Robotron Blog

The Security of Things (SECoT)

We know about Internet of Things (IoT). It’s a hot topic now in the Industry but the concept has been from well over a decade. In the early 2000’s Kevin Ashton laid the groundwork for what would become the Internet of Things(IoT) at MIT’s AutoID lab.

 

In a 1999 article for RFID journal, Ashton wrote: “If we had computers that knew everything there was to know about things—using data they gathered without any help from us — we would be able to track and count everything, and greatly reduce waste, loss and cost. We would know when things needed replacing, repairing or recalling, and whether they were fresh or past their best. We need to empower computers with their own means of gathering information, so they can see, hear and smell the world for themselves, in all its random glory. RFID and sensor technology enable computers to observe, identify and understand the world—without the limitations of human-entered data.”

 

This has been proved to be true now! But, what about security?  The main problem is that as the concept of IoT has been implemented recently, security hasn’t been in the picture. IoT products are often sold with old operating systems or software. It works fine on a personal level but what about an application on an industrial level? For this, an IoT device needs to be connected to the Internet, should be segmented into its own network and have network access restricted.

We know about Cyber threats and the next thing in line is IoT. What can be done to prevent it? A lot of concepts and ideas are being shared. A conference also is being held in Cambridge, Massachusetts, United States (The link to the conference https://securityofthings.com/ ).

A generic Internet of Things topology: A typical IoT deployment will consist of sensor-equipped edge devices on a wired or wireless network sending data via a gateway to a public or private cloud. Aspects of the topology will vary broadly from application to application; for example, in some cases, the gateway may be on the device. Devices based on such topologies may be built from the ground up to leverage IoT (greenfield) or may be legacy devices that will have IoT capabilities added post-deployment (brownfield). Image via http://www.windriver.com/whitepapers/security-in-the-internet-of-things/wr_security-in-the-internet-of-things.pdf

Some ideas on SECoT were given by Wind River (Wind River is a subsidiary company of Intel providing embedded system software which comprises run-time software, industry-specific software solutions, simulation technology, development tools and middleware.) one of which is

Building In Security From The Bottom Top:

Knowing no one single control is going to adequately protect a device, how do we apply what we have learned over the past 25 years to implement security in a variety of scenarios? We do so through a multi-layered approach to security that starts at the beginning when power is applied, establishes a trusted computing baseline, and anchors that trust in something immutable that cannot be tampered with.

So concluding this post we can say that though how appealing IoT is and the potential it carries, there are some major requirements to fulfill before actually starting to implement it on a major scale.

If you like this blog post and have some suggestions do leave a comment. Also ideas for blog posts on related topics is highly appreciated!

 

 

 

 

 

satta king gali