Shared Security Model Addresses Inherent Vulnerabilities of the IoT

July 18, 2016

Compared to the traditional paradigm of one person operating one computer, the Internet of Things (IoT), which comprises billions of connected devices most of which are unsupervised by humans, poses inherent security challenges. The number and types of potential targets in the IoT is enormous and the lack of human operators for most of these devices precludes using many of most the effective security methods. Furthermore, the types of devices that are now connected to the Internet — automobiles, electrical generators, water supply pumps, etc. — create the potential for real damage if they are compromised.

A forewarning of the dangers of connected devices was provided by the attack on the Ukrainian power grid in late 2015 that took about 30 substations offline and left 230,000 homes and businesses in the dark for up to six hours. The attackers even overwrote firmware on critical devices that left them unresponsive to remote commands – leaving operators controlling breakers and other devices manually months after the attacks.

Compared to the cloud, which now has a well-defined security model and limited points of access, the IoT presents a much broader and more diverse attack surface with many more types of devices, operating systems and protocols. While user management in the cloud is simplified by the fact that access is generally granted to one human being using one program, in the IoT devices might authenticate as themselves, as a human or on behalf of a human, necessitating a much more complicated permissions and trust model.

Some companies are aware of these dangers but see little urgency in addressing them because they have yet to deploy IoT applications on a large scale. But do they really know how many of their devices are already are connected to the Internet and potentially exposed to attack?

The Shodan search engine, which crawls the Internet looking for connected devices, has cataloged 500 million connected devices including control systems for factories, hockey rinks, car washes, traffic lights, security cameras, and even a nuclear plant. Many of these devices are connected to the Internet through an internal application provided by the manufacturer or third parties.

A high proportion of these devices possess only very limited security capabilities. Many need no password at all to connect to them and many others use “admin” as their user name and “1234” as their password. With 70 percent of devices communicating in plain text, breaking in becomes easy even if the password is more secure. Millions of devices are running very old versions of software where there are many serious known vulnerabilities. The question for many companies is not will you start an IoT project but how will you manage and secure your existing (if unknown) IoT devices.

Fig 1-IoT security architecture

Figure 1: IoT security architecture

 

Today there is no comprehensive security model for IoT. However, we can utilize the security architecture shown in Figure 1 which highlights the different elements in the IoT and how they interact: 1) the device is a real world object connected to the network 2) the networking infrastructure connects the device to the IoT platform 3) operations provides the infrastructure for the application 4) the IoT platform is a suite of components that communicates with and manages devices and runs applications 5) development refers to the process used to develop IoT applications and 6) applications generate business value by monitoring, managing, and controlling connected devices.

Figure 2: Shared security model for the IoT

Figure 2: Shared security model for the IoT

The shared security model diagram in Figure 2 explains how responsibility for security in the IoT is divided among these players. Starting from the top, the customer is responsible for protecting the various devices from unauthorized access and also managing user accounts. The IoT platform can simplify this task by providing built-in visibility and permissions that can be used without coding. For example, you can define regions or divisions or locations and give persons assigned to those regions visibility into assets in their own regions but not the other regions. Likewise, you can create a role for functions within your organization such as “service manager”. Then when you assign the service manager role to a new user he or she will automatically inherit the permissions assigned to that role.

Ideally, the IoT platform will provide the option of working through a connection server residing in the demilitarized zone (DMZ) while the platform itself resides inside the firewall. Placing the IoT platform inside an internal network makes compromising it very difficult for determined attacker and allows for organizations to better protect their IoT infrastructure with good network design.

The best platforms provide tools that make it easy for application developers to comply with security best practices such as the Open Web Application Security Project (OWASP) Top 10, which was created to avoid easy-to-exploit vulnerabilities in web applications. For example, SQL injection is one of the top 10 vulnerabilities. The IoT platform can avoid this vulnerability by parameterizing inputs and not allowing direct SQL inquiries.

On the other hand, some of the responsibility for securing the IoT belongs to the application developer. For example, most IoT platforms offer the option of encrypting communications with devices using the Transport Layer Security (TLS) protocol, but it’s up to the developer to turn this feature on.

Regardless of how well security is designed into the application, vulnerabilities will arise and that’s why it’s critical to have a process for updating each layer of the stack with the latest and greatest. Look for an IoT platform with a built-in software and content management system that automatically packages and distributes updates. The most advanced platforms offer options in how the update can be distributed, such as first pushing it out to a small number of devices so it can be checked out before the general rollout.

A shared security model with these and many other capabilities can simplify the process of developing and implementing IoT applications that optimize the performance of a far-flung fleet of devices while protecting against unauthorized and malevolent intruders. Blogs are not the format for covering every aspect of IoT security but fortunately here at ThingWorx we have lots of materials to help explain and protect your IoT infrastructure. Read Providing Secure Connected Products for more information on this topic.

Learn More About IoT Security