Image source: https://pixabay.com/photo-3090704/
Source: IoT House Network Compiled by Winter Night
2018 will be a crucial year for the Internet of Things. It is estimated that 2.8 billion new devices will be connected to the Internet, enabling scenarios that appeared in science fiction a decade ago. Connected medical devices, watches, home automation devices, smart cities, smart cars and industrial equipment, to name a few, will change the way people communicate with each other and with their environment, both in the personal and commercial spheres.
Now is the perfect time to reflect on the mistakes we have made in the past and resolve to do better in the future. The first thing I think about is security; it's easy to get immersed in the new things that the IoT brings, but we can't ignore the security risks that come with it.
More than a year ago, the Mirai malware took control of hundreds of thousands of IoT devices and launched one of the largest and most destructive cyber attacks. According to Webroot, "The fundamental problem is that IoT manufacturers focus only on the functionality of their devices and don't invest in adequate security testing. "
So, I think we should all make this decision in the coming year: make security part of the IoT design process! But what does that really mean? This article focuses on some of the issues that need to be taken into account from the very beginning.
1.Does the equipment perform safety-sensitive operations?
If hackers were able to control the actuator signals of insulin pumps or nuclear plant valve controllers, then obviously this would pose a huge security problem. Even controlling a less critical device like a thermostat can be a safety issue in the cold winter months. Conversely, controlling your robot vacuum cleaner may not have a greater impact.
Safety is more important than anything else. Whether or not the equipment involves a safety hazard will be an important factor in what strength safety measures you consider.
2.Does the device handle sensitive information?
Any kind of privacy-sensitive information should be taken seriously, especially with the upcoming implementation of GDPR regulations in Europe, which will result in significant penalties if this data is mishandled. Sensitive information doesn't just mean personal information; financial data, login credentials, telemetry and configuration all need to be carefully protected.
When designing a product, ask yourself what the consequences would be if a hacker had access to this data. If you find this consequence unacceptable, then you should consider using password encryption for data in storage and in transit.
3.Does your device require a secure identity?
It's worth noting that only authorized IoT devices can be added to your IoT ecosystem!
Imagine what would happen if a hacker's device could masquerade as a car sensor and trigger the behavior of some self-driving car control system. What happens if the insulin pump receives a reading from a fake glucose sensor? In security-sensitive situations, it is critical to verify the identity of IoT devices.
Encrypted secure identities provide strong authorization for devices and and are applicable to multiple scenarios to ensure that all devices in the IoT ecosystem are trusted.
4.Are you implementing the correct encryption method now?
For data protection, secure communication and authentication, cryptography is a forward-looking technology that is difficult to implement and deploy correctly. Encryption will protect the data, but you must also protect the key.
A feature of the IoT is that these devices are often in a physically uncontrolled environment, giving hackers more direct access to the devices and therefore making it easier to reverse engineer the devices to find keys. Protecting the key may require installing special hardware secure storage keys on the device, or if that is not possible, implementing white-box encryption.
You also need to consider the entire lifecycle of key management. How are keys generated and distributed? Keys are often generated on unprotected computers with private keys that are not adequately protected or backed up, creating a serious security vulnerability. Proper key generation and distribution requires specialized technology, facilities, processes and personnel, and if these functions cannot be performed by your own business, then you may need to outsource the key generation and configuration to a service.
5.How do you protect apps on IoT devices?
You should consider protecting your application as part of the development lifecycle. Many tools are available to analyze the code for potential vulnerabilities that you should patch before deploying the code to the field.
Of course, new vulnerabilities are constantly being discovered, and you should have some way to safely update these devices after deployment. Consider using a secure authentication channel when deploying patches to devices, and use code signing techniques to ensure that only authorized updates are installed.
Deploying IoT devices in an uncontrolled environment provides many opportunities for hackers to reverse engineer code, so it is important to evaluate tools to stop tampering.
There is still a lot of work to be done to improve the security of the IoT, but considering these five issues should put you on the path to a more secure IoT deployment. Good luck to you in 2018!
About us: more content on the site!
>>1、A programming problem choose a number of numbers between 1 and n such that their sum is m2、Recursion vs pseudorecursion difference Python implementation of recursion vs tail recursion3、JSON for Programmer Web Interviews4、Low Carbon Industrial Park Monitoring System Based on HTML5WebGL5、6 Sins New Web Designers Should Avoid