Learn more >
by Anna Gerber | Published November 17, 2017
This article is part of the IoT 301 learning path, an advanced developer guide for IoT.
As more and more IoT devices make their way into the world, deployed in uncontrolled, complex, and often hostile environments, securing IoT systems presents a number of unique challenges. According to Eclipse IoT Working Group’s 2017 IoT developer survey, security is the top concern for IoT developers.
Follow along as I describe my top ten challenges for IoT security:
Many IoT devices have limited amounts of storage, memory, and processing capability and they often need to be able to operate on lower power, for example, when running on batteries.
Security approaches that rely heavily on encryption are not a good fit for these constrained devices, because they are not capable of performing complex encryption and decryption quickly enough to be able to transmit data securely in real-time.
These devices are often vulnerable to side channel attacks, such as power analysis attacks, that can be used to reverse engineer these algorithms. Instead, constrained devices typically only employ fast, lightweight encryption algorithms.
IoT systems should make use of multiple layers of defense, for example, segregating devices onto separate networks and using firewalls, to compensate for these device limitations.
With so many devices offering potential points of failure within an IoT system, device authentication and authorization is critical for securing IoT systems.
Devices must establish their identity before they can access gateways and upstream services and apps. However, there are many IoT devices that fall down when it comes to device authentication, for example, by using weak basic password authentication, or using passwords unchanged from their default values.
Adopting an IoT Platform that provides security by default helps to resolve these issues, for example by enabling two factor authentication (2FA) and enforcing the use of strong passwords or certificates. IoT Platforms also provide device authorization services used to determine which services, apps, or resources that each device has access to throughout the system.
Applying updates, including security patches, to firmware or software that runs on IoT devices and gateways presents a number of challenges. For example, you need to keep track of which updates are available apply updates consistently across distributed environments with heterogeneous devices that communicate through a range of different networking protocols.
Not all devices support over-the-air updates, or updates without downtime, so devices might need to be physically accessed or temporarily pulled from production to apply updates. Also, updates might not be available for all devices, particularly older devices or those devices that are no longer supported by their manufacturer.
Even when updates are available, the owners of a device might opt out of applying an update. As part of your device management, you need to keep track of the versions that are deployed on each device and which devices are candidates for retirement after updates are no longer available.
Device manager systems often support pushing out updates automatically to devices as well as managing rollbacks if the update process fails. They can also help to ensure that only legitimate updates are applied, for example through the use of digital signing.
Read more about securing IoT devices and gateways.
Once the devices themselves are secured, the next IoT security challenge is to ensure that communication across the network between devices and cloud services or apps is secure.
Many IoT devices don’t encrypt messages before sending them over the network. However, best practice is to use transport encryption, and to adopt standards like TLS. Using separate networks to isolate devices also helps with establishing secure, private communication, so that data transmitted remains confidential.
Read more about securing IoT data over the network.
It is also important that wherever the data ends up after it has been transmitted across the network, it is stored and processed securely. Implementing data privacy includes redacting or anonymizing sensitive data before it is stored or using data separation to decouple personally identifiable information from IoT data payloads. Data that is no longer required should be disposed of securely, and if data is stored, maintaining compliance with legal and regulatory frameworks is also an important challenge.
Ensuring data integrity, which may involve employing checksums or digital signatures to ensure data has not been modified. Blockchain – as a decentralized distributed ledger for IoT data – offers a scalable and resilient approach for ensuring the integrity of IoT data.
Read more about what blockchain means for IoT in this blog post.
Web, mobile, and cloud apps and services are used to manage, access, and process IoT devices and data, so they must also be secured as part of a multi-layered approach to IoT security.
When developing IoT applications, be sure to apply secure engineering practices to avoid vulnerabilities such as the OWASP top 10 vulnerabilities. Just like devices, apps should also support secure authentication, both for the apps themselves and the users of the applications, by providing options such as 2FA and secure password recovery options.
Read more about security best practices for IoT applications.
As we come to rely more on IoT within our day-to-day lives, IoT developers must consider the availability of IoT data and the web and mobile apps that rely on that data as well as our access to the physical things managed by IoT systems. The potential for disruption as a result of connectivity outages or device failures, or arising as a result of attacks like denial of service attacks, is more than just inconvenience. In some applications, the impact of the lack of availability could mean loss of revenue, damage to equipment, or even loss of life.
For example, in connected cities, IoT infrastructure is responsible for essential services such as traffic control, and in healthcare, IoT devices include pacemakers and insulin pumps. To ensure high availability, IoT devices must be protected against cyber-attacks as well as physical tampering. IoT systems must include redundancy to eliminate single points of failure, and should also be designed to be resilient and fault tolerant, so that they can adapt and recover quickly when problems do arise.
Despite best efforts, security vulnerabilities and breaches are inevitable. How do you know if your IoT system has been compromised? In large scale IoT systems, the complexity of the system in terms of the number of devices connected, and the variety of devices, apps, services, and communication protocols involved, can make it difficult to identify when an incident has occurred. Strategies for detecting vulnerabilities and breaches include monitoring network communications and activity logs for anomalies, engaging in penetration testing and ethical hacking to expose vulnerabilities, and applying security intelligence and analytics to identify and notify when incidents occur.
Read more about how to protect your IoT devices from malware attacks.
The complexity of IoT systems also makes it challenging to assess the repercussions of a vulnerability or the extent of a breach in order to manage its impact. Challenges include identifying which devices were affected, what data or services were accessed or compromised and which users were impacted, and then taking actions to resolve the situation.
Device managers maintain a register of devices, which can be used to temporarily disable or isolate affected devices until they can be patched. This feature is particularly important for key devices such as gateway devices in order to limit their potential to cause harm or disruption, for example, by flooding the system with fake data if they have been compromised. Actions can be applied automatically using a rules engine with rules based on vulnerability management policies.
A longer-term IoT security challenge is to apply security intelligence not only for detecting and mitigating issues as they occur, but also to predict and proactively protect against potential security threats. Threat modeling is one approach used to predict security issues. Other approaches include applying monitoring and analytics tools to correlate events and visualize unfolding threats in real-time, as well as applying AI to adaptively adjust security strategies applied based on the effectiveness of previous actions.
Adopting a multi-layered security-by-design approach to IoT development is essential for securely managing devices, data, and mobile and cloud-based IoT apps and services, as well as dealing with threats or issues as they arise.
Incorporating security by default – where security features are configured at their most secure settings at all times, including before, during, and after development enables you to maintain data privacy and integrity, while delivering highly available IoT data, apps, and services.
In this article, I will address these three questions: What does an IoT device look like under the hood, what…
Learn the various approaches for securing devices and gateways such as authentication, authorization, and application ID validation.
The Internet of Things is changing the way that businesses operate. These changes make the security of IoT devices even…
Back to top