Attend an IoT event and it’s a safe bet that at least one of the talks will prominently feature hand wringing, humor or despair about the security of IoT endpoint devices. Speaking at the Linux Foundation’s Open Source Leadership Summit, security expert Bruce Schneier went so far as to suggest that maybe a new government agency is needed in the U.S. to figure all this out. (Not usually a popular sort of proposal in a room full of techies.)
Working toward improved IoT device security is an important goal. And one that needs to consider not just security out of the box but over a device’s lifecycle. Indeed, it’s not optional with devices that are part of safety-critical systems. Power plants, automobiles and healthcare systems need comprehensive defense in depth that extends from centralized management systems through individual sensors and controls.
Work on IoT security and identity management includes the development of new standards. For example, Enrollment over Secure Transport (EST), is a new standard (RFC7030) designed to improve the lifecycle management of digital certificates, a key element for secure communications. One of the challenges is that there are many different classes of edge device. Some are connected all the time. Others are not. Some are plugged in. Others need to operate for extended periods on the stored energy of a small battery.
But we also need to be realistic as we consider lower-cost and higher-volume devices. You know that off-brand webcam, temperature sensor or light bulb with $1 worth of networking computer you or your business bought? Guess what. It’s not going to be reliably and consistently updated over a 20-year lifecycle. Heck, you’re probably lucky if its firmware is current against today’s security vulnerabilities by the time it gets into your hands.
One option is to basically ignore the potential issue. This may not even be unreasonable in the case of sensors that deal in non-sensitive data. So long as there’s no ability to change the temperature, the fact that someone can observe the temperature in an office building may not be a serious problem.
However, many IoT devices are full-fledged computers (albeit small and cheap ones) with a network stack. This allowed, for example, compromised webcams to be used in a botnet attack last year. (Attackers appear to have cracked logins using easy-to-guess default passwords — another common issue with IoT device security.) Even when exposing data isn’t a big concern, taking over the device can be.
Devices that control things are more problematic. It’s easy to envision the damage that could be done by turning off even a single building’s heat during the winter. But even individually innocuous actions taking place at internet scale can potentially cause serious problems for utilities and other interconnected systems.
The systematic solution will often include isolating the endpoint devices from the network using some sort of gateway. Gateways are already a topic in IoT conversations for a variety of other reasons. For example, in industrial IoT applications, gateways can preprocess and filter device data or take real-time action in response to data.
Such a three-tier architecture puts real-time control physically closer to where it’s needed. This potentially decreases latency and increases predictability. Furthermore, by reducing the quantity of data transmitted over the network to run predictive analytics and to monitor historical trends, network bandwidth needs and costs can be reduced.
With respect to security, a gateway can also intermediate between devices and the public network. Consumer and small business-class gateway devices will doubtless continue to have their own vulnerabilities. (How many residential routers still use their factory defaults?) However, gateways will typically have more processing power, memory and overall capabilities than devices. They won’t typically be power constrained and can implement features like firewalls to protect against certain types of attacks.
A gateway isn’t a security panacea, but it brings us closer to traditional computer management and patching practices than will often be the case with devices. And, as an industry, we know how to do those things — whether we always do or not.
None of this should be taken as a virtual shrug with respect to the security of the endpoint devices themselves. But we need to have a Plan B for when that security breaks down. As it will. And approaching IoT as an architecture in which we can protect devices behind a gateway is a good start.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.