty times more than credit card details, with criminals using stolen records to file fake insurance claims or illicitly buy drugs or equipment. At present, many of the leading wearables issued by commercial firms such as Fitbit don’t tend to fall under the scope of global data protection acts. These wearables transmit to server databases which aren’t used by health practitioners so the information has very few compliance issues. However, if this information is redistributed to professional health practitioners, then the data becomes sensitive. Many of these wearables are known as ‘headless devices’ with little or no user interface and an inability to exchange credentials 6 . They rely on beaconing out to a smartphone (or similar device) via Bluetooth in order to enroll into a network, which then places the primary security demands on the phone. According to Symantec’s ‘Insecurity in the Internet of Things’ whitepaper, 84% of analyzed IoT devices offered a smartphone application 7 , bringing us back to the idea of the smartphone as the ultimate remote control. Connected healthcare is an emerging industry where mobile-first security vendors such as Omlis are ideally positioned to help guide what equate to fairly scant data security standards in terms of mobile device access and authentication. Industry and Infrastructure: Securing and Encrypting Data over Wi-Fi It’s telling that Dell Security gave special attention to the concept known as SCADA (Supervisory Control and Data Acquisition) in their 2015 Annual Threat Report, noting that attacks on systems increased from 163,228 incidents in 2013 to 675,186 in 2014. Buffer overflows, cross-site scripting and cryptographic issues all featured prominently amongst the most common attack methods. 8 SCADA formed the early foundations of the IoT in both industry and infrastructure. The vision and scope of this concept has grown exponentially with the incorporation of connected devices and the lines between SCADA and the IoT are increasingly beginning to blur. SCADA was traditionally used over Local Area Networks and Wide Area Networks, with appliances being wired up to a central control system, as in traditional M2M communications. Since then there’s been a clear move to more distributed architectures which has meant that SCADA is encountering increased usage over Wi-Fi networks. Connections to Wi-Fi are obviously more dangerous and less reliable, with many advising against it entirely for industrial applications. Nevertheless, Wi-Fi’s growing role in SCADA applications is acknowledged as an inevitable consequence of the IoT, particularly in those sectors which are slightly less critical than heavy industry or military. Once again, Omlis’ core technology can provide reassuring levels of machine-based mutual authentication, whilst securing and encrypting data over Wi-Fi; all of which can empower the advancement of the IIoT (Industrial Internet of Things).
5151022_oml_reinventing_cybersecurity_IoT_v1p | Public | © Omlis Limited 2015 “One of the main challenges the IoT faces is the reduced footprint on which a secure solution must run whilst providing security and protecting privacy. Wearables and other embedded electronic devices have cost constraints that limit the size of the CPU and the memory. In these conditions, only tailored solutions can be effective. Omlis is the only provider bringing a fully secure solution bundling key management, mutual authentication and encryption to the IoT. Omlis offers a dedicated answer to a very specific need of security and compactness. ”Stéphane Roule, Senior Technical Manager How Omlis Addresses the IoT’s Insecurities Omlis’ core technology has already showcased its ability to secure the channel between client and server via the cloud with the recent release of SEM (Secure Enterprise Messenger) on the IBM Bluemix platform. The true value Omlis brings to the IoT is our software- defined capability to wrap the strongest cybersecurity traits into one tailored solution with the lowest imprint on memory and processing power. For example, strong mutual M2M authentication is a discipline which the Omlis core technology can potentially satisfy to a greater degree than any current solution provider using our innovative authentication protocols. The security of the Wi-Fi network is less critical because of our innovative key management and key exchange protocols. Unique keys are generated at the point of transaction and due to the design of our distributed architecture, actual keys are never sent over the network and are never stored on the client or server side; so even if a MitM (Man-in-the-Middle) attack takes place on a relatively unguarded device, the hacker will fail to retrieve any meaningful information. This method of generating keys at both ends of the communications channel, means that Omlis never transmits sensitive data in plaintext and information related to transaction keys can be erased from memory as soon as it becomes redundant. Furthermore, Omlis’ high integrity design principles and embedded software make security less dependent on the increasingly vulnerable Operating System thus increasing resistance to malware. The Omlis core technology can package its powerful characteristics into the IoT architecture in a manner which older legacy solutions will struggle to achieve.
6151022_oml_reinventing_cybersecurity_IoT_v1p | Public | © Omlis Limited 2015 1. https://www.idc.com/getdoc. jsp?containerId=prUS25291514 2. http://blogs.air-watch.com/2014/10/airwatch- vmware-signs-enable-iot-enterprise/#. ViEHS36rSUk 3. http://www.researchgate.net/ publication/279063057_Enforcing_Security_ Mechanisms_in_the_IP-Based_Internet_of_ Things_An_Algorithmic_Overview 4. http://www.gartner.com/newsroom/id/3114217 5. http://www8.hp.com/h20195/V2/GetPDF. aspx/4AA5-4759ENW.pdf 6. http://www.copperhorse.co.uk/the-quandaries- of-headless-iot-device-provisioning/ 7. https://www.symantec.com/content/en/ us/enterprise/media/security_response/ whitepapers/insecurity-in-the-internet-of- things.pdf 8. https://software.dell.com/docs/2015- dell-security-annual-threat-report-white- paper-15657.pdf References Contributors The following individuals contributed to this report: Stéphane Roule Senior Technical Manager Nirmal Misra Senior Technical Manager Paul Holland Analyst Jack Stuart Assistant Analyst
Omlis Third Floor Tyne House Newcastle upon Tyne United Kingdom NE1 3JD +44 (0) 845 838 1308 info@omlis.com www.omlis.com © Omlis Limited 2015

