Emerging Technology News Articles Reviews read
Here we look into emerging technology and known issues facing organizations and people. Emerging Technology News Articles Reviews read
Internet of Things
8 Critical IoT Security Technologies
The growth of IoT devices coupled with the rise in cyberattacks means that system security cannot be engineered after the design.
A recent report by Gartner predicts that there will be 20.4 billion connected Internet of Things (IoT) devices by 2020, with 5.5 million new things getting connected every day. Furthermore, more than half of major new business processes and systems will include an IoT component by 2020.
The need for more robust measures to secure IoT embedded devices was confirmed by recent Forrester’s TechRadar research that defined the use cases, business value, and outlook for the 13 most relevant and important IoT security technologies.
Growing Security Threat
In the last few years, many well-publicized cyberattacks have demonstrated the risks of inadequate IoT security. Perhaps the best known as the “Stuxnet” attack, which targeted industrial programmable logic controllers (PLCs) in an Iranian uranium enrichment facility. Experts believe that Stuxnet destroyed up to 1,000 centrifuges connected via wide-area networks (WANs) to PLC devices running the Windows operating system on standard PC platforms.
Securing the IoT
Securing the Internet of Things is a tricky business. Take the fact that IoT devices come in every shape, size, and function. This makes traditional end-point security models impractical.
- Network security: IoT networks are predominately wireless now, as wireless overtook wired global internet traffic back in 2015. This makes security far more challenging than with traditional wired networks due to the variety of emerging RF and wireless communication protocols and standards.
- Authentication: IoT devices must be authenticated by all legitimate users. Methods to achieve such authentication range from static passwords to two-factor authentication, biometrics, and digital certificates. Unique to IoT is that devices (e.g., embedded sensors) will need to authenticate other devices.
- Encryption: Encryption will be needed to prevent unauthorized access to data and devices. This will be difficult to ensure due to the variety of IoT devices and hardware profiles. Encryption must be part of a complete security management process.
- Security-side-channel attacks: Even with adequate encryption and authentication, another threat is possible, namely, side-channel attacks. Such attacks focus less on information transfer and more on how that information is being presented. Side-channel attacks (SCAs) collect operational characteristics—execution time, power consumers, an electromagnetic emanation of the design to retrieve keys, and fault insertion—to gain other insights into the design (Fig. 2).
- Security analytics and threat prediction: Not only must security-related data be monitored and controlled, but it must also be used to predict future threats. It has to complement traditional approaches that look for activities that fall outside of an established policy. The prediction will require new algorithms and the application of artificial intelligence to access non-traditional attack strategies.
- Interface protection: Most hardware and software designers access devices via an application programming interface (API). Securing these interfaces requires the ability to authenticate and authorize devices that need to exchange data (hopefully encrypted). Only authorized devices, developers, and applications should be capable of communication between secure devices.
- Delivery mechanisms: Continuous updates and patches will be needed to deal with the constantly changing tactics of cyber attackers. This will require expertise in patches, essentially fixing gaps in critical software on the fly.
- System development: IoT security requires an end-to-end approach in the network design. Also, security should be a full product-lifecycle development activity, which becomes difficult if the product is only a smart sensor. Security is still an afterthought for most designers, something that follows the implementation (not design) phase. It’s critical that both hardware and software be considered in these secure systems.
Summary
The rapid growth of IoT devices and the challenges posed by wireless connectivity among these devices necessitates an expanded focus on cybersecurity. The eight key critical IoT security technologies presented here are a combination of traditional and newer methods and tools that work to truly secure the IoT.