Security in the the IoT generation
Blog: Capgemini CTO Blog
We are all familiar with the term “Internet of people”. Every minute there are around 4 million posts being shared in facebook, around 0.5 million tweets, 100 hours of new videos being uploaded. You might even share read this article via one of the social media. This is no doubt the this was a successful revolution.
Nowadays we are in the revolution of “Internet of Things” (IoT). Basically, “Things” can communicate between them. For example, Lighting system can dim and adjust the lights in your living room for a nice atmosphere, cars are able to be self-driven and so on. The estimates are that by 2020 will be around 100 billion IoT devices being used (account for nearly half or more of connected devices).
The growth of Internet of Things (IoT) in our daily life creates immense opportunities and benefits for our society. However, IoT security has not kept up with the same rapid pace of innovation and development. This situation creates substantial security flaws and putting our privacy at risk. We hear in the last year lot of news about security breach, documents being stolen, hospitals and power plants being shut down due to cyber attacks, click for more info. Today everyone can be an hacker even without deep technical knowledge; download some script and just run it (so called script-kiddies). “Things” that are suppose to protect us (home security camera) are opening doors for new types of thieves. This happens because software is not secured good enough.
As engineers, we should emphasise security from day one. Or in other words, secure by design. In order to make IoT more secured we have to re-think or focus about few elements.
When we build an IoT device we need to consider 3 main pillars.
- Confidentiality — We have to allow access only to data or functionality for which the user is permitted. That means use of better authentication. For example, authenticate using two factors — something that the user “know” (password) and something that the user “have” (send SMS to a phone). At the moment many devices use default username and password which are rarely changed. Second one is
- Integrity — We need to ensure data is not tampered or altered by unauthorized users.
- Availability — We need to ensure systems and data are available to authorized users when they need it.
This is especially important because we are also moving to edge of distributed systems. There is too much data being collected and the cloud solution cannot process it efficient and fast enough. Consider a self-driving car which collects images for navigation, to send it to the cloud, process it, and send it back it takes too long. So each device will be able to manage micro processes by itself. Therefore the device itself will have to be protected and not only the cloud.
Another important aspect is securing IoT networks — IoT network security is a bit more challenging than traditional network security because there is a wider range of communication protocols and standards. We need to protect those new end-points using traditional methods, but also create new innovative ways. For instance, we can monitor the network and detect suspicious behaviours using artificial intelligence.
We are living in exciting times. Things that till recently would be possible only in hollywood exists in real life. However, companies and engineers have to take more responsibility and focus on protecting users and their data, together with better regulations. Not because it is easy, but because it is necessary.