Recommended

An Internet of Things Reference Architecture
An Internet of Things Reference Architecture An Internet of Things Reference Architecture
An Internet of Things Reference Architecture Symantec
 
VET4SBO Level 2 module 6 - unit 4 - v0.9 en
VET4SBO Level 2 module 6 - unit 4 - v0.9 enVET4SBO Level 2 module 6 - unit 4 - v0.9 en
VET4SBO Level 2 module 6 - unit 4 - v0.9 enKarel Van Isacker
 
LConey-Journal_of_Physical_Security-Article_The-Ability-to-Defend-Against-the...
LConey-Journal_of_Physical_Security-Article_The-Ability-to-Defend-Against-the...LConey-Journal_of_Physical_Security-Article_The-Ability-to-Defend-Against-the...
LConey-Journal_of_Physical_Security-Article_The-Ability-to-Defend-Against-the...Lillie Coney
 
IoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIntel® Software
 
IoT Security
IoT SecurityIoT Security
IoT SecurityPeter Waher
 
Is Your Network Ready for the Age of IoT?
Is Your Network Ready for the Age of IoT?Is Your Network Ready for the Age of IoT?
Is Your Network Ready for the Age of IoT?GENIANS, INC.
 
Revealing the Potential and Risks From the Coming Together of IoT, AI, and C...
Revealing the Potential and Risks From the Coming Together of IoT, AI, and C... Revealing the Potential and Risks From the Coming Together of IoT, AI, and C...
Revealing the Potential and Risks From the Coming Together of IoT, AI, and C...IndianAppDevelopers
 
IoT Security Risks and Challenges
IoT Security Risks and ChallengesIoT Security Risks and Challenges
IoT Security Risks and ChallengesOWASP Delhi
 

Recommended

An Internet of Things Reference Architecture
An Internet of Things Reference Architecture An Internet of Things Reference Architecture
An Internet of Things Reference Architecture Symantec
 
VET4SBO Level 2 module 6 - unit 4 - v0.9 en
VET4SBO Level 2 module 6 - unit 4 - v0.9 enVET4SBO Level 2 module 6 - unit 4 - v0.9 en
VET4SBO Level 2 module 6 - unit 4 - v0.9 enKarel Van Isacker
 
LConey-Journal_of_Physical_Security-Article_The-Ability-to-Defend-Against-the...
LConey-Journal_of_Physical_Security-Article_The-Ability-to-Defend-Against-the...LConey-Journal_of_Physical_Security-Article_The-Ability-to-Defend-Against-the...
LConey-Journal_of_Physical_Security-Article_The-Ability-to-Defend-Against-the...Lillie Coney
 
IoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIntel® Software
 
IoT Security
IoT SecurityIoT Security
IoT SecurityPeter Waher
 
Is Your Network Ready for the Age of IoT?
Is Your Network Ready for the Age of IoT?Is Your Network Ready for the Age of IoT?
Is Your Network Ready for the Age of IoT?GENIANS, INC.
 
Revealing the Potential and Risks From the Coming Together of IoT, AI, and C...
Revealing the Potential and Risks From the Coming Together of IoT, AI, and C... Revealing the Potential and Risks From the Coming Together of IoT, AI, and C...
Revealing the Potential and Risks From the Coming Together of IoT, AI, and C...IndianAppDevelopers
 
IoT Security Risks and Challenges
IoT Security Risks and ChallengesIoT Security Risks and Challenges
IoT Security Risks and ChallengesOWASP Delhi
 
Secure your Future with IoT Security Testing | Application Security
Secure your Future with IoT Security Testing | Application SecuritySecure your Future with IoT Security Testing | Application Security
Secure your Future with IoT Security Testing | Application SecurityCigniti Technologies Ltd
 
Will Internet of Things (IoT) be secure enough?
Will Internet of Things (IoT) be secure enough? Will Internet of Things (IoT) be secure enough?
Will Internet of Things (IoT) be secure enough? Ravindra Dastikop
 
Internet of things
Internet of thingsInternet of things
Internet of thingsvarungoyal98
 
IoT security reference architecture
IoT security reference architectureIoT security reference architecture
IoT security reference architectureElias Hasnat
 
Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016
Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016
Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016David Glover
 
Iot security requirements will reshape enterprise it security programs
Iot security requirements will reshape enterprise it security programsIot security requirements will reshape enterprise it security programs
Iot security requirements will reshape enterprise it security programsMarket Engel SAS
 
INTEROPERABILITY, FLEXIBILITY AND INDUSTRIAL DESIGN REQUIREMENTS IN THE IoT
INTEROPERABILITY, FLEXIBILITY AND INDUSTRIAL DESIGN REQUIREMENTS IN THE IoTINTEROPERABILITY, FLEXIBILITY AND INDUSTRIAL DESIGN REQUIREMENTS IN THE IoT
INTEROPERABILITY, FLEXIBILITY AND INDUSTRIAL DESIGN REQUIREMENTS IN THE IoTMuhammad Ahad
 
Smart city landscape
Smart city landscapeSmart city landscape
Smart city landscapeSamir SEHIL
 
Fog computing security and privacy issues, open challenges, and blockchain so...
Fog computing security and privacy issues, open challenges, and blockchain so...Fog computing security and privacy issues, open challenges, and blockchain so...
Fog computing security and privacy issues, open challenges, and blockchain so...IJECEIAES
 
