Apptimate | Security
457
archive,category,category-security,category-457,dwpb-push-page,dwpb-allow-close,ajax_fade,page_not_loaded,,select-child-theme-ver-1.0.0,select-theme-ver-4.1,wpb-js-composer js-comp-ver-5.1.1,vc_responsive

Security

EU GDPR: General Data Protection Regulation

The upcoming EU privacy regulation is relevant not only for European organizations but any business looking at Europe because of its extended scope of applicability.

The new European General Data Protection Regulation (GDPR) is expected to lead to a revolution in the privacy world.  It will come into force by mid-2018, but time is short and there’s a lot of changes that must be implemented.

What it is

GDPR entered into force on the 5th of May 2016, and European Union member states must transpose it into their national law by 6th of May 2018.

The Regulation updates and modernizes the principles enshrined in the 1995 Data Protection Directive to guarantee privacy rights.

It focuses on:

  • reinforcing individuals’ rights
  • strengthening the EU internal market
  • ensuring stronger enforcement of the rules
  • streamlining international transfers of personal data
  • setting global data protection standards

The changes will give people more control over their personal data and make it easier to access it. They are designed to make sure that people’s personal information is protected – no matter where it is sent, processed or stored – even outside the EU, as may often be the case on the internet.

Most importantly, it aims at changing the way organizations that operate in the EU or that collect personal data from the Union’s citizens, approach data privacy.

The people, business, organization or other bodies that collect and manage personal data are collectively called “data controllers“. They must all respect EU law when handling the data entrusted to them.

What it means for individuals

Mandatory consent

  • People will have to receive the consent form in an easily accessible and intelligible form, containing the purpose of data processing.
  • They will have the right to withdraw their consent as easily as they gave it, this being particularly relevant for subjects who have given their consent as a child, or were not fully aware of the risks involved by processing.

The right to be forgotten

  • People will also have “The right to be forgotten”, or data erasure, which means that the company processing and holding his data will be obliged to delete it all, including copies.
  • This obligation is extended to third parties that have access to that data.
  • To strengthen the right to be forgotten in the online environment, the right to erasure should also be extended in such a way that a controller who has made the personal data public should be obliged to inform the controllers which are processing such personal data to erase any links to, or copies or replications of those personal data. In doing so, that controller should take reasonable steps.

Protect private data

  • Data protection by design’ and ‘Data protection by default’ are now essential elements in EU data protection rules.
  • Data protection safeguards will be built into products and services from the earliest stage of development, and privacy-friendly default settings will be the norm – for example on social networks or mobile apps.
  • Citizens will have the right to be informed about a data breach that affected their personal data in maximum 72 hours from the data holder becoming aware of the breach.

Access

  • Individuals will have the right to access information that contains a list specifying which data is being processed and the purpose of the data collection and management.
  • People will have the right to data portability, which means transmitting their personal data to another data controller.

What it means for companies

Harmonized rules

  • There will be a single set of rules throughout the European Union, which will cut costs of doing business in the EU. They will only have to report to one supervisory body.
  • Companies whose main activity consist of processing data systematically obtained by monitoring data subjects at a large scale or special types of data or data related to criminal activity, will need to have in place a Data Protection Officer (DPO). The DPO will have to respect the internal record keeping requirements.
  • GDPR will have to be respected by both companies that originate from Europe, but, also those offering services to EU citizens.

User data

  • Online identifiers including IP address, cookies and so forth will now be regarded as personal data if they can be (or are capable of being) without undue effort linked back to the data subject.
  • There is no distinction between personal data about individuals in their private, public or work roles – the person is the person.
  • Companies will have the legal obligation to inform users in the event of a data breach in maximum 72 hours from the moment they found out.
  • Data controllers will have to provide an electronic copy of all personal data free of charge, at request.
  • At the request of the users, companies must erase all their personal data, stop collecting it and have third parties delete it as well.
  • Also at citizens’ request, data must be transmitted to another entity, at users’ choice.

