IoT Building Blocks and Security Essentials

Much has been said about the advent of the Internet of Things (IoT) and its future spread. As the number of devices that form the IoT bubble grows, extremely large volumes of data will be generated. The global network will have to expand many times to incorporate all of IoT’s potential. IoT promises revolution and change in lifestyle: the way we think, the way we interact and the way we progress.

IoT gives power to everyone who embraces it: from IT professionals to cybercriminals. Therefore, as the IoT world grows, more sophisticated breaches with wider impact should be expected. In fact, these breaches are already happening, in the form of DDoS attacks through IoT devices.[1] These and other breaches have already raised much concern about IoT security. Unless IoT initiatives are secured, customer confidence can never be established, and the full benefits from IoT are unlikely to accrue.

In order to better understand the areas within IoT requiring special security emphasis, it is important to recognize IoT’s building blocks and then address the related security concerns.

IoT Building Blocks

Things

IoT things are the devices connected to the global network that participate in the flow of data and information. Normally, IoT devices consist of sensors and actuators. Sensors, as the name indicates, sense and collect data from the environment, depending upon the type of and functionality of each IoT device. This data goes to some control or management application that initiates decisions based on real-time data analytics. These decision are sent back to the device(s) and are implemented through the actuators, which can be considered the output module of IoT devices.

IoT access network

An IoT access network is the network of IoT things within an area of operation. This network is also connected to the global network for information exchange. An IoT access network, in most cases, consists of a wireless network hooking up all the sensors and actuators of the IoT things in its vicinity. Therefore, it is also called a Wireless Sensor Network (WSN) or Wireless Sensor and Actuator Network (WSAN).

Big data analytics

IoT devices are manufactured in large numbers and are deployed at a very fast pace. Such a huge number of IoT devices, switched on and connected, generates large volumes of data, due to continuous sensing and exchange of data. This data is analyzed in real time for decision making through the technique of big data analytics.

Cloud

IoT devices are generally lightweight in terms of power, computing and memory storage. Therefore, for extended computing and memory needs, reliance on cloud is essential. This makes cloud is an important part of IoT.

IoT Security Essentials

Identity and access management (IAM)

The IoT landscape is characterized by big numbers: huge number of entities, large volumes of data and many users. This makes IoT identity and access management (IAM) a challenging task. Various IAM concerns include unique identification for devices and entities, complex user rights and authorizations, certificate management, etc.

IoT network security

WSNs are meant to work on access side of the IoT, hooking up all the devices in an area of operation. They encounter challenges like adhocism in the topology, mobile nodes management and lightweight network devices. Another area of network security needing attention is secure interaction of WSN protocols with IP protocols for IoT access networks to interact with the global Internet.

Cloud security

As highlighted earlier, cloud is an essential part of the IoT landscape. Cloud computing and storage both are critical for IoT operation and deployment. Therefore, cloud security is one significant part of overall IoT security.

Cryptography

Cryptography for security services like confidentiality, integrity, authentication, non-repudiation/digital signature, etc. are already used in this pre-IoT era. However, with the advent of IoT, lightweight cryptography has gained a lot of attention. Due to their limited resources, IoT entities primarily rely on lightweight cryptographic mechanisms. Cryptography for IAM and Public Key Infrastructure (PKI) in the IoT environment is essential.

Forensics

Due to IoT peculiarities, digital forensics also needs further progress. IoT makes evidence collection difficult, due to the spread of evidence across many IoT entities. Such a variety of devices also makes evidence preservation a challenge in the face of environmental changes like temperature, wind speed, etc. In addition to these challenges, software tools for digital forensic needs may also face additional issues in the IoT realm.

Legal compliance

Compliance not only improves security controls, but it also saves enterprises from legal complications in the case of a breach. However, popular standards must be updated to address the coming IoT boom. However, making a system compliant to IoT standards requires more qualified professionals. These issues illustrate the challenges facing legal compliance in the IoT era, both for standard-forming bodies and for enterprises striving for achieving compliance.

Conclusion

IoT is the outcome of decades of IT revolution. It offers to change daily routines for everyone. Smart cities, smart homes and similar initiatives are promising to bring the IoT dream into reality. With the rapid pace of IoT deployment, related security concerns must be addressed. For IoT to become part of normal life, it must first be accepted by users with confidence. 

About the Author

Abdul B. Subhani is the founder and President/CEO of Centex Technologies, an IT consulting company with offices in Central Texas, Dallas, and Atlanta. He is also an adjunct faculty member of the Texas A&M University - Central Texas computer information systems department. Abdul is a Certified Ethical Hacker, a Certified Fraud Examiner, Certified in Risk and Information Systems Control, a Texas Licensed Private Investigator, member of FBI Infragard and the recipient of multiple other advanced IT credentials. Abdul has been a frequent keynote speaker, moderator, and panelist at leading international technology conferences, and he has given speeches to thousands of students at colleges and universities.

[1] https://www.enisa.europa.eu/publications/info-notes/major-ddos-attacks-involving-iot-devices