Frost Entrust Datacard-award-write-up-final
Frost Entrust Datacard-award-write-up-finalFrost Entrust Datacard-award-write-up-final
Frost Entrust Datacard-award-write-up-finalWendy Murphy
 
IRJET- An Approach to Authenticating Devise in IoT using Blockchain
IRJET- An Approach to Authenticating Devise in IoT using BlockchainIRJET- An Approach to Authenticating Devise in IoT using Blockchain
IRJET- An Approach to Authenticating Devise in IoT using BlockchainIRJET Journal
 
LIFT OFF 2017: IoT and MSS Deep Dive
LIFT OFF 2017: IoT and MSS Deep DiveLIFT OFF 2017: IoT and MSS Deep Dive
LIFT OFF 2017: IoT and MSS Deep DiveRobert Herjavec
 
Iot Security
Iot SecurityIot Security
Iot SecurityMAITREYA MISRA
 
5th Meetup - Ethereum & IoT: examples, opportunities and IBM initiative
5th Meetup - Ethereum & IoT: examples, opportunities and IBM initiative5th Meetup - Ethereum & IoT: examples, opportunities and IBM initiative
5th Meetup - Ethereum & IoT: examples, opportunities and IBM initiativeAlexander Hirner
 
How to deal with the impact of digital transformation on networks
How to deal with the impact of digital transformation on networks How to deal with the impact of digital transformation on networks
How to deal with the impact of digital transformation on networks Abaram Network Solutions
 
Supply Chain Security and Compliance for Embedded Devices & IoT
Supply Chain Security and Compliance for Embedded Devices & IoTSupply Chain Security and Compliance for Embedded Devices & IoT
Supply Chain Security and Compliance for Embedded Devices & IoTSource Code Control Limited
 
IBM Xforce Q4 2014
IBM Xforce Q4 2014IBM Xforce Q4 2014
IBM Xforce Q4 2014Patrick Bouillaud
 
Security and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of ThingsSecurity and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of ThingsSomasundaram Jambunathan
 
Expert mobility managing wi-fi wearables sensors iot for availability quality...
Expert mobility managing wi-fi wearables sensors iot for availability quality...Expert mobility managing wi-fi wearables sensors iot for availability quality...
Expert mobility managing wi-fi wearables sensors iot for availability quality...Priyanka Aash
 
Internet of Things application platforms
Internet of Things application platformsInternet of Things application platforms
Internet of Things application platformsThe Marketing Distillery
 
ABB Converter ASTAT
ABB Converter ASTATABB Converter ASTAT
ABB Converter ASTATThomas Solkela
 
Empat rakaat pembuka pintu langit
Empat rakaat pembuka pintu langitEmpat rakaat pembuka pintu langit
Empat rakaat pembuka pintu langitErman Hidayat
 

More Related Content

What's hot

Secure your Future with IoT Security Testing | Application Security
Secure your Future with IoT Security Testing | Application SecuritySecure your Future with IoT Security Testing | Application Security
Secure your Future with IoT Security Testing | Application SecurityCigniti Technologies Ltd
 
Will Internet of Things (IoT) be secure enough?
Will Internet of Things (IoT) be secure enough? Will Internet of Things (IoT) be secure enough?
Will Internet of Things (IoT) be secure enough? Ravindra Dastikop
 
Internet of things
Internet of thingsInternet of things
Internet of thingsvarungoyal98
 
IoT security reference architecture
IoT security reference architectureIoT security reference architecture
IoT security reference architectureElias Hasnat
 
Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016
Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016
Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016David Glover
 
Iot security requirements will reshape enterprise it security programs
Iot security requirements will reshape enterprise it security programsIot security requirements will reshape enterprise it security programs
Iot security requirements will reshape enterprise it security programsMarket Engel SAS
 
INTEROPERABILITY, FLEXIBILITY AND INDUSTRIAL DESIGN REQUIREMENTS IN THE IoT
INTEROPERABILITY, FLEXIBILITY AND INDUSTRIAL DESIGN REQUIREMENTS IN THE IoTINTEROPERABILITY, FLEXIBILITY AND INDUSTRIAL DESIGN REQUIREMENTS IN THE IoT
INTEROPERABILITY, FLEXIBILITY AND INDUSTRIAL DESIGN REQUIREMENTS IN THE IoTMuhammad Ahad
 
Smart city landscape
Smart city landscapeSmart city landscape
Smart city landscapeSamir SEHIL
 
Fog computing security and privacy issues, open challenges, and blockchain so...
Fog computing security and privacy issues, open challenges, and blockchain so...Fog computing security and privacy issues, open challenges, and blockchain so...
Fog computing security and privacy issues, open challenges, and blockchain so...IJECEIAES
 
Frost Entrust Datacard-award-write-up-final
Frost Entrust Datacard-award-write-up-finalFrost Entrust Datacard-award-write-up-final
Frost Entrust Datacard-award-write-up-finalWendy Murphy
 
IRJET- An Approach to Authenticating Devise in IoT using Blockchain
IRJET- An Approach to Authenticating Devise in IoT using BlockchainIRJET- An Approach to Authenticating Devise in IoT using Blockchain
IRJET- An Approach to Authenticating Devise in IoT using BlockchainIRJET Journal
 
LIFT OFF 2017: IoT and MSS Deep Dive
LIFT OFF 2017: IoT and MSS Deep DiveLIFT OFF 2017: IoT and MSS Deep Dive
LIFT OFF 2017: IoT and MSS Deep DiveRobert Herjavec
 