Security and privacy by design

  • Companies will have to design their systems with privacy in mind, rather than adding them. This mean that they must do all efforts to protect the privacy of their users.
  • Data controllers will hold and process data only if it is absolutely necessary for the completion of their duties.
  • Companies should implement techniques such as anonymisation (removing personally identifiable information where it is not needed), pseudonymization (replacing personally identifiable material with artificial identifiers), and encryption (encoding messages so only those authorized can read it) to protect personal data.
  • “Big data” analytics requires anonymised or pseudonymised data.

Substantial fines

  • The maximum fines can go up to 4% of the company’s annual global turnover, or €20 Million, whichever is higher. These are applied in the cases when the data subjects’ rights have been infringed, such as the cases when data has been processed without a legal basis, or cross-border transfers have been performed.

  • Other infringement could attract fines of up to 2% of the annual worldwide turnover or €10 Million, whichever is greater. This is applied for example when companies cannot prove they have adequate security, haven’t appointed a DPO, or haven’t established a data processor agreement.

How to prepare

  1. Put in place an accountability framework that will prove you meet the required standards.
  2. Design your product with security and privacy in mind, not add it later.
  3. Establish clear policies and procedures in the event of a data breach, so you can notify people in time.
  4. Verify your privacy policies and notices, so that it is easy to understand and accessible.
  5. Be prepared for citizens to exercise their newly gained rights, often with unrealistic expectations.
  6. If you are carrying out cross-border data transfers, including intra-group one, make sure you have a legitimate reason for transferring personal data to jurisdictions that don’t have adequate data protection regulations.

Security recommendations for IoT by BITAG

This is an extract of the excellent BITAG report “Internet of Things (IoT) Security and Privacy Recommendations”, published courtesy of BITAG, Broadband Internet Technical Advisory Group.

 

We highly recommend downloading and reading this report. And, even more importantly, to implement these recommendations, where the Apptimate platform can be a valuable part of your developer toolkit.

 

The full report can be found here.

BITAG believes the recommendations outlined in this report may help to dramatically improve the security and privacy of IoT devices and minimize the costs associated with collateral damage. In addition, unless the IoT device sector—the sector of the industry that manufactures and distributes these devices—improves device security and privacy, consumer backlash may impede the growth of the IoT marketplace and ultimately limit the promise that IoT holds.

BITAG recommended several security standards for IoT devices, including timely, automated software updates and password protection. The organization also said there should be more testing of customization options and an implementation of encryption best practices. BITAG also highly recommended allowing IoT devices to function if internet connectivity or the cloud fails, especially in the case of home alarm systems.

In the past few years, many devices now being connected to the Internet are not only personal computers but also a variety of devices embedded with Internet connectivity and functions. This class of devices has generally been described as the Internet of Things (IoT) and has brought with it new security and privacy risks.

Although consumers face general security and privacy threats as a result of any Internet-connected device, the nature of consumer IoT is unique because it can involve non-technical or uninterested consumers; challenging device discovery and inventory on consumer home networks as the number and variety of devices proliferate; negative effects on the Internet access service of both the consumer and others that run on shared network links; and effects on other Internet services when these devices are compromised by malware and become a platform for unwanted data traffic—such as spam and denial of service attacks—which can interfere with the provision of these other services. Importantly, the number and diversity of consumer IoT devices is growing rapidly, and these devices often function autonomously, without human intervention.

Several recent incidents have demonstrated that some devices do not abide by rudimentary privacy and security best practices. In some cases, devices have been compromised and allowed unauthorized users to perform Distributed Denial of Service (DDoS) attacks, perform surveillance and monitoring, gain unauthorized access or control, induce device or system failures, and disturb or harass authorized users or device owners.

Potential issues contributing to the lack of privacy and security best practices include: lack of IoT supply chain experience with security and privacy, lack of incentives to develop and deploy updates after the initial sale, lack of secure overthe-network software updates, devices with malware inserted during the manufacturing process, and more.

Recommendations

IoT Devices Should Use Best Current Software Practices

IoT Devices Should Ship with Reasonably Current Software

BITAG recommends that IoT devices should ship to customers or retail outlets with reasonably current software that does not contain severe, known vulnerabilities.

