Security in IoT: How it is different?

Kishore Kanala Kishore Kanala

Kishore Kanala

Published May 4, 2016
+ Follow

IoT devices are like any other traditional embedded systems from computing perspective except that they are light weight and for specific purpose. In fact, some of the traditional embedded systems are getting connected to internet and becoming part of IoT. 

The following security requirements of traditional embedded systems will be relevant for IoT devices also. 

  • Secure boot to ensure authorized firmware image is getting executed and not a malicious image
  • Secure communication to ensure that data transmitted to trusted/intended destination and received from reliable/intended source
  • Secure storage to store data sensitive to user [for example, credit card details]
  • Mechanisms to ensure that the inputs provided by user are not hacked. For example, Inputs such as PIN entered by user, fingerprint have to be securely taken
  • Mechanisms to ensure that malicious applications/services are not installed and executed

It is understood that security, safety and privacy are very critical in IoT due to the impact/consequences of hacking.  Is it enough if above aspects are addressed in IoT devices? OR Are there any other security aspects that are unique to IoT devices? 

I expected to get my question answered in recent NASSCOM event (topic: Security in IoT). There were points to justify criticality of security. But not the security aspects unique to IoT devices.

However, following interesting points that  came up in the discussions

  • lack of a mechanism to enter username & password
  • need & mechanism for anomaly detection
  • mechanisms for secure on-boarding to avoid rogue devices getting connected to a hub/gateway
  • Difficulty in upgrading software of IoT devices to provide security patches. If security patches are not updated, device remains vulnerable. Applying security patch and hackers identifying a security loophole is a cycle. There will be need for applying patches to fill the loopholes
  • Considering low footprint and low CPU needs of devices, it is difficult to budget for security components to be included

 

Karthikeyan NL 9y

Very good article. But I guess these points would need to be considered to make IoT secure considering the network complexity and the arising security breaches. 1)Emphasising security from day one 2)Lifecycle, future-proofing, updates 3)Access control and device authentication 4)Knowing about your vulnerable threats 5)Preparing to handle security breaches

Like
Reply

To view or add a comment, sign in

More articles by Kishore Kanala

See all articles

Others also viewed

Similar topics

Explore content categories