5th Meetup - Ethereum & IoT: examples, opportunities and IBM initiative
5th Meetup - Ethereum & IoT: examples, opportunities and IBM initiative5th Meetup - Ethereum & IoT: examples, opportunities and IBM initiative
5th Meetup - Ethereum & IoT: examples, opportunities and IBM initiativeAlexander Hirner
 
How to deal with the impact of digital transformation on networks
How to deal with the impact of digital transformation on networks How to deal with the impact of digital transformation on networks
How to deal with the impact of digital transformation on networks Abaram Network Solutions
 
Supply Chain Security and Compliance for Embedded Devices & IoT
Supply Chain Security and Compliance for Embedded Devices & IoTSupply Chain Security and Compliance for Embedded Devices & IoT
Supply Chain Security and Compliance for Embedded Devices & IoTSource Code Control Limited
 
Security and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of ThingsSecurity and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of ThingsSomasundaram Jambunathan
 
Expert mobility managing wi-fi wearables sensors iot for availability quality...
Expert mobility managing wi-fi wearables sensors iot for availability quality...Expert mobility managing wi-fi wearables sensors iot for availability quality...
Expert mobility managing wi-fi wearables sensors iot for availability quality...Priyanka Aash
 

What's hot (20)

Secure your Future with IoT Security Testing | Application Security
Secure your Future with IoT Security Testing | Application SecuritySecure your Future with IoT Security Testing | Application Security
Secure your Future with IoT Security Testing | Application Security
 
Will Internet of Things (IoT) be secure enough?
Will Internet of Things (IoT) be secure enough? Will Internet of Things (IoT) be secure enough?
Will Internet of Things (IoT) be secure enough?
 
Internet of things
Internet of thingsInternet of things
Internet of things
 
IoT security reference architecture
IoT security reference architectureIoT security reference architecture
IoT security reference architecture
 
Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016
Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016
Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016
 
Iot security requirements will reshape enterprise it security programs
Iot security requirements will reshape enterprise it security programsIot security requirements will reshape enterprise it security programs
Iot security requirements will reshape enterprise it security programs
 
INTEROPERABILITY, FLEXIBILITY AND INDUSTRIAL DESIGN REQUIREMENTS IN THE IoT
INTEROPERABILITY, FLEXIBILITY AND INDUSTRIAL DESIGN REQUIREMENTS IN THE IoTINTEROPERABILITY, FLEXIBILITY AND INDUSTRIAL DESIGN REQUIREMENTS IN THE IoT
INTEROPERABILITY, FLEXIBILITY AND INDUSTRIAL DESIGN REQUIREMENTS IN THE IoT
 
Smart city landscape
Smart city landscapeSmart city landscape
Smart city landscape
 
Fog computing security and privacy issues, open challenges, and blockchain so...
Fog computing security and privacy issues, open challenges, and blockchain so...Fog computing security and privacy issues, open challenges, and blockchain so...
Fog computing security and privacy issues, open challenges, and blockchain so...
 
Frost Entrust Datacard-award-write-up-final
Frost Entrust Datacard-award-write-up-finalFrost Entrust Datacard-award-write-up-final
Frost Entrust Datacard-award-write-up-final
 
IRJET- An Approach to Authenticating Devise in IoT using Blockchain
IRJET- An Approach to Authenticating Devise in IoT using BlockchainIRJET- An Approach to Authenticating Devise in IoT using Blockchain
IRJET- An Approach to Authenticating Devise in IoT using Blockchain
 
LIFT OFF 2017: IoT and MSS Deep Dive
LIFT OFF 2017: IoT and MSS Deep DiveLIFT OFF 2017: IoT and MSS Deep Dive
LIFT OFF 2017: IoT and MSS Deep Dive
 
Iot Security
Iot SecurityIot Security
Iot Security
 
5th Meetup - Ethereum & IoT: examples, opportunities and IBM initiative
5th Meetup - Ethereum & IoT: examples, opportunities and IBM initiative5th Meetup - Ethereum & IoT: examples, opportunities and IBM initiative
5th Meetup - Ethereum & IoT: examples, opportunities and IBM initiative
 
How to deal with the impact of digital transformation on networks
How to deal with the impact of digital transformation on networks How to deal with the impact of digital transformation on networks
How to deal with the impact of digital transformation on networks
 
Supply Chain Security and Compliance for Embedded Devices & IoT
Supply Chain Security and Compliance for Embedded Devices & IoTSupply Chain Security and Compliance for Embedded Devices & IoT
Supply Chain Security and Compliance for Embedded Devices & IoT
 
IBM Xforce Q4 2014
IBM Xforce Q4 2014IBM Xforce Q4 2014
IBM Xforce Q4 2014
 
Security and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of ThingsSecurity and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of Things
 
Expert mobility managing wi-fi wearables sensors iot for availability quality...
Expert mobility managing wi-fi wearables sensors iot for availability quality...Expert mobility managing wi-fi wearables sensors iot for availability quality...
Expert mobility managing wi-fi wearables sensors iot for availability quality...
 
