I have always made it a point to go through the flaws of a technology first rather than focusing on its so called valuable benefits. Internet of things received a wide spread hype for its implementation scope. In the beginning of the year 2015 many experts claimed its going to be an existential year for IoT. We also made a statement on how this year is going to be the year for IoT Enterprise segment. However sluggish growth and poor development owing to IoT security has resulted in doubts.
Media for sure was adamant to prove the flaws and loop holes in connecting everything with internet. Media had their reason to be skeptic but they were not totally clueless. Kaspersky Lab went as far as stating IoT as Internet of Crappy Things openly criticizing the move to connect everything possible to internet. Internet of things security challenges are for real and they need to be addressed first.
But time and again it is proven that any emerging technology faces its fair share of challenges and criticism. IoT security issues are definitely a reality but it should not discourage you from developing your IoT applications.
IoT Security Issues
In the development of any IoT application security and testing frameworks play an important role. To help you create more secured and attack proof internet of things enabled devices and applications we have outlined top security concerns you should address.
IoT Security-Data Encryption
Internet of things applications collect tons of data. Data retrieval and processing is integral part of the whole IoT environment. Most of this data is personal and needs to be protected through encryption.
To address this IoT security issue you can use Secure Sockets Layer protocol or SSL wherever your data is present online. Websites already use SSL certification to encrypt and protect the user’s data online. This is only half part of the equation other half is to protect the wireless protocol side. While data is being transferred wirelessly it needs encryption as well. Sensitive data like locations need to be available to be concerned user and no one else. Therefore make sure you use a wireless protocol with inbuilt encryption.
IoT Security- Data Authentication
After successful encryption of data chances of device itself being hacked still exist. If there is no way to establish the authenticity of the data being communicated to and from an IoT device, security is compromised.
For instance, say you built a temperature sensor for smart homes. Even though you encrypt the data it transfers is there is no way to authenticate the source of data then anyone can make up fake data and send it to your sensor instructing it to cool the room even when its freezing or vice versa. Authentication issues may not be upfront but they definitely pose a security risk.
IoT Security-Side-channel Attacks
Encryption and authentication both in place still leave scope for side channel attacks. Such attacks focus less on the information and more on how that information is being presented. For instance if someone can access data like timing information, power consumption or electromagnetic leak, all of this information can be used for side channel attacks.
IoT Security-Hardware Issues
From the very beginning the internet of things hardware has being the problem. With all the hype and sudden interest in IoT devices chipmakers like ARM and Intel are reinforcing their processors for more security with every new generation but the realistic scenario doesn’t seem to ever close that security gap.
The problem is with modern architecture of the chips made specifically for the IoT devices, the prices will go up making them expensive. Also the complex design will require more battery power which is definitely a challenge for IoT applications. Affordable wearable IoT devices won’t use such chips meaning there is need for better approach.
IoT Security Solution-Testing Hardware
The best way to minimize the hardware security challenges of internet of things is to have stringent testing framework in place. Here are our top picks for secured testing of hardware.
Coverage network of the IoT device is paramount. You need to be very specific about the range metrics for your application or device.
For instance if you are using Zigbee technology to empower your device’s network you will have to calculate how many repeaters you will need within a establishment to provide communication range for your device. But you cannot blindly put any number of repeaters as with increasing number of repeaters the capacity of your system decreases. Therefore device range testing will enable you to find that sweet spot where you can maximize the range without reaching the breaking point.
Latency and Capacity
Capacity is the bps (bytes per second) handling speed of your network while latency denotes the total time taken for data transfer between the application endpoints.
Developers always look for ways to increase capacity and latency of their IoT applications to improve performance. Problem is both these factors are inversely proportionate, improving one degrades the other. Data intensive devices and applications should be thoroughly tested for latency and capacity balance.
It is seldom that you will build you IoT device from scratch on your own. Most of the time, you will be using component and module manufactured by others in your application. Testing these modules on your own for proper functioning is very important.
Manufacturers always do the assembly line testing on their end but you should also verify the same. Also when you put all the modules together on a board testing is required to make sure there are no errors introduced because of soldering and wiring. Manufacturability testing is necessary to make sure your application works as it is intended to.
How can we develop secured IoT Applications?
The security solutions discussed above should be implemented strictly to ensure proper functioning with safety.
IoT technologies are still immature to a large extent and being little paranoid about their security is indeed helpful. Before you start with development of any IoT application it is necessary that you do research and be informed as much as you can. There will always be tradeoffs like more security for poor UI but as mentioned before you need to find that sweet spot.
Also don’t be in the rush to bring your product in the market without proper planning for long term support. IoT devices are cheap so chances are very high that manufacturers don’t pay enough attention to provide security updates and patches. This is not a sustainable development model for internet of things.
As an IoT application developer always beware of threats. Security breaches are almost bound to happen and you should be ready for them. You should always be ready with an exit plan to secure maximum data in case of an attack.
Last and not least always take initiative to teach customers and employees on latest IoT security threats and solutions.