Deriving more value from real world evidence to ensure timely access of medic...
Wireless security and the internet of things nick hunn
1. Wireless Security and the Internet of Things
Nick Hunn
WiFore Consulting
Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013
2. The Legal Requirement
In the EU proposal for the revision of the R&TTE directive, it states that:
Article 3
Radio equipment shall be so constructed that it complies with the following essential
requirements:
(c) radio equipment incorporates safeguards to ensure that the personal data and
privacy of the user and of the subscriber are protected;
https://www.gov.uk/government/consultations/radio-equipment-directive-proposal#download
http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2012:0584:FIN:EN:PDF
Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013
3. Some examples of what has been hacked
• Pacemakers
• Insulin Pumps
• Weir Gates
• Set Top Boxes
• Fitness Monitors
• Smart Meters
Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013
4. The Consequences of Hacking
• People know where you are.
• People know where you aren’t.
• People know who you’re with.
• People know what you’re doing.
• People think you’re someone else.
• Your lights go out.
• Your bills go up.
• Things stop working.
• Things start working differently.
• Your business fails.
Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013
5. What is the Internet of Things?
Some are born with Sensors,
Some acquire sensors, and
Some have sensors thrust upon them.
Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013
6. Machine to Machine (M2M)
Many current M2M deployments are cellular
Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013
7. Appcessories and The Quantified Self
Consumer growth is most likely to come from the world of Appcessories.
Find out more about Appcessories at http://www.nickhunn.com/2ubiquity
Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013
8. The Smart Home
It will take time coming, but homes will get monitored.
Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013
9. To 40 billion and Beyond
Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013
10. The missing 25 billion may be “Desirable”
Annual Sales of Appcessories
14,000
12,000
10,000
8,000
Millions
6,000
4,000
2,000
-
2014 2015 2016 2017 2018 2019 2020
Source: WiFore Consulting
Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013
11. Which gives 40 billion opportunities to
steal or corrupt someone’s data.
Every second of every day
Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013
12. Addressing Security
Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013
13. The Topology of the Internet of Things
dB
& App
Sensors
Where cellular is Integrated with sensors it will remove
some steps in the chain.
Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013
14. The Simple Case of the Smart Thermostat
Senso
Gateway Router
r
Boiler PC
PCT
Switch
Installer Supplied Customer Supplied
Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013
15. The Backend Environment
Phone
External
Web Interface Service
Provider
Router
I/O Application
Manager dB & Analysis
3rd Party Data
MDMS, etc.
Device Security
PC Manager Manager
Service Provision
Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013
16. And don’t forget the Weak Link…
Phone
PC
Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013
17. “Elements of Security”
• Most IoT architectures consist of a collection of separate,
connected elements, each of which may have their own
security.
• Systems composed of “Off the Shelf” components
generally have different levels of security, which need to
be stitched into a whole. This can be trickier than
designing from scratch.
• The order of installation can be critical. But
guaranteeing the correct order may be impossible.
• Existing security of wireless may be a false security.
Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013
18. The AES128 Datasheet
Misconception
“But I’m using Wi-Fi / Bluetooth / ZigBee.
That’s got security built in.
Why do I need to do anything else?”
Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013
19. Practical Considerations
Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013
20. Build a Security Model
• You MUST develop a complete end-to-end security model. Just
implementing Wireless security is not enough.
• Write an RMADS as soon as you’ve done your first draft of system
architecture, and then reiterate both until they work and are
consistent.
• Consider device management, end to end authentication and link key
management.
dB
& App
BTS / WPA2 TLS TLS / PW
Encryption / Authentication
Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013
21. Design for Autonomous Operation
X X
X X
dB
& App
Think about what happens when:
• Internal or external comms links or the web service fail
• The mobile phone goes out of the house
• The gateway / router fails or is replaced
• The consumer moves home
The consumer expects their HVAC and lights to continue working
Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013
22. Security & Usability
• No security makes getting to 40 billion devices easy.
• High security makes it very difficult.
But…
• Major security failures scare customers and may kill the
market altogether.
If the reaction to new security threats is
simplistically to add even stronger protection, then
the costs of that additional security will result in
M2M solutions that are not economically viable.
Beecham Research 2013
www.beechamresearch.com
Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013
23. And…
• Pairing remains the biggest problem for most wireless
products, both in terms of usability and security.
• Many of these IoT & M2M products will have much longer
lives than current consumer products. That means that new
components will be added to the system and existing ones
replaced. That is a security challenge.
• More security = more processing = shorter battery life.
• Make sure that firmware updates don’t compromise the
security. Or that the security model doesn’t prevent them
being deployed.
• Remember that many of these devices may have NO user
interface.
Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013
24. But…
Annual Sales of Appcessories
14,000
12,000
10,000
8,000
Millions
6,000
4,000
2,000
-
2014 2015 2016 2017 2018 2019 2020
If we get it right, the market is five times bigger than the mobile phone
market. It’s worth getting it right.
Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013
25. Questions?
Nick Hunn
CTO
mob: +44 7768 890 148
email: nick@wifore.com
web: www.wifore.com
www.wireless-book.com Creative Connectivity Blog:
www.nickhunn.com
Wireless Security and the Internet of Things – Cambridge Wireless 18th April 2013