Internet of Things security architecture

Download Our Guide and Overcome IoT Security Challenges

Embedded & Cloud Security in the Internet of Things in 2018
Denial of Service D: If USB or other ports are available on the hardware, ensure that they are covered securely. Each layer builds greater security assurance in the overall infrastructure. Component Threat Mitigation Risk Implementation Device S Assigning identity to the device and authenticating the device Replacing device or part of the device with some other device. Ensure that device operating systems and all device drivers are upgraded to the latest versions. To ensure overall security, make sure to check all interfaces of components being integrated for security flaws.

Security starts with a threat model

IoT security (Internet of Things security)

Even if you could keep track of all your IoT devices, keeping them all patched and understanding all the implications around them is impossible. Worse yet, when devices sometimes brick or lose features such as the PS3 did when updating, people may choose not to update. Then there is the problem of passwords -- how do you keep a different password for each device?

It feels like the ideas behind IoT is about 5 years behind the bad guys and we are falling further and further behind. A defense is one exploit from being defeated and a patch that blocks an exploit is only a holding action.

Thanks for the Margaret. And to think we have a lot of network complexity now! To use past words of the president, it's going to "fundamentally transform" our networks and information security as we know it. I'm not convinced we're ready Search CIO Blockchain solutions -- and disruption -- pondered at EmTech The gathering at EmTech explored whether blockchain solutions could give the world a new model of trust. What's in it for the enterprise at Apple event?

Cloud migration best practices: Search Security How SOC metrics improve security operation centers' performance With the use of security operations centers comes the need for effective security metrics to gauge SOC performance and improve WannaMine cryptojacker targets unpatched EternalBlue flaw Unpatched systems are still being targeted by the WannaMine cryptojacker, despite warnings and global cyberattacks using the New Mirai variant attacks Apache Struts vulnerability New variants of the Gafgyt and Mirai botnets are targeting unpatched enterprise devices, which indicates a greater shift away Search Networking Access networking layer ready for software-defined reboot After years of stagnation, the access-layer network is in need of a makeover.

Verizon 5G rollout could change broadband competition Verizon launches Oct. Discovery functions, FIPS compliance increase DCIM security Data center infrastructure management is one way to track security patches and unauthorized hardware access. Data center admins gain the benefits of microservices Microservices bring perks to data center infrastructures, especially when it comes to long-term maintenance.

Search Data Management Containers key for Hortonworks alliance on big data hybrid Hortonworks is joining with Red Hat and IBM to work together on a hybrid big data architecture format that will run using Phones and tablets are explicitly optimized around maximizing battery lifetime.

They preferably turn off partially when not immediately interacting with a person, or when not providing services like playing music or guiding their owner to a particular location.

From a systems perspective, these information technology devices are mainly acting as proxies towards people. Special-purpose devices, from simple temperature sensors to complex factory production lines with thousands of components inside them, are different.

These devices are much more scoped in purpose and even if they provide some user interface, they are largely scoped to interfacing with or be integrated into assets in the physical world. They measure and report environmental circumstances, turn valves, control servos, sound alarms, switch lights, and do many other tasks. They help to do work for which an information device is either too generic, too expensive, too large, or too brittle. The concrete purpose immediately dictates their technical design as well the available monetary budget for their production and scheduled lifetime operation.

The combination of these two key factors constrains the available operational energy budget, physical footprint, and thus available storage, compute, and security capabilities.

The production lots may be destroyed, buildings may be looted or burned down, and people may be injured or even die. This is a whole different class of damage than someone maxing out a stolen credit card's limit. The security bar for devices that make things move, and also for sensor data that eventually results in commands that cause things to move, must be higher than in any e-commerce or banking scenario.

Microsoft uses the framework outlined previously to do threat modeling for Azure IoT. The following section uses the concrete example of Azure IoT Reference Architecture to demonstrate how to think about threat modeling for IoT and how to address the threats identified. This example identifies four main areas of focus:. It is important to note that the architecture separates the device and gateway capabilities. This approach enables the user to leverage gateway devices that are more secure: This section explores the architecture outlined previously through the lens of threat modeling and gives an overview of how to address some of the inherent concerns.

This example focuses on the core elements of a threat model:. An attacker may extract cryptographic key material from a device, either at the software or hardware level, and subsequently access the system with a different physical or virtual device under the identity of the device the key material has been taken from. A good illustration is remote controls that can turn any TV and that are popular prankster tools. Denial of Service D: A device can be rendered incapable of functioning or communicating by interfering with radio frequencies or cutting wires.

For example, a surveillance camera that had its power or network connection intentionally knocked out cannot report data, at all. An attacker may partially or wholly replace the software running on the device, potentially allowing the replaced software to leverage the genuine identity of the device if the key material or the cryptographic facilities holding key materials were available to the illicit program.

