Challenges in Securing Internet of Things (IoT) technology

What do we actually mean by “challenges in securing Internet of Things” ? What is its necessity that we secure our watches and lights at home that is or will be connected to the internet? We all have heard of hackers. Some of us may have even been hacked. So if the internet is hack-able, then so is everything related to the internet. Internet of Things is already considered to be the next industrial revolution. This includes the soon-approaching trillion mark- number of sensors that are being added to internet via IoT. Gartner estimates a 26 billion units would be added to the internet by 2020 and this is exclusive of the PCs, laptops and phones. So yeah, its pretty critical to secure all these systems that is well on the way to becoming essential parts of our lives. The following are the major concerns when it comes to security challenges of IoT.

Hardware Vulnerabilities:

hardware vulnerablities in IoT

Hardware Vulnerabilities occupy the prime position in IoT security challenges

We’ve been through like 30 years of security measures for the technology world and that ought to give IoT devices a basic framework for the security measures. The methods though might be the same, the hardware presents a serious drawback in implementing the aforesaid security measures. IoT devices are meant to be tiny, so objective specific. They do what they are intended to do-collect data, rely it or access connectivity. This means that additional hardware for security at that size are yet nascent.  Like a domino effect, one single vulnerability found in a single IoT device in the network could lead to massive security nightmare to the entire network of such connected devices.

Researchers from a French institution called Eurecom conducted a series of tests on some 32000 firmware images from various IoT device production companies and found 38 vulnerabilities like poor encryption techniques and backdoors that open up to hackers and create a series of data related violations. This is perhaps the foremost challenge faced by IoT today.

Data Collection, Protection and Transmission:

Data Collection, Protection and Transmission

Data Collection, Protection and Transmission

IoT operates basically on the collection of data, its transmission and its analysis. Per second, terabytes of data are

being recorded, transmitted and received by various IoT servers using Big Data technologies. This collected data enables us to make smarter technology assisted decisions. Not so far into the foreseeable future, all moments of our lives, right from early morning wake up time to running distance per day and car wash times, everything is going to leave a digital trail. While a large amount of data can mean more accurate results, a hack would mean that all the information from all the users can be stolen, manipulated and misused.

This would be the second challenge faced in securing IoT. Data collection while regular and repetitive, storage of said data may be erased from time to time after it has been analyzed. This prevents hackers from obtaining entire data from the servers in case of a breach. Higher level encryption techniques could be employed for transmission to prevent wireless tapping of data.


Access Control :

Access control is especially important as when it comes to selection of granting the level of access to different components of devices connected to internet of things. Mandatory or based-upon-role access controls should be embedded in the operating system to limit the privileges of components, so that they perform only the operation that they are intended for. This is especially predominant because when an intruder is in the system via a single component, his access is restricted to that of the component’s access. This minimizes the effectiveness of a breach.

In case of network-based access control systems, if some intruder manages to get into the network using stolen corporate credentials and has gained access to the network, the information that has been compromised will be available in only such areas of network authorized by that credentials. Microsoft Active Directory is one such network based access control systems.

Device Authentication:

Every device on the connected network, when switched on should be able to authenticate itself in the network before recording and transmission of data. While it is not entirely possible for a user to authenticate his credentials with password every time his watch connects to the internet, machine authentication techniques should be employed based upon similar set of credentials stored in a secure area. This is especially a tough challenge as machine authentication at such a small scale has not been widely employed as of now.

Firmware updates and patches:

While rolling out firmware updates and patches to the devices and their corresponding software is not a big challenge in itself, the timing and the bandwidth consumption is impeccable when it comes to devices that perform critical functions. A heart beat sensor of a patient connected to the internet cannot be bothered with firmware update when the continuous operation of the device is of foremost importance. Hence these updates must be employed in such a way that it does not compromise the limited bandwidth or its functional safety.

Related Posts

About The Author

No Responses