Can You Identify When it’s Safe to Connect Things?
Internet-connected things are already here. More are on the way, so everything is fixed, right? The IoT has faced a fair share of unseemly headlines, and it’s likely there will be many more until things are appropriately secured against attack. Easy to write, hard to achieve. What are we defending against when data security can affect your safety?
If we start by defining a “thing” as a small networked computer able to sense or control its physical environment, a data breach doesn’t simply mean a loss of confidential information. Real world consequences can result from compromised devices feeding data into an IoT platform. Researchers at Ben Gurion University were able to fool the Waze social navigation system into rerouting Waze users around a traffic jam that didn’t exist. By enrolling fake users and fake devices, they were able to inject fake GPS coordinates into the system. The real-world outcome was users diverting to alternate routes at the attacker’s choosing. Could an attacker divert an autonomous vehicle relying on social navigation information? Could an attacker identify when a bitcoin millionaire entered the vehicle? Could an attacker choose to stop a vehicle with brute force in a hostile neighbourhood?
The answer to these challenges is identifying sources of information before relying too heavily upon them. What if a GPS receiver chip could sign its payload before the coordinates could be modified by software? A data payload containing a signed GPS coordinate from a genuine GPS chip is more likely to be generated in the claimed location. It may be more useful to know that the GPS chip was built into a car. We don’t need to know whose car, or who’s in it—just that a car reported it. This is the first step toward “clean data”—identifying sources and knowing data provenance. It’s all about identity.
Unfortunately, it’s not so simple to add cryptographic protection to every sensor manufactured. Crypto costs time and energy to implement, administer and operate. These costs are unlikely to be added to anybody’s balance sheet in the face of unknown threats. But there are compromises, and doing nothing isn’t an option.
Not so long ago, things used to be designed, hardware prototyped, software developed, tested, certified, safety checked, identically mass-produced and shipped out the factory gate, and the manufacturer hoped to never see or hear from those products again. Occasionally, product recalls over safety concerns were dealt with through adverts in the national press, but when was the last time you read a newspaper cover-to-cover? Does product registration work? The average success rate of a product recall is between 10 and 20% in the UK. What was once certified safe may no longer be.
Internet-connected things now have a continuous connection to the factory—they never leave sight of the manufacturer, and now each thing has a real-life user wanting a connection with the manufacturer, too. Yet, with that connection comes the threat of unauthorized access and corruption by attackers. Information security now has a direct impact on safety. What was secure yesterday may no longer be secure today, and it’s anyone’s guess as to what vulnerabilities will be found tomorrow. When—not if—the connection is no longer secure, the product may no longer be safe until remedies are applied. The manufacturer will need to authorise a product update and possibly notify its user to initiate an urgent install at a time when it’s least likely to cause inconvenience or down-time. Who’s in charge of when an update happens and who needs to know?
Identity will be everywhere in the IoT. Things will need to secure multiple identities within themselves to represent their user, manufacturer and even embedded sensor data streams. Manufacturers will need customer identity and access management (CIAM) to manage relationships with their end users. Manufacturers will need to maintain registries to gain visibility of devices and their status. Manufacturers will need strong employee access control mechanisms to push authorised firmware updates to maintain the security posture of things. Markets may form around users granting third-party access to their data in exchange for value.
Perhaps connected things need labelling so people know what they’re buying. Food labelling is a good analogy. May contain nuts versus where your thing was manufactured. High sugar and salt content versus the privacy trade your connected thing is making in exchange for a low up-front cost. Use by dates versus when your connected thing will no longer receive security updates. A static label isn’t enough as it only gives a snapshot and doesn’t reflect the current environment. Identity and access management of things will help us know when it’s safe to connect.
New business models, services and product experiences and cost savings promised by the IoT all depend on how chip-to-cloud identity assures intelligent operation.
To understand more please read this white paper and survey.
By Robert Brown