For example, an attacker may leverage extracted key material to intercept and suppress data from the device on the communication path and replace it with false data that is authenticated with the stolen key material. If the device is running manipulated software, such manipulated software could potentially leak data to unauthorized parties.

For example, an attacker may leverage extracted key material to inject itself into the communication path between the device and a controller or field gateway or cloud gateway to siphon off information.

Elevation of Privilege E: A device that does specific function can be forced to do something else. For example, a valve that is programmed to open half way can be tricked to open all the way.

A smoke or fire sensor could be reporting someone holding a lighter under it. In either case, the device may be technically fully trustworthy towards the system, but it reports manipulated information. An attacker may leverage extracted key material to intercept and suppress data from the device on the communication path and replace it with false data that is authenticated with the stolen key material.

An attacker may partially or completely replace the software running on the device, potentially allowing the replaced software to leverage the genuine identity of the device if the key material or the cryptographic facilities holding key materials were available to the illicit program.

An attacker may leverage extracted key material to inject itself into the communication path between the device and a controller or field gateway or cloud gateway to siphon off information. The device can be turned off or turned into a mode where communication is not possible which is intentional in many industrial machines.

The device can be reconfigured to operate in a state unknown to the control system outside of known calibration parameters and thus provide data that can be misinterpreted.

The device can be turned into a state where communication is not possible. If not secured which is rarely the case with consumer remote controls , an attacker can manipulate the state of a device anonymously. Threats around communication path between devices, devices and field gateways, and device and cloud gateway. Constrained devices are generally under DoS threat when they actively listen for inbound connections or unsolicited datagrams on a network, because an attacker can open many connections in parallel and not service them or service them slowly, or the device can be flooded with unsolicited traffic.

In both cases, the device can effectively be rendered inoperable on the network. Constrained devices and special-purpose devices often have one-for-all security facilities like password or PIN protection, or they wholly rely on trusting the network, meaning they grant access to information when a device is on the same network, and that network is often only protected by a shared key.

That means that when the shared secret to device or network is disclosed, it is possible to control the device or observe data emitted from the device. Every device and field gateway has some form of storage temporary for queuing the data, operating system OS image storage. A cloud gateway is system that enables remote communication from and to devices or field gateways from several different sites across public network space, typically towards a cloud-based control and data analysis system, a federation of such systems.

Cloud gateway is mostly custom built piece of software running as a service with exposed endpoints to which field gateway and devices connect. As such it must be designed with security in mind. Follow SDL process for designing and building this service. Control systems are the only entities in the scope of this discussion that may immediately facilitate interaction with people. The exceptions are intermediate physical control surfaces on devices, like a switch that allows a person to turn off the device or change other properties, and for which there is no functional equivalent that can be accessed digitally.

Intermediate physical control surfaces are those where governing logic constrains the function of the physical control surface such that an equivalent function can be initiated remotely or input conflicts with remote input can be avoided — such intermediated control surfaces are conceptually attached to a local control system that leverages the same underlying functionality as any other remote control system that the device may be attached to in parallel.

To learn more about securing a solution created by an IoT solution accelerator, see Secure your IoT deployment. Open-source software provides an opportunity to quickly develop solutions.

When you're choosing open-source software, consider the activity level of the community for each open-source component. An active community ensures that software is supported and that issues are discovered and addressed. Alternatively, an obscure and inactive open-source software project might not be supported and issues are not likely be discovered.

Many software security flaws exist at the boundary of libraries and APIs. Functionality that may not be required for the current deployment might still be available via an API layer.

To ensure overall security, make sure to check all interfaces of components being integrated for security flaws.

IoT solution deployer The following are best practices for IoT solution deployers: IoT deployments may require hardware to be deployed in unsecure locations, such as in public spaces or unsupervised locales.

In such situations, ensure that hardware deployment is tamper-proof to the maximum extent. If USB or other ports are available on the hardware, ensure that they are covered securely. Many attack vectors can use these as entry points. Keep authentication keys safe: During deployment, each device requires device IDs and associated authentication keys generated by the cloud service.

Keep these keys physically safe even after the deployment. Any compromised key can be used by a malicious device to masquerade as an existing device. IoT solution operator The following are the best practices for IoT solution operators: Keep the system up-to-date: Ensure that device operating systems and all device drivers are upgraded to the latest versions. Keeping other operating systems such as Linux up-to-date helps ensure that they are also protected against malicious attacks.

Protect against malicious activity: If the operating system permits, install the latest antivirus and antimalware capabilities on each device operating system. This practice can help mitigate most external threats. You can protect most modern operating systems against threats by taking appropriate steps.

Auditing IoT infrastructure for security-related issues is key when responding to security incidents. Most operating systems provide built-in event logging that should be reviewed frequently to make sure no security breach has occurred.

Audit information can be sent as a separate telemetry stream to the cloud service where it can be analyzed.

Recent Posts

Leave a Reply