 

IoT Devices Should Have a Mechanism for Automated, Secure Software Updates

Software bugs should be minimized, but they are inevitable. Thus, it is critical for an IoT device to have a mechanism for automatic, secure software updates.  BITAG recommends that manufacturers of IoT devices or IoT service providers should therefore design their devices and systems based on the assumption that new bugs and vulnerabilities will be discovered over time. They should design systems and processes to ensure the automatic update of IoT device software, without requiring or expecting any type of user action or even user opt-in.

 

IoT Devices Should Use Strong Authentication by Default

BITAG recommends that IoT devices be secured by default (e.g. password protected) and not use common or easily guessable user names and passwords (e.g., “admin”, “password”).

 

IoT Device Configurations Should Be Tested and Hardened

Some IoT devices allow a user to customize the behavior of the device. BITAG recommends that manufacturers test the security of each device with a range of possible configurations, as opposed to simply the default configuration.

IoT Devices Should Follow Security & Cryptography Best Practices

Manufacturers should take care to avoid encryption methods, protocols, and key sizes with known weaknesses. Additional encryption best practices include:

  • Encrypt Configuration (Command & Control) Communications By Default
  • Secure Communications To and From IoT Controllers
  • Encrypt Local Storage of Sensitive Data
  • Authenticate Communications, Software Changes, and Requests for Data
  • Use Unique Credentials for Each Device
  • Use Credentials That Can Be Updated
  • Close Unnecessary Ports and Disable Unnecessary Services
  • Use Libraries That Are Actively Maintained and Supported

IoT Devices Should Communicate Securely

IoT Devices Should Be Restrictive Rather Than Permissive in Communicating

When possible, devices should not be reachable via inbound connections by default. IoT devices should not rely on the network firewall alone to restrict communication, as some communication between devices within the home may not traverse the firewall.

 

IoT Devices Should Continue to Function if Internet Connectivity is Disrupted

BITAG recommends that an IoT device should be able to perform its primary function or functions (e.g., a light switch or a thermostat should continue to function with manual controls), even if it is not connected to the Internet because Internet connectivity may be disrupted due to causes ranging from accidental misconfiguration to intentional attack. IoT devices that have implications for user safety should continue to function under disconnected operation to protect the safety of consumers.

 

IoT Devices Should Continue to Function If the Cloud Back-End Fails

Many services that depend on or use a cloud back-end can continue to function, even if in a degraded or partially functional state, when connectivity to the cloud back-end is interrupted or the service itself fails.

IoT Devices Should Be Maintained Securely

Manufacturers should support an IoT device throughout the course of its lifespan, from design to the time when a device is retired, including transparency about the timespan over which they plan to provide continued support for a device, and what the consumer should expect from the device’s function at the end of the device’s lifespan.

More detailed recommendations can be found in the report here.

Object Security

This post is an adaptation from a blog post by Apptimate Security Lead Joakim.

Introduction

The Internet of Things (IoT) is coming.

With it comes new security challenges from the constrained and asynchronous nature of IoT.

IoT is a wide term used to describe anything from industrial control systems to smart homes. The devices are thought of ranging from powerful devices like Raspberry PIs to constrained NFC chips. Everybody has their own view. Much of the challenges associated with IoT devices springs from the nature of constrained nodes. These nodes, or devices, are constrained in the sense that they have low processing power, a small amount of RAM and often operate on battery power.

Terminology

Channel Security

Channel security (“session”, “tunnel”, “VPN”) is a term used in communications security which describes a secure channel used by an application to transmit data. The channel is negotiated and managed by a protocol at the data, network or transport level in the protocol stack. The channel handles the data agnostically; it does not know anything about the payload.

Object Security

Object security is a term used in communications security describing secure communication with no need for a secure channel. Instead of relying on a communication protocol lower in the stack to handle the encryption, the application that created the message will handle encryption and decryption of its own communication.

The key difference between traditional channel security and object security is that in object security an application handles its own secure communication. This has the effect that when using object security an application does not need to trust a channel and the different relaying nodes between sender and receiver.

