Security for the Internet of Things.

Embedded Hardware & Software Partnerships Provide Critical Path to Closing IoT Security Loopholes


  • Page 1 of 1
    Bookmark and Share

It is estimated that there could be between 25-50 billion connected devices by 2020, with more than six connected devices per person. The technologies that make up the Internet of Things (IoT) include sensors/actuators, wireless communications, hardware/software, network infrastructure, addressing and cloud computing. As these IoT technologies continue to rise exponentially, so do the security risks of breaches and unwanted data capture.

Imagine an IoT device regulating insulin injections being taken over and controlled by a hacker. This attack could easily cause major bodily injury, or even death. The IoT is dramatically increasing the vulnerabilities of environments that – when previously unconnected – did not pose the same kind of risk. This makes it increasingly important for those developing IoT solutions to work within their hardware/software partner ecosystems to address security risks at every level of IoT system design, deployment and on-going function.

In a recent survey done by the SANS Institute, the five greatest threats to the IoT over the next five years will be:

• Weakening perimeters - Difficulty patching, leaving systems vulnerable (31%)

• Botnets/malware - Things used as infection vectors to spread to enterprise (26%)

• Denial of Service (DDOS) - Attacks causing damage or loss of life (13%)

• Data breaches - Intended sabotage and destruction of device(s) (12%)

• Inadvertent breaches - User error/accidental data breaches / exposures (11%)

All of these attacks are based on the various layers implemented on the network such as Physical Layer (Eavesdropping), Data Link Layer (Spoofing), Network Layer (Wormhole), Transport (Flooding) and Application (Modification).

Current network security, internet encryption, and typical PC-based security software is not sufficient enough to protect users, data and IoT devices. There have been countermeasures proposed to address the security concerns, but we have a long way to go to bridge the gap.

The IoT industry is implementing key elements to reduce specific network security threats. Devices, gateways, servers and network routing gear must have the ability to actively reduce key security areas for encryption and breach protection, while ensuring privacy rights, ease-of-use and the ability to autonomously upgrade and provide new security patches.

A positive trend has been the development of partner eco-systems between embedded hardware and software providers to reduce the risk of IoT attacks and breaches in IoT devices and gateways. Offering boot up and memory protection at the processor level, packet encryption solutions, hardware monitoring and threat detection services, analytics of key patterns and user behaviors, and the reporting and logging of specific threats are just some of the ways that solution providers are addressing the IoT security infrastructure.

An example of a secure environment created by a partner eco-system is ADLINK’s SEMA Cloud platform, which incorporates a security framework using many of the aforementioned tactics. At the board level, Secure Boot provides a mechanism to prevent loading of unauthorized software during device boot up. For operating system security, McAfee Application Control provides whitelisting to guard against software tampering and malware zero-day exploits. Transport Layer Security (TLS 1.2) ensures secure, reliable data transfer from the device to the cloud through state-of-the-art encrypted data transmission protocols (e.g., Advanced Encryption Standard AES-256). And in the cloud, ADLINK works with leading global platform hosting partners to provide an ultra-secure environment. Finally, authentication processes using application and device specific keys are offered throughout the course of data transfer.

With the experience of early IoT market engagements, vendors can better visualize and reduce threats before they happen in order to offer customer solutions that de-risk and countermeasure security threats. The key is working together with our partners at every level of solution development to create secure IoT environments and move the conversation away from the negative outcomes of the IoT and back to all of the positive improvements that come from a connected world.

ADLINK Technology
San Jose, CA
(408) 360-0200