Internet of Things application platforms
Internet of Things application platformsInternet of Things application platforms
Internet of Things application platforms
 

Viewers also liked

Empat rakaat pembuka pintu langit
Empat rakaat pembuka pintu langitEmpat rakaat pembuka pintu langit
Empat rakaat pembuka pintu langitErman Hidayat
 
Textual anaylsis college.
Textual anaylsis college.Textual anaylsis college.
Textual anaylsis college.ElliotBrooks
 
Live africa open golf stream
Live africa open golf streamLive africa open golf stream
Live africa open golf streamberlin_bobbie
 
Eli leon zambrano
Eli leon zambranoEli leon zambrano
Eli leon zambranoeliiiiiiiz
 

Viewers also liked (8)

ABB Converter ASTAT
ABB Converter ASTATABB Converter ASTAT
ABB Converter ASTAT
 
Empat rakaat pembuka pintu langit
Empat rakaat pembuka pintu langitEmpat rakaat pembuka pintu langit
Empat rakaat pembuka pintu langit
 
Textual anaylsis college.
Textual anaylsis college.Textual anaylsis college.
Textual anaylsis college.
 
Live africa open golf stream
Live africa open golf streamLive africa open golf stream
Live africa open golf stream
 
Resiliencia y logoterapia
Resiliencia y logoterapiaResiliencia y logoterapia
Resiliencia y logoterapia
 
Eli leon zambrano
Eli leon zambranoEli leon zambrano
Eli leon zambrano
 
Generative research with product trial
Generative research with product trialGenerative research with product trial
Generative research with product trial
 
Zin
ZinZin
Zin
 

Similar to 151022_oml_reinventing_cybersecurity_IoT_v1p

Block Armour Zero Trust Cybersecurity Mesh for Oil and Gas
Block Armour Zero Trust Cybersecurity Mesh for Oil and GasBlock Armour Zero Trust Cybersecurity Mesh for Oil and Gas
Block Armour Zero Trust Cybersecurity Mesh for Oil and GasBlockArmour1
 
F5 Networks: The Internet of Things - Ready Infrastructure
F5 Networks: The Internet of Things - Ready InfrastructureF5 Networks: The Internet of Things - Ready Infrastructure
F5 Networks: The Internet of Things - Ready InfrastructureF5 Networks
 
Intelligence in the Internet of Things (IoT)
Intelligence in the Internet of Things (IoT)Intelligence in the Internet of Things (IoT)
Intelligence in the Internet of Things (IoT)Mychal McCabe
 
Reconsidering PKI and its Place in Your Enterprise Encryption Strategy
Reconsidering PKI and its Place in Your Enterprise Encryption StrategyReconsidering PKI and its Place in Your Enterprise Encryption Strategy
Reconsidering PKI and its Place in Your Enterprise Encryption StrategyNirmal Misra
 
Cyber Security Challenges on Latest Technologies
Cyber Security Challenges on Latest TechnologiesCyber Security Challenges on Latest Technologies
Cyber Security Challenges on Latest TechnologiesIRJET Journal
 
BIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTING
BIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTINGBIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTING
BIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTINGIJNSA Journal
 
BIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTING
BIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTINGBIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTING
BIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTINGIJNSA Journal
 
Block Armour Zero Trust Cybersecurity Mesh for Telcom
Block Armour Zero Trust Cybersecurity Mesh for TelcomBlock Armour Zero Trust Cybersecurity Mesh for Telcom
Block Armour Zero Trust Cybersecurity Mesh for TelcomBlockArmour1
 
What is the future of IoT connectivity.pdf
What is the future of IoT connectivity.pdfWhat is the future of IoT connectivity.pdf
What is the future of IoT connectivity.pdfCiente
 
Trends in Software Development for 2023
Trends in Software Development for 2023Trends in Software Development for 2023
Trends in Software Development for 2023XDuce Corporation
 
IOT and Security.pptx
IOT and Security.pptxIOT and Security.pptx
IOT and Security.pptxinfosec train
 
IOT and Security.pptx
IOT and Security.pptxIOT and Security.pptx
IOT and Security.pptxInfosectrain3
 
Trends in Software Development for 2023
Trends in Software Development for 2023Trends in Software Development for 2023
Trends in Software Development for 2023XDuce Corporation
 
KSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
KSI for IoT Security - Turning Defence Into Offence - Guardtime WhitepaperKSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
KSI for IoT Security - Turning Defence Into Offence - Guardtime WhitepaperMartin Ruubel
 
Meeting Mobile and BYOD Security Challenges
Meeting Mobile and BYOD Security ChallengesMeeting Mobile and BYOD Security Challenges
Meeting Mobile and BYOD Security ChallengesSymantec
 
Trends in Cybersecurity that Businesses Need to Look Out for in 2023.pptx
Trends in Cybersecurity that Businesses Need to Look Out for in 2023.pptxTrends in Cybersecurity that Businesses Need to Look Out for in 2023.pptx
Trends in Cybersecurity that Businesses Need to Look Out for in 2023.pptxMetaorange
 

Similar to 151022_oml_reinventing_cybersecurity_IoT_v1p (20)

Block Armour Zero Trust Cybersecurity Mesh for Oil and Gas
Block Armour Zero Trust Cybersecurity Mesh for Oil and GasBlock Armour Zero Trust Cybersecurity Mesh for Oil and Gas
Block Armour Zero Trust Cybersecurity Mesh for Oil and Gas
 
F5 Networks: The Internet of Things - Ready Infrastructure
F5 Networks: The Internet of Things - Ready InfrastructureF5 Networks: The Internet of Things - Ready Infrastructure
F5 Networks: The Internet of Things - Ready Infrastructure
 
150819_oml_pki_v1p
150819_oml_pki_v1p150819_oml_pki_v1p
150819_oml_pki_v1p
 
150819_oml_pki_v1p
150819_oml_pki_v1p150819_oml_pki_v1p
150819_oml_pki_v1p
 
Intelligence in the Internet of Things (IoT)
Intelligence in the Internet of Things (IoT)Intelligence in the Internet of Things (IoT)
Intelligence in the Internet of Things (IoT)
 