Consider the case of an email message.  When it’s carried over an IPSEC or TLS secured connection, the message is protected during transmission.  However, it is unprotected in the receiver’s mailbox,    and in intermediate servers, hubs, etc., along the way.

By contrast, with object security, the entire message is encrypted and integrity protected until it is examined and decrypted by the recipient.  It also provides strong authentication of the actual sender, as opposed to the machine the message came from.

Apptimate Asynchronous Object Security provides all necessary functionality, including encryption key distribution, for simple application development of full end-2-end security in just a few lines of code.

Characteristics of IoT networks

The characteristics of constrained devices calls for a different set of solutions than the ones commonly used for non-constrained devices. The InfoSec community needs to explore how to provide information security on constrained devices communicating over insecure channels, i.e, how can message integrity, secrecy, replay protection, message freshness guarantee, and sequence ordering be provided for the Internet of Things.

There are some properties of constrained networks which have significant impact on how communication works compared to how it works on traditional networks.

Firstly, communicating parties operating on battery power will naturally want to save battery. Therefore the network part of a constrained device will be turned off for as much time as possible. This means that the normal case will be asynchronous communication and because of this, caching nodes are the norm in IoT.

Second, when sending data on the network, you want to send as little data as possible. This is of course always a good thing but it is extra important for constrained nodes; power consumption from network hardware is very high compared to cryptographic operations. Another aspect of minimizing transmitted data is that large data packages will require larger buffers on the recipient node, something that might not be available on constrained nodes.

Sending large packages also increases the re-transmission amount. If a fragment of a large message is dropped by the network, or there is an error somewhere in a packet, all of the message might need to be re-transmitted instead of just a small part. Packet fragmentation can be a considerable source for network overhead.

The situation, and what we should do about it

Traditional methods

Secure communication for constrained nodes can certainly be achieved using traditional methods such as channel security. A popular channel security protocol for constrained devices is DTLS.

The security in these traditional protocols protects the channel, not the data itself, hence the name. Since many devices operate on battery power it is important to use as little resources as possible, both in terms of power consumption and memory/CPU usage. The consequences of this is very often seen in devices designed so that they sleep for as much time as possible.

The core problems with security in IoT is that Application traffic is asynchronous, which makes caching a requirement for a well functioning network. To achieve this, caching proxies are often used.

Consequences of using traditional methods

Herein lies the core problem of this post. If a proxy is to be used for caching data, and channel security is used, the security can follow two patterns. Hop-by-hop or end-to-end security.

Hop-by-hop security

The first pattern, hop-by-hop security, visualized in Figure 1, is to terminate the channel security session in the caching node, effectively dividing the security in two parts. One part from the sender to the caching node and one part from the caching node to the receiver.

Figure 1: Hop-by-hop security

Doing this forces the data to be decrypted at the caching node; the caching node needs to re-encrypt the plaintext for the receiver. The data integrity and confidentiality will therefore not be end-to-end between the client and server, but hop-by-hop from client to proxy and from proxy to server.

Hop-by-hop security can only be relied on if all partners are trusted. This is not a good assumption for a secure and robust system. The possibility of malicious nodes opens up for both passive eavesdropping attacks and active attacks such as man-in-the-middle attacks on the communication. These kind of attacks are a very real threat and there has been countless examples of them. Hop-by-hop security is sometimes also referred to as point-to-point security.

End-to-end security

The second pattern, end-to-end security, visualised in Figure 2, is to not terminate the session at the proxy but instead keep the channel security enabled through the proxy. This thwarts the possibility for the proxy to attack the session in a meaningful way since it prevents it from reading the data or changing it without detection.

Figure 2: End-to-end security

True end-to-end security is thereby obtained but important functionality is also lost. With channel security used for end-to-end encryption, it is all or nothing; all data originating from above the session layer has to be secured. The inability for a proxy to change or read anything from the transport layer and higher layers is not without negative consequences. A proxy often carries a lot of functionality on higher layers that is broken by end-to-end channel security. For example, a CoAP caching proxy can not cache any data for connections that tunnels through the proxy using channel security. CoAP is a protocol designed to work closely with proxies; the protocol will be crippled without the proxying functionality.

