Today, we live in a technology-obsessed age. Whichever way you look, it’s hard to avoid the increasing number applications, products and solutions that continue to redefine the boundaries of what we previously thought possible. From autonomous vehicles and edge computing to 5G and the Internet of Things, all facets of our lives are continuing to evolve, thanks to an endless stream of differentiated innovations. In this article, we’ll be focusing on the latter of these - the Internet of Things (IoT).
Deployment of IoT technologies
Smart homes, smart utilities, smart retail, smart farming, smart supply chains and many of the other ‘smart’ versions of sectors that we’re already familiar with, are all called as such because of the implications of IoT. Indeed, it is a technology that has manifested itself in billions of devices, which today underpin the truly transformational levels of connectivity that we see across industries of all shapes and sizes.
The statistics speak for themselves. According to Statista, over US$ 1 trillion is expected to be spent on IoT technology worldwide, in 2022. Be it added convenience, efficiency, productivity or intelligence, many benefits are poised to emerge from this spike in IoT-related activities. Yet to say this digital transition is going to be entirely positive would be naïve.
Threats faced by smart cities
It is said that by 2040, 65 per cent of the world’s population will be living in cities
Let’s consider smart cities. It is said that by 2040, 65 per cent of the world’s population will be living in cities. To accommodate such an influx, without facing significant logistical issues, with limited space and infrastructure, policy makers have begun to recognise that these urban environments need to become not only larger, but smarter as well.
As a result, the global smart cities market is on the rise. Statista states that, globally, technology spending on smart city initiatives is expected to double from US$ 81 billion in 2018 to US$ 189.5 billion in 2023.
Threat of attackers with expanding IoT landscape
The challenge here is that such a stark uptick will drastically expand the IoT landscape, presenting more opportunities than ever to threat actors. As connectivity and computing power is distributed more widely across large-scale outdoor networks, hackers will scale-up their own operations in tandem.
According to a Nokia report from October 2020 (based on data aggregated from monitoring network traffic on more than 150 million devices globally), IoT devices now account for roughly 33 per cent of all infected devices, up from the 16 per cent estimated in 2019.
What’s more concerning is how these figures are translating into real world events. 2021 alone has already witnessed an attack on a water plant in Oldsmart, Florida, which was designed to poison residents’ drinking water. Furthermore, Colonial Pipeline, one of the largest fuel pipelines in the US was also hacked, earlier this year, resulting in major shortages across the country’s East Coast.
Security through IoT authentication
From weak password protection, a lack of regular patch updates and insecure interfaces, to insufficient data protection, poor IoT devices management and an IoT skills gap, there are plenty of weaknesses existing within the IoT ecosystem, which continue to provide open goals for attackers.
To defend against such lethal threats, security-by-design and open standards should be the guiding principles of IoT, working to prioritise security, interoperability and robust, internet-based protocols to mitigate risks.
Device authentication and encryption
A sound place to start is to make device authentication and encryption the central pillars of your IoT security architecture
A sound place to start, in this regard, is to make device authentication and encryption the central pillars of your IoT security architecture. The goal is to be able to prove that each and every device joining a network is not malicious, with tell-tale signs being rogue code, for example.
By ensuring each device is uniquely identifiable with digital certificates and therefore, properly authenticated when joining a network, you can ensure no tampered devices are able to infiltrate your overarching network.
Using technologies, such as Hardware Secure Element
Critically, passwords should be avoided altogether, these vulnerable to being stolen and cracked. And, while a similar vulnerability lies in the fact that all secure devices contain a private key, you can leverage technologies, such as Hardware Secure Element (a chip designed specifically to protect against unauthorised access, even if the attacker has physical access to the device), as an extra layer of defence.
Digital certificates are not the only option available in protecting those IoT devices that, if tampered with, could become the cause of physical threats. Physical Unclonable Function (PUF) can also be used to prevent tampering.
Physical Unclonable Function (PUF)
Through Physical Unclonable Function (PUF), a form of IoT device fingerprint is developed from the unique make up of a piece of silicon, which can be used to create a unique cryptographic key.
Unlike digital certificates, a secure infrastructure can be achieved through PUF, without the need for any additional hardware, as the key is not only stored securely, but it also becomes invisible to hackers, when the device is not running.
The importance of encryption
Use of AES encryption within radio chips, to scramble messages on the move, is the method adopted at Wi-SUN Alliance
Now, let’s turn attentions to encryption. The use of AES encryption within radio chips, to scramble messages on the move, is the method that we have adopted here at Wi-SUN Alliance. It’s a means of maximising data security, but also reducing power consumption in the devices themselves. Beyond AES encryption, it’s also worth considering topography at the design stage. Indeed, mesh networks are advantageous for several reasons.
They are more reliable, allowing data to be re-routed, should devices lose contact unexpectedly. Transmissions usually travel shorter distances, which improves power efficiency and performance, and frequency hopping functionality prevents attackers from jamming signals, which could deny the service altogether.
Open standards and interoperability
But where do open, interoperable standards fit in? As is defined by the European Committee for Interoperable Systems (ECIS), interoperability enables a computer programme to communicate and exchange information with other computer programmes, allowing all programmes to use that information.
Open standards then allow any vendor of communications equipment or services to implement all standards necessary, to interoperate with other vendors. This is incredibly useful from a security perspective. It means that all specs are stress-tested and verified by many users, and that any vulnerabilities are quickly detected, and remediated, enhancing security and reliability.
Need for open standards
Equally, open standards can accelerate time-to-market, reduce costs and ensure products are usable, with a variety of manufacturers’ processors and radios, with a steam of publicly available protocol stacks, design information and reference implementations available that can help build and future-proof secure products.
Indeed, large-scale corporate IoT networks alongside smart cities, smart utilities, and other key smart infrastructure will only continue to evolve, in the coming years. With the immense threats of attackers in mind, these systems must prioritise security-by-design, both now and in the future.