Reconsidering PKI and its Place in Your Enterprise Encryption Strategy
Reconsidering PKI and its Place in Your Enterprise Encryption StrategyReconsidering PKI and its Place in Your Enterprise Encryption Strategy
Reconsidering PKI and its Place in Your Enterprise Encryption Strategy
 
Cyber Security Challenges on Latest Technologies
Cyber Security Challenges on Latest TechnologiesCyber Security Challenges on Latest Technologies
Cyber Security Challenges on Latest Technologies
 
BIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTING
BIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTINGBIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTING
BIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTING
 
BIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTING
BIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTINGBIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTING
BIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTING
 
Block Armour Zero Trust Cybersecurity Mesh for Telcom
Block Armour Zero Trust Cybersecurity Mesh for TelcomBlock Armour Zero Trust Cybersecurity Mesh for Telcom
Block Armour Zero Trust Cybersecurity Mesh for Telcom
 
Lecture 14
Lecture 14Lecture 14
Lecture 14
 
Cybersecurity in the Age of IoT - Skillmine
Cybersecurity in the Age of IoT - SkillmineCybersecurity in the Age of IoT - Skillmine
Cybersecurity in the Age of IoT - Skillmine
 
What is the future of IoT connectivity.pdf
What is the future of IoT connectivity.pdfWhat is the future of IoT connectivity.pdf
What is the future of IoT connectivity.pdf
 
Trends in Software Development for 2023
Trends in Software Development for 2023Trends in Software Development for 2023
Trends in Software Development for 2023
 
IOT and Security.pptx
IOT and Security.pptxIOT and Security.pptx
IOT and Security.pptx
 
IOT and Security.pptx
IOT and Security.pptxIOT and Security.pptx
IOT and Security.pptx
 
Trends in Software Development for 2023
Trends in Software Development for 2023Trends in Software Development for 2023
Trends in Software Development for 2023
 
KSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
KSI for IoT Security - Turning Defence Into Offence - Guardtime WhitepaperKSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
KSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
 
Meeting Mobile and BYOD Security Challenges
Meeting Mobile and BYOD Security ChallengesMeeting Mobile and BYOD Security Challenges
Meeting Mobile and BYOD Security Challenges
 
Trends in Cybersecurity that Businesses Need to Look Out for in 2023.pptx
Trends in Cybersecurity that Businesses Need to Look Out for in 2023.pptxTrends in Cybersecurity that Businesses Need to Look Out for in 2023.pptx
Trends in Cybersecurity that Businesses Need to Look Out for in 2023.pptx
 