Advantages of transitioning to Object Security

When the end-to-end security is based on object security instead, the protocol can pick and choose what part of the data that should be confidential or integrity protected. For example, it would be possible to encrypt the payload, integrity protect static parts of the header and leave variable header parts be.

Protecting certain parts of the header can be very important. A malicious intermediate tampering with the header can do considerate damage. For example, an attacker could change the method code from GET to DELETE, thereby deleting a resource instead of fetching the current value. This is one reason for why encryption of just the payload of the CoAP message is not sufficient.

In conclusion, object security enables end-to-end security without preventing proxy operations, if done correctly.

Network Overhead

Another important aspect when comparing object security and channel security for constrained devices is the network overhead produced by the different technologies. The overhead in a session based security protocol is composed of both the handshake and the overhead that the protocol produces when encrypting and integrity protecting data.

In an object-based security protocol the encryption parameters can be pre-established, in which case the overhead consists solely of the overhead produced when encrypting and integrity protecting, no handshake takes place.

Conclusion

Using channel security protocols, such as DTLS, for constrained nodes is often not the best solution. Protocols based on object security can often be a much better fit.

One of the most popular IoT protocols targeting constrained devices is CoAP. There is now an ongoing development of an OSCoAP protocol for securing constrained devices. This is an end-to-end object security protocol which aims at reducing the overhead and complexity by adding object security as an option in CoAP packets.

The value of Smart Home data

What’s the value of the data generated in a Smart Home?
And, more importantly, who owns it?

In the same way that a smartphone is not about having smarter phone calls, the Smart Home is not about the connected things. It’s all about the applications that will be derived upon all devices, data, businesses, people, etc.

To answer the question: If you own your house and turn it into a Smart Home then it is quite simple; You own your data. And it will be valuable.

You have all the rights to sell it or trade it to different service providers, like the power, cable or home security company. Maybe you don’t think about that every time you sign a contract for a service, but you should read the small print and see that you get value for your data. Or the service provider might try to generate value from your data without giving anything back to you.

But if you rent your place then things get more complicated.

Now the building itself becomes a hub, connecting the tech of the house with external and internal users, like the power company on the outside and the tenants on the inside.

These connected buildings have some new characteristics:

  • Buildings become self-aware and continuously anticipate and adapt to changes in weather, time of day, occupant needs, and socioeconomics.
  • Buildings will transact with utilities (including electricity, gas, and water), local power sources, and other buildings to provide services that will benefit building owners, utility operators, and the entire community.
  • Buildings will minimize their life-cycle cost while meeting their objective functions through optimizing energy and water use, enhancing health and the productivity of occupants, contributing to a cleaner environment, and actively supporting better living.

The important, but complicating, thing is that this is not a Big Data solution by default, as many early initiatives assume. Not one big central IoT platform that controls everything. This is because of many different data owners. The tenants own their data about their family and usage of their apartment and it’s connected appliances, home networks, TVs, etc., and this has data must be managed in a secure and privacy-protected way, or it will be impossible to lease those flats. Think of the landlord installing cameras in the shower… Privacy and security issues here is literally very close to home.

Next is the owner of the building. They have two assets generating valuable data, the sensors and tech of the building and the data about their tenants, probably anonymized and processed for statistics. This value will not be given away. It will be sold. These buildings will all be players in a new assets trading market for realtime data. Even if it is just to have a reduction on the power bill, it will be an asset that can be traded.

And so on…

All the participants in the Internet of Buildings, as a subset of smart city, smart home, smart predictive maintenance, smart grid, etc will be smart enough to realize the value in owning, controlling and capitalize upon their data.

Or some smart IoT entrepreneurs will take that position in the market like an AirBnB or Uber service for data.

