Internet of Things is the latest buzzword in today’s world of ICT. IoT is a new wave in the market which is all set to sensationalize our lives with no obscurity. There is an estimate that over the next decade or two about 26-100 billion IoT based devices will evolve surpassing the entire human population of the world. [Source: Gartner].
Now interconnected devices on such a large scale will bring forth the issues of privacy and security. Mulling over the solutions for such concerns is indispensable now. Devices under the umbrella of IoT will be interconnected with the help of IP addresses based out of IPV6 where each device will be identified with an IP address assigned to it. When you build a network using uniform standards, it becomes more vulnerable. Hence in a way the use of IP addresses will invite major security issues.
Following are the top five areas of security concerns with respect to Internet of Things:
Privacy Concerns: Majority of the IoT devices will indulge in collecting personal information like name, date of birth, address, health, credit card information and much more. Most devices would transmit this information across interconnected networks. If unknowingly users somehow misconfigure their home network, then it is very likely that their personal information can be exposed via wireless networks. The situation can even be fatal; imagine what can happen if someone hacks into a cardiac pacemaker or a car being driven on the road!
Insufficient Authorization /Authentication: A huge number of devices per single user would eventually end up with users keeping weak and simple passwords and sometimes common passwords. Many such users would also use the same password in the cloud for cloud products. This issue can be mitigated by defining strong password policies which may even fail if there are common passwords everywhere.
Transport Encryption: When information that is being transferred from one device to another device is encrypted; it is called Transport encryption. Transport encryption is crucial and failing to do so might also create a backdoor for hackers to extract information from the devices or the cloud itself.
User Interface: IoT devices will bring in security concerns with their user interfaces. These issues would include: persistent cross-site scripting, weak default credentials and poor session management. Hackers can identify valid user accounts and take over control using features like password reset etc.
Device Constraints: IoT would work if only if the end devices use as little energy as possible. This means that the devices will have comparatively low processing power. Hence devices cannot run a complicated security software else it would hamper its processing speed. Developing specialized security software for such devices will be another issue. Also many current firewall systems may not control the traffic flows into these devices which is another security concern.
Therefore security threats for IoT should be addressed throughout the device lifecycle i.e. from its initial design to its operational environment. This will include: Secure Booting, Access Control, Device Authentication, Firewall and IPS, Updates and Patches etc.
Simultaneously security at both the device and network levels is crucial for the successful operations of IoT. Fortunately, this need not require a revolutionary approach, but rather an evolution of steps and controls similar to those which have proven successful to a greater extent in IT networks. Instead of searching for an exclusively revolutionary solution that as of now does not exist, one can focus on delivering the current IT security controls and measures adapted and optimized to an extent to address security threats for the new and complex embedded applications and systems driving Internet of Things.
Deepika Dave
Batch 2017
Symbiosis Institute of Telecom Management
Now interconnected devices on such a large scale will bring forth the issues of privacy and security. Mulling over the solutions for such concerns is indispensable now. Devices under the umbrella of IoT will be interconnected with the help of IP addresses based out of IPV6 where each device will be identified with an IP address assigned to it. When you build a network using uniform standards, it becomes more vulnerable. Hence in a way the use of IP addresses will invite major security issues.
Following are the top five areas of security concerns with respect to Internet of Things:
Privacy Concerns: Majority of the IoT devices will indulge in collecting personal information like name, date of birth, address, health, credit card information and much more. Most devices would transmit this information across interconnected networks. If unknowingly users somehow misconfigure their home network, then it is very likely that their personal information can be exposed via wireless networks. The situation can even be fatal; imagine what can happen if someone hacks into a cardiac pacemaker or a car being driven on the road!
Insufficient Authorization /Authentication: A huge number of devices per single user would eventually end up with users keeping weak and simple passwords and sometimes common passwords. Many such users would also use the same password in the cloud for cloud products. This issue can be mitigated by defining strong password policies which may even fail if there are common passwords everywhere.
Transport Encryption: When information that is being transferred from one device to another device is encrypted; it is called Transport encryption. Transport encryption is crucial and failing to do so might also create a backdoor for hackers to extract information from the devices or the cloud itself.
User Interface: IoT devices will bring in security concerns with their user interfaces. These issues would include: persistent cross-site scripting, weak default credentials and poor session management. Hackers can identify valid user accounts and take over control using features like password reset etc.
Device Constraints: IoT would work if only if the end devices use as little energy as possible. This means that the devices will have comparatively low processing power. Hence devices cannot run a complicated security software else it would hamper its processing speed. Developing specialized security software for such devices will be another issue. Also many current firewall systems may not control the traffic flows into these devices which is another security concern.
Therefore security threats for IoT should be addressed throughout the device lifecycle i.e. from its initial design to its operational environment. This will include: Secure Booting, Access Control, Device Authentication, Firewall and IPS, Updates and Patches etc.
Simultaneously security at both the device and network levels is crucial for the successful operations of IoT. Fortunately, this need not require a revolutionary approach, but rather an evolution of steps and controls similar to those which have proven successful to a greater extent in IT networks. Instead of searching for an exclusively revolutionary solution that as of now does not exist, one can focus on delivering the current IT security controls and measures adapted and optimized to an extent to address security threats for the new and complex embedded applications and systems driving Internet of Things.
Deepika Dave
Batch 2017
Symbiosis Institute of Telecom Management
No comments:
Post a Comment