The Internet of Things i.e. IoT is swiftly grabbing entire world and holds the potential to empower and advance nearly each and every individual and business. A large number of IoT applications deal with sensitive infrastructures, strategic services such as the distribution of water and power, or handle sensitive information about people, such as their location and movements, or their health and purchasing preferences , Transport Services including Vehicle Management and the list go on . Hence, security plays an important factor on an IoT implementation.
Any IoT-enabled system may be looked upon as a physical network of basic sensors and intelligent edge devices that connect to each other and to application gateways. These application gateways collate the inputs from a multitude of end-points, and analyze this information to produce actionable intelligence.
The IoT architecture essentially comprises of components falling into three categories:
- Wireless Sensor Network (WSN) – a collection of distributed sensors, typically performing a single function which involves sending or receiving small data packets at intervals. These sensors connect to an Edge Gateway, a smart device that performs local processing and protocol conversion in addition to providing local storage for the data collected from the WSN.
- IoT Gateway – hosts message queues and a Service Delivery Platform to receive, process and forward incoming data to storage. This middleware layer also hosts any security and management services required to secure and manage the WSN.
- Storage, Analytics and Presentation segment – lies in the Data Centre and hosts the backend storage, ERP, big data analytics and the core applications acting upon the data being collected and collated.
Security challenges with IoT
The WSN & IoT Gateway pose a host of security issues that are not found in traditional IT environments and hence, cannot be surmounted using the traditional security measures as is. The following are the key Security challenges
- Denial of Service or physical attacks like theft or damage
- Sensor cloning and substitution, firmware replacement , Patch Management
- Network attacks like eavesdropping, traffic analysis, data tampering etc.
- Camouflage and impersonation attacks
- Authentication schemes and cryptographic data protection techniques tailored to suit the low processing power and low bandwidth world of sensors.
- Secure channel and reliable data collection only from authorized assets
- Protection of privacy of the devices and of any individuals involved in supplying the data
- Enforcing a rule or policy based access control and authorization scheme
Following are Security recommendations which should be applied by the IoT Manufacturers before getting into the serious IoT Business.
- Remote Management System (RMS) –Complete device and application management for an IoT deployment by enabling device registration and managing all associated properties.
- Security Services Framework (SSF) - Addresses strong Multi Factor Authentication requirement, Provides User Management, Credential Management, Authentication and Authorization
- Key Management Server (KMS) - Offers complete key life cycle management through secure generation, storage, distribution, use and destruction of both symmetric and asymmetric keys.
- PKI Server - Enterprise CA servicing IoT users and devices by providing digital certificates for authentication, infallible integrity protection using digital signatures and strong encryption.
- Security Services App -Certificate Provisioning, Digital Signing, Data Encryption and Authentication
- Security Services Agent -provides strong authentication, digital signatures, encryption and key management to other applications running on the device
- Security Services API- Allows a third-party App to interact with the Security Services Agent and invoke the offered security services. Allow an App to perform security operations like digital signatures, encryption, authentication etc. without invoking the Security Services App. Enables secure access to the Secure Elements or other file-system based key stores
- Security Cardlet for Secure Elements -supports basic cryptographic operations like key pair generation, public key export, PIN verification and data encryption/decryption
Authored by Deepak Ghai
TCS Enterprise Security and Risk Management