Technologies to secure the Internet of Things
The power of the Internet of Things (IoT) is in its ability to combine information from various devices and systems in novel ways to provide unprecedented insights and convenience. This shift promises entirely new services and business opportunities The IoT introduces a wide range of new security risks and challenges to the IoT devices themselves, their platforms and operating systems, their communications, and even the systems to which they’re connected.
Security technologies will be required to protect IoT devices and platforms from both information attacks and physical tampering, to encrypt their communications, and to address new challenges such as impersonating “things” or denial-of-sleep attacks that drain batteries. IoT security will be complicated by the fact that many “things” use simple processors and operating systems that may not support sophisticated security approaches.
In its recently-released TechRadar report for security and risk professionals, Forrester Research discusses the outlook for the 13 most relevant and important IoT security technologies, warning that “there is no single, magic security bullet that can easily fix all IoT security issues.” Based on Forrester’s analysis, here’s our list of the hottest technologies for IoT security:
Providing the ability for users to authenticate an IoT device, including managing multiple users of a single device (such as a connected car), ranging from simple static password/pins to more robust authentication mechanisms such as two-factor authentication, digital certificates and biometrics. Unlike most enterprise networks where the authentication processes involve a human being entering a credential, many IoT authentication scenarios (such as embedded sensors) are machine-to-machine based without any human intervention.
Encrypting data at rest and in transit between IoT edge devices and back-end systems using standard cryptographic algorithms, helping maintain data integrity and preventing data sniffing by hackers. The wide range of IoT devices and hardware profiles limits the ability to have standard encryption processes and protocols. Moreover, all IoT encryption must be accompanied by equivalent full encryption key lifecycle management processes, since poor key management will reduce overall security.
Providing complete X.509 digital certiﬁcate and cryptographic key and life-cycle capabilities, including public/private key generation, distribution, management, and revocation. The hardware specs for some IoT devices may limit or prevent their ability to utilise PKI. Digital certiﬁcates can be securely loaded onto IoT devices at the time of manufacture and then activated/enabled by third-party PKI software suites; the certiﬁcates could also be installed post-manufacture.
IoT device manufacturers need to begin implementing security in the early design phases of their products. Act with Security by Default/Design as security can no longer be an afterthought as it has in the past with so many legacies connected device and products.