Preventing IoT Hacking - Takeaways from 3 IoT Security White Papers
James SchaeferJames Schaefer
IoT security is often perceived as a hotbed of failures. However, extensive progress is being made in the field and a multitude of companies are working to solve the common problems that result in the security failures that are often in the news. Here are just a few examples of the kinds of problems faced in the field of IoT security and the solutions companies have developed to address them.
A common problem in IoT is device spoofing. The basic attack is this: an adversary creates a device that mimics hardware on an IoT network and uses their newly created device to feed false data into the IoT network. This results in unreliable data and affects not only the device's individual data, but also the results of any machine learning that includes the device's data in its corpus.
Enter IOTA, an IoT 'blockchain' company. IOTA is a cryptocurrency that uses a technology similar to blockchain, known as 'the tangle', to ensure the authenticity of device data and the immutability of a device’s data record. The authenticity of device data is ensured through the treatment of IoT devices as IOTA wallets, which uses asymmetric cryptology to prove that a transaction (data point) came from a specific wallet (device).
IOTA has plans beyond IoT security, however. IOTA’s roadmap includes support for a feature known as Masked Authenticated Messaging (MAM), which acts as a secure means for sending data across the tangle. This would allow developers to set up endpoints that listen for data from devices they are authenticated with and use the tangle as a backbone for the data the devices generate.
IOTA’s developers ultimately plan to use MAM to allow people to 'bid' on data from devices connected to the tangle; automating the buying and selling of IoT device data.
The Internet of Things is more than just remote sensors collecting data in a field; wireless keyboards, smart thermostats, and smart lightbulbs are all examples of IoT devices. All of these systems use common radio frequencies and protocols, such as ZigBee, to communicate amongst each other, a central hub and, ultimately, the internet.
But, with dozens or even hundreds of these devices operating in a building at the same time, how does one ensure that none of them are being hijacked or used for nefarious purposes?
This is the question that Bastille Security is aiming to answer. Bastille's main offering is a mesh network of radio frequency (RF) sensors that can be deployed in an area to detect emissions between 100 kHz and 6 GHz. These sensors monitor the emissions and locations of all devices located inside their detection range.
Bastille's sensors can then detect new or unauthorized devices being brought into the secured area that may pose a risk to security. This system also determines when previously secured devices begin transmitting in ways that may indicate a breach in their security or when they may be performing attacks on other devices in the area.
All of this information is gathered automatically and fed into an analytics system that allows users to see potential security threats throughout their deployment. Users can then make decisions about how to eliminate these security risks. All data is logged, which allows for playback after an attack to gather insights and mitigate similar threats in the future.
A problem that has plagued electronic security since its inception is physical tampering. It is often said that once someone has physical access to your system they can own you. The standard method to address this is to put a tamper sensor in whatever casing your device has to warn you of the breach. However this isn’t always feasible or cost-effective, so PFP Security is working to go a step beyond that.
PFP's goal is to automatically detect compromised, counterfeit, or unauthorized emissions from altered devices through the use of a technology known as power fingerprinting. This technology works by establishing a baseline power usage for a device and then coupling that baseline with machine learning models to detect anomalies. The model used to detect anomalies for a certain set of hardware can be personalized by application.
IoT security is hard and the IoT field is rife with security failings. However, real progress is being made to address IoT security concerns and companies like the ones mentioned above help ensure that the next generation of IoT devices are secure against tampering, device spoofing, and use as attack vectors.
The Most Comprehensive IoT Newsletter for Enterprises
Showcasing the highest-quality content, resources, news, and insights from the world of the Internet of Things. Subscribe to remain informed and up-to-date.
New Podcast Episode
Recent Articles