Anything capable of communicating wirelessly enables users to monitor or control the device without being physically close to it. What happens when a stranger gets access to control your home, without being close enough? Welcome to the dark side of the Internet of Things.
By Dilin Anand
The biggest problem with the IoT is that it is so ubiquitous, people don’t understand the significance of lax security of this device — a device that sits in your peripheral vision while continuously gathering data on you.
How real is your sense of security?
Wael William Diab, who chairs the IEEE 802.3 Working Group’s standing Maintenance Task Force says that, “There are certain applications where security is not a big issue, and others where users don’t perceive it to be a big issue”. Obviously, the latter is the root of an even bigger problem.
With the IoT, people are connecting devices to stuff that are important to them, which then go to gain very sensitive data. Over the past few weeks, there have been a number of articles where people have talked about the security issues in the Internet of Things like people hacking baby monitors, spying on children and many other things that create great concern in people; especially people who aren’t technologists and aren’t using technology everyday like we are.
“There is a perception of security and then there’s the reality of security which are both equally important. We’ve embedded security deeply into our architecture for embedded IoT connectivity because we understand it’s importance”, explains Brian Bedrosian, Senior Director, Embedded Wireless, Wireless Connectivity Combos and Jeff Baer, Business Development Director, Embedded Wireless, Wireless Connectivity Combos, both from Broadcom.
If someone is of the notion that only enterprise IP networks are prone to attacks, they are completely mistaken. “Hackers’ targets are much higher today. For example, systems like smart grid attract more attention in terms of breaking into the system and creating havoc. There are lots of instances in the past where there were attacks on Defence, Industrial and even Automotive sector. Hence security is even more important as far as IoT is concerned and there are various ways of addressing security,” adds S. Natarajan, Senior Program Manager – India Strategy & Planning, Intel India.
Granted that components in IoT products would be running in IPv6 which offers much better security and control than IPv4, but that doesn’t necessarily make the product safe. “IPv6 security has not been “field proven” and testing has revealed vulnerabilities. Therefore, in short term, deploying applications using Ipv6 represents a higher security risk than deploying them using Ipv4, but since every device has its own unique internet address and avoids administrative traffic, the recommendation by experts is for IPv6,” shares R K Shenoy, Sr. Vice President, Powertrain Electronics, Robert Bosch Engineering and Business Solutions Limited.
So how is this problem being tackled?
One approach suggested by Shenoy is to have an IoT architecture that follows a standardized approach across industries – the Semantic Web was one approach, but still security issues have to be resolved.
There are efforts to address the security aspects of the sensors. The way Intel looks at implementing security for IoT areas is in multiple ways. “One is that we are making sure that we leverage the technologies which we have from McAfee’s side to address some of the security aspects from the level of OS all the way down to the silicon or the chip itself,” explains S. Natarajan.
When it comes to other aspects, such as the sensors (where data communication takes place) and the network, there are different ways of securing such as by using some platform woven technologies like Trusted Execution Technology (TXT), which addresses that security aspect.
Brian from Broadcom adds, “From our point of view, we recognized that early on. We’ve embedded security deeply into our WICED architecture (Wireless Internet Connectivity for the Embedded Devices); that’s our architecture for embedded Internet of Things connectivity.”