6 Iot Security Fundamentals That Need To Be Solved

This is “6 Iot Security Fundamentals That Need To Be Solved” presentation from the IoT conference in Lund:

6 Iot Security Fundamentals That Need To Be Solved from Øredev Conference on Vimeo.

Internet of Things is still very immature. There is not even a consensus in what it means. It covers many different technologies like the new entrants wearables and connected household supplies, but also the very mature technologies in m2m. Vendors large and small hurry to launch products and take their stakes in this emerging markets. ITU-T standards and industry consortiums popping up everywhere that try to make some order in this chaos, but there are no common agreed uniform standards just yet.

So, if you start your IoT development projects today, there might not be one simple way of doing secure IoT. Different products and implementations require different solutions and strategies. A wearable will be something completely different from a connected medical device, or a Smart Home, or Smart City. However, there are some common characteristics that need to be handled as product design criterias from the start:

1. IoT products must die
2. Rosetta stone
3. Thanks for letting me in!
4. The fall of the wall
5. Rubber bands
6. The disappearing act

 

The presentation contains a clip from a BlackBerry Security presentation. A great live hack of a tea kettle!

6 IoT security fundamentals that need to be solved

The nice thing about standards is that you have so many to choose from;
furthermore, if you do not like any of them, you can just wait for next year's model.
- Andrew S. Tanenbaum

Internet of Things is still very immature. There is not even a consensus in what it means. It covers many different technologies like the new entrants wearables and connected household supplies, but also the very mature technologies in m2m. Vendors large and small hurry to launch products and take their stakes in this emerging markets. ITU-T standards and industry consortiums popping up everywhere that try to make some order in this chaos, but as the quote says, there are no common agreed uniform standards just yet.

So, if you start your IoT development projects today, there might not be one simple way of doing secure IoT. Different products and implementations require different solutions and strategies. A wearable will be something completely different from a connected medical device, or a Smart Home, or Smart City. However, there are some common characteristics that need to be handled as product design criterias from the start:

Product Life Cycles

How do you cope with security patches? Remote update? When the Tesla was hacked they pushed a security patch to all cars. After the Jeep Cherokee hack, Fiat quickly issued a safety recall for 1.4 million U.S. cars and trucks to install the security patch. Two very different approaches, two very different costs and inconveniences for the users.

Photo by: ANDY GREENBERG/WIRED

And then there is Product End of Life. What happens when your products aren’t maintained anymore? Companies change, suppliers go out of business or get bought, product lines are closed, old standards are abandoned. But the product that should have been retired is still online doing what it was installed to do. When the connected things no longer are updated, they become more vulnerable to attacks. An immortal IoT product will eventually be taken over by hackers.

Just think about the struggles Microsoft have had trying to end support for Windows XP.

Interoperability

Most solutions of today are a complete product; device – cloud – app from the same supplier. Very little system integration thinking, especially when you want to mix and match solutions from different vendors. Many big players in the IoT create their own ecosystem by designing solutions for their own smart things to be able to interact.

Say you buy a home alarm system from a supplier that connect to the Internet and can be controlled with an app. Down in the basement you have a heat pump from another supplier who is also online and can be controlled via another app. Eventually, the user would end up with an app for every smart gadget, and too many apps would mean that none would be used. Take the hilarious situations with the remotes on your living room table, one for the TV, one for the sound system, one for the cable modem, one for the lighting and multiply that with all potential gadgets at home, in your garden, your car, at your office…

By agreeing on how interoperability can be solved, existing suppliers and inventive entrepreneurs can develop new solutions and apps that automate and control the myriad of sensors and gadgets, providing radically new solutions and abilities cross-vendor technologies. But this openness also opens for malicious attacks, hacking, and other criminal and destructive behavior. With all data easily exposed it would be a simple thing to know when the house is empty for burglars to enter, to stalk people and to steal their identity.

Your solution must take into consideration the whole communication chain, from the device to possible aggregation hubs and cloud storage, to the actual user that might have a mobile app. The whole chain must be protected and secure, even if the app and the devices are from several different manufacturers.

Remote Control

IoT is not only about gathering “harmless” data from sensors, like temperature or an opening door. IoT will also give applications access to control real physical devices that can cause some real world damage.

