Enhanced situational awareness and Optimized resource consumption are the major benefits Internet of Things (IoT) is bringing in.
Customers love the exciting enhancements in day to day life like Internet connected refrigerators emailing them about the shopping list and surveillance cameras that alert real time on unusual activities However, Internet of Things (IoT) devices pose major security risks to consumers.
In a recent public service announcement the FBI has warned companies and the general public about the vulnerabilities of Internet of Things (IoT) that cybercriminals could exploit. (http://www.ic3.gov/media/2015/150910.aspx) Compromised Internet of Things (IoT) devices can be used by the attacker for gaining remote access and they may also use these devices as a jumping off point to attack other devices. The hardcoded passwords in Internet of Things (IoT) devices allow remote access over SSH and thus gives an opportunity for the attacker to try their luck in implanting malicious codes. Such malicious code implantation will result in liberal access to the system. Isolating Internet of Things (IoT) devices on your own protected networks gives you protection against rogue Internet of Things (IoT) devices in your house. However a malware implanted device can still be used by the attacker for launching DDOS attacks, against external devices.
The major obstacle is the extreme hardship in detecting device compromises made in the internet of things (IOT). The biggest challenge in Internet of Things (IoT) security today is : identifying the never-before-seen threats to an Internet of Things(IoT) nodes real-time. This points to the need of a unique security analytics platform suitable for an organizations Internet of Things (IoT) network. As most of the current Internet of Things (IoT) devices are designed not to talk the security language new Software security controls need to be introduced at the operating system level along with local analytics at the Internet of Things (IoT) gateway or the data aggregation points.
The Internet of Things (IoT) device telemetry needs to be securely collected & transmitted for the analysis. Revision or update to the security controls can be done only of the Internet of Things (IoT) devices that have the update capabilities built into them.
Implementing continuous security monitoring with an Internet of Things (IoT) analytic platform helps to provide a clear understanding of what is happening in your Internet of Things (IoT) environment. Base lining the Internet of Things (IoT) devices & identifying the behavioural deviations will help organizations in timely detection of threats.
Today’s human centric internet will become more device centric with the evolution of Internet of Things (IoT).A number of protocols used by the Internet of Things (IoT) make analytics a tough task to achieve. Different types of Internet of Things (IoT) communications like Device to Device (D2D), Device to Server (D2S) , Server to Server(S2S) and protocols like MQTT – Message Queue Telemetry Transport used for collecting device data and forwarding it to servers (D2S), XMPP – Extensible Messaging and Presence Protocol used for connecting people to device, DDS – Data Distribution Service used for Device to Device communication and AMQP Advanced Message Queuing Protocol used for connecting servers to each other makes the Internet of Things (IoT) analytics requirements really complex.
Recent developments in this like CISCO IoT physical security analytics which is an integrated solution that connects people, process, data and things (internet of everything) is really promising. What we need now is a secure and safe IoT platform that offers better privacy. In fact the security concerns associated with IoT devices are some what similar to BYOD security threats. However majority BYOD nodes can be configured to defend themselves. Organizations like Clouds security analysis (CSA), Trusted computing group (TCG), OWASP IOT project, IEEE GSMA, IoT security foundations etc are working hard on developing new standards or platforms towards this much needed goal.