Discuss about the Various Security Concerns Identified in the IOT.
The IoT or Internet of Things is the inter-networking of various items like buildings, vehicles, physical devices. These are embedded with network connectivity, actuators, sensors, software or electronics that enable the objects to gather and exchange information (Xu, Wendt and Potkonjak 2014). From the perspective of security the IoT has not been flawless. Various security concerns identified in the IoT are analyzed in this essay. The essay describes the reason for security issues in IoT. The various kinds of security problems are identified. Then they are described and compared. Lastly a sophisticated technique is proposed to resolve the issues.
The IoT security has been the sector of endeavor concerning with the safeguarding of the connected networks and devices in IoT. Every computer is hackable. This contains much to do with the market of computers as it has been doing with technologies. Everyone prefers their software to be inexpensive and full of features. This has been at the expense of reliability and security (Li and Da Xu 2017). For instance, a computer affecting the security of Facebook is notably a market failure. The industries have been filled with many market failures that have gone unnoticed till the present days. As the computers have been permeating the homes, business, cars and so on the market failures has not been tolerable no longer. The only resolution has been the regulation foisted on the people by the government desperate in doing something at the face of the disaster.
The fundamental problem regarding IoT has been rising due to the concept of networking appliances and various other objects are new relatively. The security is not always included in designing products. The IoT products have been commonly sold with the unpatched and old embedded operating software and systems (Barreto et al. 2016). Moreover, the purchasers have been often failing to alter the default passwords on the smart devices. However, as they change them, they fail to select the strong passwords sufficiently. One of the common security issues for IoT security arising in the current age is regarding the hardware problems. From the very starting of the hardware of the IoT is a problem. With every sudden interest and hype in the chipmakers of IoT devices like Intel and ARM have been reinforcing their processors for further protection with every latest generation. However the realistic scene has not seemed to ever destroy the security gap. The problems have been that the modern architecture of chips has been made particularly for IoT devices (Ren et al. 2014). Thus the prices have been going up and making them costly. Moreover, the complicated design has been requiring more power battery that has been an obvious challenge for the IoT applications. The IoT devices that are wearable and affordable have not been using that kind of chips. This indicates that there has been the necessity for better approach.
Some of the existing approaches to resolve the security problems are explained hereby. The most effective way to minimizing the challenges of hardware security regarding IoT has been to possess he stringent framework for testing in place. For the secured testing of hardware one of the top picks are the device range. The coverage network of IoT device has been paramount. The organizations need to be much specific about the range metrics of the device or application (Mahmoud et al. 2015). For example of the Zigbee technology is used for empowering the network of the device, the repeaters are needed to be calculated. These repeaters are needed under the establishment for providing the communication range for the device. However any number of repeaters cannot be put blindly as with the rising number of repeaters the system’s capacity reduces (Guo et al. 2016). Thus the testing of device range would enable to seek the sweet spot whether the range can be maximized without reaching breaking point.
The next resolution is the capacity and latency. The capacity refers to the bytes per second handling speed of the network. The latency on the other hand points to the entire tike duration taken to transfer data between the endpoints of the applications. The developers have been always looking for the ways for increasing the latency and capacity of their applications of IoT for improving the performance (Hossain et al. 2016). The problem has been both the factors have been inversely proportionate and enhancing one degrades the. For this the data intensive applications and devices are to be tested thoroughly for capacity and latency balance. The next one is the manufacturability next. It has been seldom that the IoT device is built from the scratch of the individuals. Maximum time the module and components are been used that manufactured by the application. To test the modules for proper functioning has been very crucial. The manufacturers have been always doing the testing of assembly line on their end. However that should also be verified (Gou et al. 2013). Moreover as all the modules are pit together on the board testing has been needed for making sure that there have been no errors that are introduced due to wiring and soldering. The manufacturability testing has been required for making sure that the application has been working as it has been expected to.