What if it’s your oven that gets hacked? If you remove the safety features and turn the heat up way over max, then your kitchen, or even the whole house, burns. It might be by mistake by a hacker searching for information to steal but can just as easily be used for extortion schemes. Or even worse. As in the example of the Jeep Cherokee hack, turning off your breaks remotely is the perfect remote assassination method.

A non-secure Internet of Things will open a completely new door for terrorism and destruction.

Decentralized Communication over Public Networks

Most IoT devices will be placed outside the traditional fixed networks protected by firewalls. They will use wireless connections provided by carriers or public WiFi connections. This will put a lot of requirements on the device and the accessing applications to communicate securely over non-secure networks.

Most security technology of today is derived from the fixed network world with centralized servers talking to clients over a wire, using sessions and encrypted synchronous tunnel communication. This architecture maps poorly to the Internet of Things world.

Things will often communicate directly with other things. Take for instance a thermostat that adapts its behavior based on heat sensors in different rooms. Things will also sleep to save batteries. A device might wake up and gather some data and go back to sleep again after having evaluated that data. Radio signaling requires a lot of energy so the device will only connect and sent data when it is necessary, to save battery. This means that the communication will be bursty in its nature.

If the “listener” is also running on batteries, it should also be asleep when not in use. Neither the sending or receiving device should be required to stay awake and wait for the other one to wake up before signaling since that would reduce battery life. Ideally the communication should be asynchronous, like e-mail or messaging, instead of synchronous, like a phone call where both are online at the same time.

A secure connection will require strong encryption since the communication is outside the protection of traditional firewalls, and that is heavy on processors. Unnecessary signaling of raw data draws battery both for the encryption process and the radio connection, so if you want the device to have long battery life you need to design the device with some intelligence that makes simple decisions, like “tell the heater that this window has been opened if the temperature is below 15 degrees”.

Communication over Varying Connections

Another complicating factor of the wireless connection is that, depending on the device and application, the radio connection might be unstable. If your application is a sensor in a home you could probably rely on bringing your own IoT radio standard like Zigbee or Bluetooth into the application. But if you require longer distances or moving objects like a connected car your connection will be unstable and unreliable, jumping between networks. 4G, 3G, GPRS, public WiFi, etc. You will lose connection in radio shadow, and how do you manage roaming between these different network technologies, without losing data or increased security risks?

This problem is also addressed with asynchronous security and communication like discussed above, but in this case, it’s not about saving battery. It’s about having a reliable communication where information is sent and received without both end-points having to be online at the same time. The information must get through as soon as technically possible without any lost data packages.

Simpicity

How many routers and firewalls out there are still using the default password “password”? The vast number of common users will need to have automatic configuration and security. Remember the blinking 00:00 on the VCR? Have you set the time on your microwave? The suppliers of apps, systems and devices have to figure out how to protect the user without putting any requirement or blame on them.

You also have to provide simple but secure authentication mechanisms for all the people/systems/products accessing the device.  Without complicated setups etc.

The only security worth anything is the one that gets used. So your solution must be easy to use for the users, for the administrators and for the developers and integrators.

Many commentators described 2015 as “the year of IoT,” but so far, it has been a year of bad press. As an example, security firm Kaspersky recently ran a damning critique of IoT security challenges, “Internet of Crappy Things”.

Apptimate solves many of these issues. Contact us here to know more.

Internet of Things Security Challenges Means New Opportunities

IoT needs standards and interoperability

app-worldWe are rapidly heading for a world where everyone and everything is connected in a global mesh network. Today’s over-hyped early stage market will have to mature for the real solutions to come.

Most solutions of today are vertical; device — cloud — app. Very little horizontal and system integration, especially when you want to mix and match solutions from different vendors. Many big players in the IoT create their own ecosystem by designing solutions for their own smart things to be able to interact.

Say you buy a fridge from a supplier that connect to the Internet and can be controlled with an app. Down in the basement you have a heat pump from another supplier who is also online and can be controlled via another app. Eventually, the user would end up with an app for every smart gadget, and too many apps would mean that none would be used. Take the hilarious situations with the remotes on your living room table, one for the TV, one for the sound system, one for the cable modem, and so on, and multiply that with all potentially gadgets at home, in your garden, your car, at your office…

By agreeing on how interoperability can be solved, existing suppliers and inventive entrepreneurs can develop new solutions and apps that automate and control the myriad of sensors and gadgets, providing radically new solutions and abilities cross-vendor technologies.

