A more comprehensive security strategy is required as more devices are connected.
Let’s talk about how the IoT is evolving.
Last year, Gartner published a study that said 5.5 million new “things” were being connected to the Internet every day. The study predicts that by the end of this year there will be 6.4 billion connected devices, and by 2020 there will be 20.8 billion connected devices.
That’s a lot of connected things to keep track of and to protect from malicious attacks.
What’s happening with all these connected devices is that more data is flowing throughout the IoT network. The networks are just flooded. They can’t handle the amount of data. The intelligence in the cloud where a lot of data processing and applications exists – is now being pushed down to the gateway and connected edge devices.
And, unfortunately, OEMs and IoT suppliers are just not keeping up with the changing dynamics. According to Kevin Mitnick, a reformed hacker and security specialist, the IoT has become essentially a “playground for hackers.”
Clearly, a more comprehensive security strategy is required.
The basics behind security
Really, when we say security, it boils down to allowing the things that are supposed to happen to happen, and preventing the things that aren’t supposed to happen from happening — whether it’s unauthorized access to data, unauthorized commands being performed, or unauthorized users getting information.
But in the IoT world, and specifically in the Industrial IoT world, it’s more about device-to-device communication and device-to-device security authorization, than it is human- to-machine authorization.
So what are some of the basics tenets behind IoT security?
First, there’s “hardening the device,” which ensures that a device is secure and that it cannot be reprogrammed or penetrated. This starts with secure boot.
The way secure boot works (in essence, it’s a type code signing technology) is that the software produced gets signed with a cryptographic key. That software, along with the signature, is then stored in the device.
When the boot loader is initiated, it goes out and recalculates the signature on the device, compares it to the one that’s stored, makes sure that it’s valid, and then proceeds. From that first stage boot loader, up through second stage boot loader through the operating system and so on, each stage validates the next stage before allowing full operation.
Now, if your current IoT network doesn’t have basic boot loader capabilities, please don’t think you need to take drastic measures to add security. You can add a lot of the capabilities in software without a hardware security module, but it is highly recommended to have a hardware security module as your foundation. If you don’t have it today, it’s always something you can add later.
Securing device communication
Securing communication is also something that’s very important. Developers have been focused on this for quite a while. There’s lot of pieces to this puzzle. Ensuring that you have security protocols such as IPsec or SSH (and its counterpart SSL) is critical to secure device communication.
And then there’s authentication. It’s important to mention this as it’s often overlooked. If you look at how Transport Layer Security (TLS) is typically implemented, you want to have one-way authentication, so one of the parties in the communication validates the other. Making sure that you have a system where all of the devices are able to authenticate each other is a really, really critical piece.
Finally, don’t forget to build an embedded firewall, which is another capability that can help control secure communication.
Ensuring secure IoT operation
Getting back to our IoT network – with so much data now being processed from the cloud to edge device, one of the key components is the intelligent IoT gateway – as the gateway is the facilitator, the data manager, in which all data must flow. Mentor Graphics recently introduced a highly customizable IoT gateway solution called the Mentor Graphics IoT gateway System Design Kit (SysDK), shown in Figure 1.
Figure 1: The Mentor gateway SysDK reference design can be used in its current form, or customized to meet specific gateway hardware and software requirements, including compatibility with legacy infrastructure and new IoT deployments.
The Mentor gateway SysDK is a reference design that is fully customizable in both hardware and software and is able to address the many types of functionality, security, and unique needs required of a modern IoT gateway. And because both hardware and software are customizable, Mentor’s SysDK accommodates many different connectivity options; it supports integration of brown field (legacy) and green field (newly added) devices.
In conclusion, security needs to be everywhere and throughout your IoT network. It’s critical that security be in place from the smallest IoT device through the end nodes and gateway, and up to the cloud itself.
It’s time to turn that playground into fertile ground for your business or customer.