Figure 1: “The IoT security threat map”
(Source: Beechamresearch.com, 2017)
Regarding effectiveness the IoT has been presenting huge opportunities of business for every market virtually. To resolve the problems regarding security the physical objects could be connected with the back end systems related to each other using the internet protocols. The door has to be opened for smart analytics. They must be energy efficiency, cost savings, predictive maintenance and the capability of offering more customized solutions and products effectively. As per as the cost is considered, the example of clothing manufacturing getting connected to the ordering system of customer could be considered. Rather producing loads and loads of items in set colors and sizes, the manufacturer could produce cloths on the basis of the particular details of the customer orders. This has been helping to cut the costs as they have not been producing clothes that no one have been asking for or the dead inventory (Lesjak, Hein and Winter 2015). As the customization rises the values to the clients and could effectively let the manufacturer increase the price points and differentiate from the competitors. The scopes could be applied to limitless other markets.
The improved technique or method for defending the security issue of IoT is to implement Microsoft Azure. The Azure IoT has been supporting the latest security hardware for strengthening the IoT security. Azure IoT have been supporting DICE or “Device Identity Composition Engine” and various other types of HSMs or Hardware Security Modules. The DICE has been a standard at TCG or “Trusted Computing Group” for device attestation and identification that enable the manufactures for using silicon gates for creating device identification on the basis of making security hardware, hardware of DNA of latest devices from ground ups (Pöhls et al. 2014). The HSMs have been the core security technology used for identities of securing devices and delivering the advanced functionality like the device attestation based on hardware and the zero touch provisions.
Moreover the Azure IoT team has been working with the standards major industry partners and organizations for employing the new in best practices in security for deploying support for a huge range of varieties of HSMs. The HSM has been offering resilient and resistant hardware basis of trust in the IoT devices. The Azure IoT transparency of platform has been integrating HSM support with the platform services such as the “Azure IoT Hub Device Management” and “Azure IoT Hub Device Provisioning”. Thus it enables the developers and customers in focusing more over recognizing particular risks regarding with the application and lesser on the tactics of security deployment. The IoT device deployment could be autonomous, remote and pen to the treats such as displacement, tampering and spoofing. In such cases the HSMs have been offering a important defense-layer for raising trust in privacy, confidentiality, integrity, authentication and many more (Halak, Zwolinski and Mispan 2016). The Azure IoT group has been grouping directly with the primary HSM manufacturers to enable easy access to a broad variety of the HSMs for accommodating risks regarding deployment specific for the developers and customers.
Figure 2: “Azure IoT suite”
(Source: Azure.microsoft.com, 2017)
The effectiveness of the software lies in the fact that the Azure IoT team has been leveraging the open standards for developing the best practices for robust and secure deployments. One of those kinds of standards has been the DICE or Device Identity Composition Engine from the TCG or Trusted Computing Group that has been offering the scalable framework of security requiring minimum footprint of HSM for anchoring trust from which for building numerous security solutions such as secure, authentication and the remote attestation. The DICE has been the response to the latest reality of the constraint computing that has been consistently characterizing the IoT devices (Dofe, Frey and Yu 2016). The minimalist approach has been the alternate path towards more traditional framework standards such as the TCG or Trusted Computing Group.
This has been offering a framework for scalable security that needed the minimum HSM footprint for anchoring tryst to create numerous solutions of security like remote attestation, secure boost and authentication. The DICE has been the response against the latest reality of the constraint computing continually characterizing the IoT devices. The minimalist kind of approach of it has been the alternate path for more traditional standards of security framework such as the TPM and TCG that has also supported on Azure platform IoT (Syed and Lourde 2016). The security journey has been the one, upon which the IoT team has been committed consistently helping the developers and customers to navigate in achieving the greatest confidence and trust to secure their deployments in IoT. This has involved the supporting of a broad range of security and security standards based on hardware for securing the hardware root to trust for the IoT devices.
The security solution to use Azure IoT discussed above must be implemented strictly for assuring the proper functioning of IoT hardware with safety. The technologies of IoT have been still immature for a wide extent and little paranoid about their protection are indeed useful. Before starting with the development of any application, it is mandatory to research and aware as much as possible. There should always be the tradeoffs present and the developer should always be bewaring of the threats. The security beaches are bound to occur almost and the organizations must always be ready with the exit plan. This would help to secure maximum information during any attack.