But … Interoperability is a security threat

This openness also opens for malicious attacks, hacking, and other criminal and destructive behavior. With all data easily exposed it would be a simple thing to know when the house is empty for burglars to enter, to stalk people, to steal their identity, and so on.

The amount of damage that can be done is way greater than today. Take the recent hacks, like the Sony Entertainment hack; they were, of course, devastating for the companies, but it was still just information on their network, mostly historical data. Hacking the IoT world means access to real-time control of physical devices. How about turning off the breaks on a moving car, turning off the cooling system on a power plant or pulling the plug on an Air Control Tower? Or change the dose on an insulin pump? The amount of damage that can be done remotely will also open a new “market” for extortion and cyber warfare.

IoT will require a new level of security and privacy protection, simple enough for anyone to use, but hardened enough to make it impossible to break. Especially since most of these things will move around and communicate on public networks outside firewalls.
Based on this threat scenario we created apptimate.io, to provide a platform for developers making it easy to implement hardened communication security and privacy protection in any connected device, app or “thing”.

And… Age is a security threat

best-before-dateAll technology gets outdated, including these “things” and they need maintenance releases and patches. What happens when those products aren’t maintained anymore? Companies change, users don’t flash products with the latest firmware, suppliers go out of business or get bought, product lines are closed, and so on. But the product is still online doing what it was installed to do. When the connected things no longer are updated, they become more vulnerable to attacks. An ageing IoT will eventually be taken over by hackers.

IoT “things” should have a manufacturer defined shelf life and stamped with a “best before date”.

A business opportunity

The life span of a “thing” is is something that could be “self-controlled”. Many sensors are running on battery. Depending on what the sensor does and how it is constructed its battery has a life span. Interesting developments in battery technology increase lifespan to several months or years. So, if the supplier has a replacement program for dead sensors, they can update software as the same time as they charge or replace the battery.

This would also make way for a new business model; “Things-as-a-Service”.

IoT and the exploding need for security

Source: IDC Government Insights.2013

We are rapidly heading for a world where everyone and everything is connected in a global mesh network. Today’s over-hyped early stage market will have to mature for the real solutions to come.

Most solutions of today are vertical; device – cloud – app. Very little horizontal and system integration, especially when you want to mix and match solutions from different vendors. Many big players in the IoT create their own ecosystem by designing solutions for their own smart things to be able to interact.

Say you buy a fridge from a supplier that connect to the Internet and can be controlled with an app. Down in the basement you have a heat pump from another supplier who is also online and can be controlled via another app. Eventually, the user would end up with an app for every smart gadget, and too many apps would mean that none would be used. Take the hilarious situations with the remotes on your living room table, one for the TV, one for the sound system, one for the cable modem, and so on, and multiply that with all potentially gadgets at home, in your garden, your car, at your office…

By agreeing on how interoperability can be solved, existing suppliers and inventive entrepreneurs can develop new solutions and apps that automate and control the myriad of sensors and gadgets, providing radically new solutions and abilities cross-vendor technologies.

But this openness also opens for malicious attacks, hacking, and other criminal and destructive behavior. With all data easily exposed it would be a simple thing to know when the house is empty for burglars to enter, to stalk people, to steal their identity, and so on.

The amount of damage that can be done is way greater than today. Take a recent hack like the Sony Entertainment hack; it was, of course, devastating for the company, but it was still just information on their network, mostly historical data. Hacking the IoT world means access to real-time control of physical devices. How about turning off the breaks on a moving car, turning off the cooling system on a power plant or pulling the plug on an Air Control Tower? Or change the dose on an insulin pump? The amount of damage that can be done remotely will also open a new “market” for extortion and cyber warfare.

IoT will require a new level of security and privacy protection, simple enough for anyone to use, but hardened enough to make it impossible to break. Especially since most of these things will move around and communicate on public networks outside firewalls.