This document provides an overview of IoT security. It begins with defining IoT and describing how physical objects are connected to the internet. It then discusses current IoT usage and forecasts significant future growth. The document outlines several IoT security risks and vulnerabilities, such as insecure interfaces, lack of encryption, and poor physical security. It recommends best practices for IoT security including implementing device and user authentication, access controls, encryption, and regular software updates. Overall the document introduces the topic of IoT security and some foundational aspects to address related risks.
3. IOT Overview
• Physical objects + Controllers, Sensors, Actuators + Internet = IoT.
• The IoT (sometimes also referred to as the Internet of Everything) is a network of physical
objects (or “things”) embedded with electronics, software, sensors, and connectivity which
enable those objects to exchange data with the operator, manufacturer, service provider,
and/or other connected devices.
• The IoT is based on the infrastructure of the International Telecommunication Union’s (ITU)
Global Standards Initiative (IoT‐GSI).
• The IoT‐GSI covers devices and objects connected over multiple communications protocols —
such as personal computing devices, laptop or desktop computers, tablets, and smartphones
— as well as devices that are connected to each other through other protocols, such as
Bluetooth, ZigBee (an open, global wireless standard), Long Range Wide Area Network
(LoRaWAN), and SIGFOX.
• IoT devices (or nodes) often operate without a screen or any user interface at all, may rely on
battery power for operation, and are usually dedicated to a single task.
• IoT devices are typically described as “smart objects, edge devices, or connected devices”.
4. IOT Drivers
• What makes an IoT device smart typically falls into one or more
of the following functional areas:
• Monitoring
• Control
• Optimization
• Automation
• The IoT is enabled by numerous technology trends:
• Devices are cost effective
• Infrastructure is in place and new infrastructure is being
built to support future technology needs.
• The evolution of functions is in line with user
expectations (for example, smart watches that provide
multiple services and applications).
5. IOT Present & Future
Future
• 75% of companies are
already exploring the IoT.
• 15 % of companies already
have an IoT solution in place
• (21 % of transportation &
logistics companies)
• 53 % plan to implement one
within the next 24 months,
and another 14 % in the next
two to five years.
6. IOT Smart
Application
Healthcare & Wellbeing, e.g. Angel Sensor, Fitbit, Hexoskin, Intraway,
Jawbone, Nymi, InKol Health Hub, Pebble, Philips Lifeline, Withings,
Zebra MotionWorks,
Home & Building, e.g. Belkin, Nest, Neurio, Quirky, Sensorflare, SMA,
SmartThings, Vivint, WallyHome, Withings, ZEN Thermostat,
City & Community, e.g. Bigbelly, Bitlock¸ FUKUSHIMA Wheel, Kiunsys,
Placemeter, Silver Spring Networks, Waspmote,
Utilities, e.g. Enevo, Mayflower CMS, MeterNet, Osprey Informatics,
Paradox, Trilliant,
Environment, Agriculture & Livestock, e.g. FilesThruTheAir, Fruition
Sciences, OnFarm, Semios, Topcon Precision Agriculture,
Car & Transportation, e.g. Audi, CarKnow, Connected Rail, Dash drive
smart, Delphi Connect, Ericsson, Libelium, Logitrac, PowerFleet,
Industry & Services, e.g. Argon Underground Mining Safety, Condeco
Sense, DAQRI’s Smart Helmet, Numerex, Perch.
11. IOT Challenges
• The economy promotes weak security
• Security is difficult, especially for new businesses;
• IoT systems are complex and each part must be secure
• The security support is not always maintained
• The consumer's knowledge of IoT security is weak
• Security incidents can be difficult to detect or resolve for
users
• Existing legal liability mechanisms may not be clear.
12. Problems of IoT Security
• Insecure Web Interface
• Insufficient Authentication/Authorization
• Insecure Network Services
• Lack of Transport Encryption
• Privacy Concerns
• Insecure Clould Interface
• Insecure Mobile Interface
• Insufficient Security Configurability
• Insecure Software/Firmware
• Poor Physical Security
13. Foundation for IoT
Security
• Device has a validated identity
• IoT platform has a validated identity
• Mutual authentication for
communication
• Encrypted and signed messages
• Secure execution environment (devices
& IoT platform)
• Secure software management /
distribution
• State-of-the art network & system
security (firewall, hardening)
• Role based access control
• Secure management access
14. IOT Security – Key Areas Of Consideration
• The Internet of Things Device
• The Cloud
• The Mobile Application
• The Network Interfaces
• The Software
• Use of Encryption
• Use of Authentication
• Physical Security
• USB ports
15. IOT - Liability
• The security flaws of IoT and its ability to perform certain tasks open the door
to any associated liability.
• The three main areas of concern are device malfunction, attacks, and data
theft.
• These issues can result in a wide variety of damages.
• Cyber Attacks
• IoT devices expose an entire network and anything directly impacted to the
risk of attacks.
• Some of the most effective measures against attacks prove simple:
• Built-in Security − Individuals and organizations should seek hardened
devices, meaning those with security integrated in the hardware and
firmware.
• Encryption − This must be implemented by the manufacturer and through
user systems.
• Risk Analysis − Organizations and individuals must analyze possible threats in
designing their systems or choosing them.
• Authorization − Devices, whenever possible, must be subject to privilege
policies and access methods.
16. IOT Security
Tools
• The common security tools that
are in use are:
• Encryption
• Password Protection
• Hardware Security Modules
• Two-factor authentication
• Secure elements
• Data erasure
• PKI Certifications
• Biometrics
• Hardware Crypto processor
• Blockchain