IoT Security: Preparing for the Expected

IoT Security: Preparing for the Expected

If you follow technology, human nature or have gone to a parent-teacher meeting you know how rare it is people agree. With global spending on Industrial Internet of Things (IIoT) already measured in the billions we are also seeing near unanimity on the following points:
  • IIoT’s potential is enormous. Capturing-and-acting on data will unlock tremendous value.
  • Industrial IoT devices will soon be numbered in the tens of billions.
  • Devices, networks, and cloud services interoperability will be key to unlocking future value as IIoT adoption deepens. Each successive generation of adoption will need to securely work with all that has preceded it as well as what will come after.
  • Security is a huge challenge, will likely become more so, and is, in fact, the single biggest adoption roadblock.

A recent study by Gartner’s CEB IoT Security survey found that “73% of IT professionals collaborate less than once a month with the device procurement team” meaning that “this lack of communication leads to devices being purchased without any security overview, which can lead to the devices not functioning as desired and getting hacked”.

Clearly, IIoT is going forward with too many organizations in critical need of a sustainable security strategy.

Time to Freshen up your IoT Deployments

Aside from the benefits provided, IoT devices are easy targets for hackers. Want to know how easy? Recently a 12-year-old boy was able to hack thousands of devices in just minutes using commonly available hacking tools. Extending and deepening IIoT throughout an enterprise needn’t be synonymous with exposing and weakening that same enterprise if security has been accounted for. Initially, we can understand IIoT to be potentially analogous to an enterprise’s Achilles Heel. Except in just a few years, there will be billions of heels, each needing to be securely managed, use potentially multiple networks, pushing and pulling data to the far corners of the internet.

Big challenges are Tough to Overcome Alone 

Security needn’t be a burden to carry alone. To overcome security challenges, Atos, a global leader in digital transformation, integrated technology based on the Lightweight Machine to Machine (LwM2M) standard into its IoT offerings. Atos’s Horus HSM now offers comprehensive device authentication and data encryption services.

Indeed, “Horus HSM by Atos is suitable for all industrial sectors” as “it complies with the latest IoT security protocols such as LwM2M 1.1 OSCORE for machine-to-machine communications and device management in industrial IoT,” says David Leporini, IoT Security Director at Atos.

Interoperability is another parameter to take into consideration any IoT project as it is closely connected to security. IIoT requires devices to securely share-and-send data between systems into the cloud and back. Today, doing this securely is already a huge challenge for many organizations. However, the challenge will only grow as tomorrow’s IIoT environment becomes even more dynamic with organizations adding new networks and devices and finding new, as yet unimagined ways to leverage data.

“As the IIoT evolves, the need for standardization is becoming more critical, and partnership development to build trusted IIoT ecosystems is key to developing strong, sustainable IoT offerings,” says David Leporini, IoT Security Director at Atos.

Key to assuring secure interoperability in a world where tomorrow’s IIoT needs are unknown will be leveraging open standards like OSCORE LwM2M 1.1.

OSCORE LwM2M 1.1: Foundational Services for Sustainable IIoT 

The LwM2M standard dedicated to resource-constrained devices has been developed with key security features in mind. The LwM2M based on Constrained Application Protocol (CoAP) utilizes TLS protocol on TCP/IP networks and DTLS protocol on datagram networks which were specially designed to protect messages from being intercepted, modified and falsified on the object’s network.

“These protocols are a standard within the IoT world,” says David Navarro, CPO & co-founder of IoTerop and Wakaama Principal Maintainer. “They ensure that device authentication is used prior to a new sensor admission onto the IoT network and communications between all the IoT elements is secure (thanks to cryptology mechanisms) using light but powerful cryptographic algorithms,” he adds.

Also, it is important to note that DTLS has little impact in terms of computing power and memory as it was designed specifically for constrained devices.

“LwM2M offers a dynamic way to handle security across the overall IoT device’s life cycle: security keys can be provisioned automatically and remotely (bootstrap server) at device initialization time, they can be changed over-the-air at any time, and the device itself can be ‘locked and wiped’ if it appears to be compromised”, says Hatem Oueslati, IoTerop’s CEO.

Combining LwM2M and HSM technologies including security keys generation, exchange and integrity check helps IoT device makers and solution vendors to reduce significant hurdles. The newer version of the LwM2M 1.1 includes OSCORE and adds support for TCP. Both DTLS and TLS can now be used to secure communications. OSCORE is a major improvement for constrained networks since it can be used to secure the data and device management interaction flows at the application level. The major difference with the previous approach is the reduction of the overall security footprint providing end-to-end payload encryption and authentication with light but robust mechanisms and making it perfectly operable on LPWAN networks (e.g. NB-IoT or LoRaWAN).

Contact us now for more information.

Close Menu