Azure.microsoft.com. (2017). Azure IoT Suite | Microsoft Azure. [online] Available at: https://azure.microsoft.com/en-in/suites/iot-suite/ [Accessed 5 Aug. 2017].
Barreto, L., Celesti, A., Villari, M., Fazio, M. and Puliafito, A., 2016. Security and IoT Cloud Federation: Design of Authentication Schemes. In Internet of Things. IoT Infrastructures: Second International Summit, IoT 360° 2015, Rome, Italy, October 27-29, 2015. Revised Selected Papers, Part I (pp. 337-346). Springer International Publishing.
Beechamresearch.com. (2017). IoT Security Threat Map :: Beecham Research. [online] Available at: https://www.beechamresearch.com/download.aspx?id=43 [Accessed 5 Aug. 2017].
Dofe, J., Frey, J. and Yu, Q., 2016, May. Hardware security assurance in emerging IoT applications. In Circuits and Systems (ISCAS), 2016 IEEE International Symposium on (pp. 2050-2053). IEEE.
Gou, Q., Yan, L., Liu, Y. and Li, Y., 2013, August. Construction and strategies in IoT security system. In Green Computing and Communications (GreenCom), 2013 IEEE and Internet of Things (iThings/CPSCom), IEEE International Conference on and IEEE Cyber, Physical and Social Computing(pp. 1129-1132). IEEE.
Guo, Z., Karimian, N., Tehranipoor, M.M. and Forte, D., 2016, May. Hardware security meets biometrics for the age of iot. In Circuits and Systems (ISCAS), 2016 IEEE International Symposium on (pp. 1318-1321). IEEE.
Halak, B. and Zwolinski, M., 2016. Hardware-based security solutions for the Internet of Things using physical unclonable functions.
Halak, B., Zwolinski, M. and Mispan, M.S., 2016, October. Overview of PUF-based hardware security solutions for the internet of things. In Circuits and Systems (MWSCAS), 2016 IEEE 59th International Midwest Symposium on(pp. 1-4). IEEE.
Hossain, M.S., Muhammad, G., Rahman, S.M.M., Abdul, W., Alelaiwi, A. and Alamri, A., 2016. Toward end-to-end biomet rics-based security for IoT infrastructure. IEEE Wireless Communications, 23(5), pp.44-51.
Lesjak, C., Hein, D. and Winter, J., 2015, November. Hardware-security technologies for industrial IoT: TrustZone and security controller. In Industrial Electronics Society, IECON 2015-41st Annual Conference of the IEEE (pp. 002589-002595). IEEE.
Li, S. and Da Xu, L., 2017. Securing the Internet of Things. Syngress.
Mahmoud, R., Yousuf, T., Aloul, F. and Zualkernan, I., 2015, December. Internet of things (iot) security: Current status, challenges and prospective measures. In Internet Technology and Secured Transactions (ICITST), 2015 10th International Conference for (pp. 336-341). IEEE.
Pöhls, H.C., Angelakis, V., Suppan, S., Fischer, K., Oikonomou, G., Tragos, E.Z., Rodriguez, R.D. and Mouroutis, T., 2014, April. RERUM: Building a reliable IoT upon privacy-and security-enabled smart objects. In Wireless Communications and Networking Conference Workshops (WCNCW), 2014 IEEE (pp. 122-127). IEEE.
Ren, K., Samarati, P., Gruteser, M., Ning, P. and Liu, Y., 2014. Guest Editorial Special Issue on Security for IoT: The State of the Art. IEEE Internet of Things Journal, 1(5), pp.369-371.
Syed, A. and Lourde, R.M., 2016, December. Hardware Security Threats to DSP Applications in an IoT Network. In Nanoelectronic and Information Systems (iNIS), 2016 IEEE International Symposium on (pp. 62-66). IEEE.
Xu, T., Wendt, J.B. and Potkonjak, M., 2014, November. Security of IoT systems: Design challenges and opportunities. In Proceedings of the 2014 IEEE/ACM International Conference on Computer-Aided Design (pp. 417-423). IEEE Press.