Stories about security breaches involving Internet of Things implementations hit the news periodically, usually when the impact is significant enough to attract media attention or when the reason for the problem draws interest (unauthorized entry via an IoT device into an enterprise, for example). Device security is essential, but for most IoT solutions, the need for security doesn’t end there.
For this article, let’s assume we are looking at the security of a typical IoT application with devices linked wirelessly to a gateway. This gateway then communicates to a network server in the cloud, which sources the data to a cloud application environment.
Access Control
Access control is a universal security concept, applying to all multi-user systems, allowing only authorized users and, at more granular levels, controlling what they can do within particular software and hardware environment. Any proper implementation, whether for IoT or other purposes, controls access with comprehensive user management capability.
There are some critical access control requirements for IoT, like specifying the users who can access devices. All users may be able to see the devices in the application and the data they generate, but there may be a need to restrict some to “read-only.” By using hierarchies, higher-level users may get more capabilities like downloading sensor data, performing updates to device software, or sharing data with external parties.
Encryption
Encryption is the conversion of a representation of data, typically in a readable or meaningful format, into a format requiring deciphering to access the original information. Encryption schemes usually use an encryption key generated by an algorithm. Although it’s not impossible to decrypt the message without possessing the key, state-of-the-art encryption requires considerable computational resources and skills to decipher.
Encryption should be at the core of every IoT application, aspiring to a state where there is full encryption of all data in storage (“at rest”) and during transmission (“in transit”). Popular encryption methods include Advanced Encryption Standard (AES) and Transport Layer Security (TLS).
Key & Certificate Management
Every device needs a key, which is a trusted, verified, unique identity. A certificate includes information about the key, the owner’s identity, and the entity’s digital signature that verifies the certificate’s contents.
A Key and Certificate Management platform implements policies and practices for creating, developing, transferring, and accounting for cryptographic items (keys and certificates) for IoT devices and systems. This platform should be both an easy-to-use and comprehensive means to monitor and control certificates and keys within the organization.
Of course, this platform needs well-defined access control roles or features for the system’s information and allowable actions. An administrator with full access can manage all functions for specific keys and certificates, including generation, renewal, distribution, revocation, and destruction.
Administrators should have the ability to check their network/infrastructure and identify all keys and certificates currently in use. Robust reporting enables tracking certificates and key lifetimes. Alerts should inform the necessary parties before a certificate or key expires.
IoT security administrators should be able to recover certificates and keys that are no longer operational for business purposes, analysis, and, in some cases, for forensics.
Device Security
Every device needs a key, which is a trusted, verified, unique identity. These keys are an essential element of IoT security and need protection from discovery and manipulation.
Security for a device put into use begins with enrolling a device into the system (“provisioning”). Doing this securely means only allowing the registration of devices that present the proper credentials. Another provisioning feature is applying a policy to authorize actions such as connect, publish, subscribe/unsubscribe, etc.
Adding a device to a system usually requires further configuration by the end-user with attributes such as its name, location, and other application-specific settings. Access control also governs which users can perform these activities.
Once a device is in service, adequate monitoring and diagnostics are vital to minimize the impact of security issues. Monitoring network statistics can also indicate possible device security breaches.
A vital part of maintenance is the ability to update device software securely. New releases, patches, etc., often contain fixes for security gaps or updates to protect against new threats. The quick and efficient application can mean the difference between minor problems and full-blown compromises or failures. Issuing a command to update or reload firmware is very important to maintain the security of the remote device, implement feature enhancements, and patch bugs.
For networks without Firmware Over The Air (FOTA) capability, disabling remotely or denying access to the system may be the only actions possible. The next step to addressing the security issue may be applying a software update by close or direct connection or replacing the affected units.
Resetting is often the way to remedy an issue, either to achieve a known-good state to recover from errors or, in extreme cases, to reset to the default factory configuration. In some cases, these actions may be the only way to get to a point where configuration changes are appliable. Being able to perform resets for groups of devices will save valuable time.
Authentication
Authentication in IoT is granting access to endpoints by verifying a “token.” Typically, a user first authenticates at the application or system level via a typical access method such as user id and password. The authentication server then provides a token to the accessing user to include in API calls to verify permission to access.
Authentication using a token is beneficial by preserving the user/client’s identity, removing the need to store a user password, and avoiding the transmission of any reusable credentials.
Auditing
Periodic audits of security effectiveness and processes from a hardware and software perspective help keep security in focus. How have your security updates been administered? Were they timely? Are they still effective? When issues occur, do processes (and supporting documentation) change?
Alerting
Throughout the entire hardware and software environment, alerts should notify about specific activities and alarm when activities fall outside established policies. Class-leading IoT applications provide full visibility to alerts with the ability to look at groupings, geographies, and other summary data to assess the scope.