151022_oml_reinventing_cybersecurity_IoT_v1p

  • 1. Reinventing Cybersecurity in the Internet of Things 151022_oml_v1p | Public | © Omlis Limited 2015
  • 2. 1151022_oml_reinventing_cybersecurity_IoT_v1p | Public | © Omlis Limited 2015 Reinventing Cybersecurity in the IoT By 2020 the IDC predict that the IoT will incorporate 200bn sensors – most of which will be communicating over open networks. This mass of connected devices will be doubly susceptible as their physical security parameters will be exposed as well as their software based security mechanisms. It’s further predicted that by 2016, 90% of all IT networks will have experienced a breach stemming from the IoT. 1 These figures clearly illustrate that the mass production of IoT (Internet of Things) devices is accelerating beyond the capabilities of traditional security protocols, which have been left floundering in the wake of innovation. A number of security propositions have been mooted to assist in narrowing the gap, with few as compelling as Omlis’ mobile-first core technology. As the connected world continues to churn out increasing amounts of sensitive data, Omlis’ core technology will grow as a key enabler, neatly bundling the most powerful encryption and authentication qualities which this valuable data demands – as recognized by leading cloud infrastructure and IoT platform provider SoftLayer through our recent collaboration. The IoT is a media-friendly term which has very little prescriptive meaning, yet it perfectly captures the notion of a wild proliferation of non-uniform devices involved in open networks. Pulling this array of exposed devices into the safe realms of a secure network was never going to be an easy task. It would appear that we need to treat such a diverse ecosystem on a case-by-case basis, classifying in terms of risk and applying the appropriate security mechanisms. It’s implausible for the IoT to adopt some kind of ‘silver bullet’ security concept such as an evolved version of a PKI (Public Key Infrastructure) which would act as a panacea for all security concerns; practicalities will demand a layered approach, with different devices requiring different levels of protection according to capability and the value of the data being transmitted. Separating ‘mission critical’ aspects from sensors which may be involved in low risk networks with low risk applications seems a logical step. Encryption algorithms need to retain their basic strength whilst exhibiting a small software footprint which doesn’t place too high a demand on the processor; in addition, robust encryption needs to be supported by strong mutual authentication techniques for machine registration and updates. Methods such as digital certificates will inevitably have a place in the early stages, before we’re driven to define more practical methods of machine based authentication. An adaptable security architecture is the best response to the threat emerging from a complex mixture of devices operating over open networks. This in turn requires a number of solution providers the key enablers will be those firms which can successfully marry the core characteristics of their technology with the needs of the IoT. Many of these pioneers will come from the mobile-first security sector on the grounds that their core security platform enhances the offerings of more traditional mobile services; as was the case with Blackberry and the Good Technology acquisition. The idea of a collective response is becoming clear. VMWare enhanced their mobile base with the acquisition of AirWatch in recognition that the mobile would become the ‘remote control’ for the connected world 2 , and similarly, companies such as Hitachi are also looking to harness the synergies of complimentary industries to enhance their IoT offering; they recently acquired Pentaho Corp for their ability to analyze collated IoT data. As more and more data becomes ‘sensorized’ Omlis’ mobile-first design principles and core technology will increasingly represent an excellent fit for high value, mission critical IoT applications.
  • 3. 2151022_oml_reinventing_cybersecurity_IoT_v1p | Public | © Omlis Limited 2015 Problems With Securing the IoT and the Shortcomings of Traditional Methods Many of the sensors in the IoT don’t have the computational capacity to implement any form of complex cryptography with interpretation and encryption of data duties falling on the smartphone or web-based device in front of the sensor. Of the sensors which do, traditional encryption delivered through protocols like SSL / TLS is often too much of a burden on low processing power. Traditional security mechanisms such as PKI are trying to adapt and frantically rediscover themselves with new methodologies such as elliptic curve cryptography using reduced key lengths. Omlis on the other hand offers an entirely new solution which isn’t conditioned by the demands of outdated architectures and is suited to the emerging practicalities of IoT security. PKI is buckling under the weight of heavily manual processes already, and its methodology will be further tested by the IoT, for which it was never designed. If PKI is to be used in the IoT, it will represent a shift from a near universal human user base, to tens of billions of additional interconnected non-human devices. The design remit for PKI was very much for public consumption and how we secure what effectively represents a seismic population growth is a question which cybersecurity vendors need to answer. Whereas a few years ago, certificates were the domain of servers, laptops and personal computers, they’re now commonplace in everything from TVs to medical equipment. There’s a fundamental difference between PKI setup for public usage and PKI in a closed or M2M (Machine-to- Machine) sense in the fact that humans can’t interfere as easily. This could be construed as a good thing or also as something which could be disastrous in terms of device registration, authentication, cloning and malicious substitution. 3 Highvolumeissuanceofcertificatesonthemassproduction lines of IoT devices would represent an extremely awkward process and the ongoing management of these certificates would be particularly difficult, especially with regards to revocation. Providing lifetime certificates is an option but is wholly inappropriate due to increasing calls for lifecycle management. PKI might be suited to many low value IoT communications if it can be repackaged for devices which have low processing power and thus limited ability to continually generate keys, but for data that demands complete integrity it’s far from ideal. This question of how to provide a unique identifier for each IoT object is therefore very much open and as yet unanswered. Solutions such as DNSSec have been touted as a method of securing crowded networks and guaranteeing communications between client and server but is hugely susceptible to eavesdropping. This leaves the door open for more targeted solutions such as those offered by Omlis, which can wrap robust encryption of data with mutual authentication and lifecycle management. Omlis’ software defined core technology can be tailored in such a manner that it can perform state of the art key management and authentication from low power devices using robust encryption. This facilitates the safe transfer of remote software updates and enhanced mobile device access, whilst at the same time negating the threats we associate with open networks and malware.
  • 4. 3151022_oml_reinventing_cybersecurity_IoT_v1p | Public | © Omlis Limited 2015 Industry Specific IoT Security Issues Automotive: Remote Software Updates The automotive industry is often cited as one of the emerging areas for connectivity, with ‘Autonomous Cars’ assuming the pinnacle of the Gartner 2015 ‘Hype Cycle’ 4 , but security issues are beginning to overshadow this sense of opportunity. Quite pertinently, SDS (Software Defined Security) follows on the heels of Autonomous Cars, highlighting how security has lagged behind product innovation. As cars become increasingly connected, clear security gaps have appeared, particularly in terms of remote software updates, digital rights management and highly publicized cyber-physical attack vectors. Tesla’s connected cars provide an active example of how vehicle infotainment and telematics have fully incorporated mobile technology, with the Model S regularly receiving software updates over-the-air in a near identical manner to the updates you’d receive on your smartphone. When updates impinge on cyber-physical features such as steering, autopilot and collision avoidance, it’s clear that strong authentication and encryption need to be high priority. The need for wireless patching and remote updates will become ever more pressing as cars and IoT devices in general acquire increasing amounts of complex software. Because this software is attached to high value / high liability products, mass car recalls have sometimes been the only option in terms of securing a mission critical update. The growth of these recalls in recent years exhibits the manufacturer’s inability to update remotely through wireless patches. BMW recently updated its wireless patch distribution system to use https, which shows that despite taking an industry lead, even the most conscientious manufacturers are still behind the times in terms of actually applying security in the first place. A recent HP research project pointed out that 60% of the IoT devices they studied didn’t use any form of encryption on software updates. 6 Omlis’ core technology can provide the levels of strong mutual authentication which is required for secure software updates, guaranteeing that products are communicating with the intended source and encrypting communications throughout the entire product lifecycle.
  • 5. 4151022_oml_reinventing_cybersecurity_IoT_v1p | Public | © Omlis Limited 2015 Healthcare: Mobile Device Access and Authentication According to MarketResearch.com there will be a $117bn market for IoT in the healthcare sector by 2020, but this kind of growth is fully dependent on security as the great enabler. As well as the latent privacy issues associated with such personal information, health records are estimated to be worth ten to twenty times more than credit card details, with criminals using stolen records to file fake insurance claims or illicitly buy drugs or equipment. At present, many of the leading wearables issued by commercial firms such as Fitbit don’t tend to fall under the scope of global data protection acts. These wearables transmit to server databases which aren’t used by health practitioners so the information has very few compliance issues. However, if this information is redistributed to professional health practitioners, then the data becomes sensitive. Many of these wearables are known as ‘headless devices’ with little or no user interface and an inability to exchange credentials 6 . They rely on beaconing out to a smartphone (or similar device) via Bluetooth in order to enroll into a network, which then places the primary security demands on the phone. According to Symantec’s ‘Insecurity in the Internet of Things’ whitepaper, 84% of analyzed IoT devices offered a smartphone application 7 , bringing us back to the idea of the smartphone as the ultimate remote control. Connected healthcare is an emerging industry where mobile-first security vendors such as Omlis are ideally positioned to help guide what equate to fairly scant data security standards in terms of mobile device access and authentication. Industry and Infrastructure: Securing and Encrypting Data over Wi-Fi It’s telling that Dell Security gave special attention to the concept known as SCADA (Supervisory Control and Data Acquisition) in their 2015 Annual Threat Report, noting that attacks on systems increased from 163,228 incidents in 2013 to 675,186 in 2014. Buffer overflows, cross-site scripting and cryptographic issues all featured prominently amongst the most common attack methods. 8 SCADA formed the early foundations of the IoT in both industry and infrastructure. The vision and scope of this concept has grown exponentially with the incorporation of connected devices and the lines between SCADA and the IoT are increasingly beginning to blur. SCADA was traditionally used over Local Area Networks and Wide Area Networks, with appliances being wired up to a central control system, as in traditional M2M communications. Since then there’s been a clear move to more distributed architectures which has meant that SCADA is encountering increased usage over Wi-Fi networks. Connections to Wi-Fi are obviously more dangerous and less reliable, with many advising against it entirely for industrial applications. Nevertheless, Wi-Fi’s growing role in SCADA applications is acknowledged as an inevitable consequence of the IoT, particularly in those sectors which are slightly less critical than heavy industry or military. Once again, Omlis’ core technology can provide reassuring levels of machine-based mutual authentication, whilst securing and encrypting data over Wi-Fi; all of which can empower the advancement of the IIoT (Industrial Internet of Things).
  • 6. 5151022_oml_reinventing_cybersecurity_IoT_v1p | Public | © Omlis Limited 2015 “One of the main challenges the IoT faces is the reduced footprint on which a secure solution must run whilst providing security and protecting privacy. Wearables and other embedded electronic devices have cost constraints that limit the size of the CPU and the memory. In these conditions, only tailored solutions can be effective. Omlis is the only provider bringing a fully secure solution bundling key management, mutual authentication and encryption to the IoT. Omlis offers a dedicated answer to a very specific need of security and compactness. ”Stéphane Roule, Senior Technical Manager How Omlis Addresses the IoT’s Insecurities Omlis’ core technology has already showcased its ability to secure the channel between client and server via the cloud with the recent release of SEM (Secure Enterprise Messenger) on the IBM Bluemix platform. The true value Omlis brings to the IoT is our software- defined capability to wrap the strongest cybersecurity traits into one tailored solution with the lowest imprint on memory and processing power. For example, strong mutual M2M authentication is a discipline which the Omlis core technology can potentially satisfy to a greater degree than any current solution provider using our innovative authentication protocols. The security of the Wi-Fi network is less critical because of our innovative key management and key exchange protocols. Unique keys are generated at the point of transaction and due to the design of our distributed architecture, actual keys are never sent over the network and are never stored on the client or server side; so even if a MitM (Man-in-the-Middle) attack takes place on a relatively unguarded device, the hacker will fail to retrieve any meaningful information. This method of generating keys at both ends of the communications channel, means that Omlis never transmits sensitive data in plaintext and information related to transaction keys can be erased from memory as soon as it becomes redundant. Furthermore, Omlis’ high integrity design principles and embedded software make security less dependent on the increasingly vulnerable Operating System thus increasing resistance to malware. The Omlis core technology can package its powerful characteristics into the IoT architecture in a manner which older legacy solutions will struggle to achieve.
  • 7. 6151022_oml_reinventing_cybersecurity_IoT_v1p | Public | © Omlis Limited 2015 1. https://www.idc.com/getdoc. jsp?containerId=prUS25291514 2. http://blogs.air-watch.com/2014/10/airwatch- vmware-signs-enable-iot-enterprise/#. ViEHS36rSUk 3. http://www.researchgate.net/ publication/279063057_Enforcing_Security_ Mechanisms_in_the_IP-Based_Internet_of_ Things_An_Algorithmic_Overview 4. http://www.gartner.com/newsroom/id/3114217 5. http://www8.hp.com/h20195/V2/GetPDF. aspx/4AA5-4759ENW.pdf 6. http://www.copperhorse.co.uk/the-quandaries- of-headless-iot-device-provisioning/ 7. https://www.symantec.com/content/en/ us/enterprise/media/security_response/ whitepapers/insecurity-in-the-internet-of- things.pdf 8. https://software.dell.com/docs/2015- dell-security-annual-threat-report-white- paper-15657.pdf References Contributors The following individuals contributed to this report: Stéphane Roule Senior Technical Manager Nirmal Misra Senior Technical Manager Paul Holland Analyst Jack Stuart Assistant Analyst
  • 8. Omlis Third Floor Tyne House Newcastle upon Tyne United Kingdom NE1 3JD +44 (0) 845 838 1308 info@omlis.com www.omlis.com © Omlis Limited 2015