The Internet of Things (IOT) –

Driving Digital Transformation

The Internet of Things (IOT) has been one of the major technology drivers of Digital Transformation in the world over the last few years, across industry sectors. The number of connected devices already exceeds the number of human beings on the planet, and research indicates that we are likely to see around 50 billion connected devices over the next five years making up the smart, connected planet. The applications of IOT range from smart homes, smart buildings, smart cities, connected vehicles, smart manufacturing, smart retail, medical devices in healthcare, fitness/wellness trackers, wearable devices, and more. With the rollout of related technologies such as 5G and Internet Protocol (IP) version 6, which are designed to support billions of connected devices, IOT as a technology is all set to play a pivotal role in our digital future.

The need for IOT security

As worldwide IOT adoption goes up, the risk of security breaches also goes up – since each of those billions of connected devices could be vulnerable to an attack. Also, considering the scale of IOT deployments, the economic impact of IOT security breaches will also be felt at a proportionately massive scale.

Likewise, one worrying trend is that vast numbers of connected devices do not have adequate security safeguards and are vulnerable to breaches. Some of the key security risks in IOT deployments include attackers using a connected device as an entry point into the network, introducing malware to alter the function of the device, controlling the device remotely, or tapping into data from the device.

Apart from the economic impact, the nature of IOT technology is such that physical security of individuals as well as organizations can be at risk. For example, altering the function of a device could have physical security implications: a CCTV camera that appears to be working fine, but is showing a “dummy image” instead of the real view, resulting in a threat of a physical intrusion into a home or company premises.


How and why PKI is becoming essential for IOT security

We have seen in earlier articles how Public Key Infrastructure (PKI) is a set of roles, policies, hardware, software and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption. Recent research from Ponemon Institute indicates that over the last few years, IOT is becoming a major driver for PKI adoption. The percentage of respondents who believe that IOT is the most important technology trend driving PKI adoption has nearly doubled to around 41%. The research also predicts that more than 40% of IOT devices in use by 2021 will primarily rely on digital certificates for identification and authentication.

The primary reason why IOT security is becoming synonymous with PKI is scale. As mentioned earlier in this article, most predictions indicate more than 50 billion connected devices on the planet over the next few years. Even a single compromised device can have an enormous security impact – it is difficult to comprehend the scale of impact if many devices are compromised. Connected devices interact with each other through machine to machine (M2M) communication. Each of these billions of interactions will require authentication of device credentials for the endpoints to prove the device’s digital identity. In such scenarios, an identity management approach based on passwords or passcodes is not practical, and PKI digital certificates are by far the best option for IOT credential management today.

IOT devices will also need regular patches and upgrades to their firmware, with code signing being critical to ensure the security of the downloaded firmware – another example of the close linkage between the IOT world and the PKI world.

Certificate management for connected devices, including revocation of expired certificates, is another example where PKI can help to secure IOT devices.

In some sectors such as healthcare and wellness, IOT devices might collect personally identifiable information (PII). With government regulations worldwide mandating secure transit (and storage) of PII data, PKI can help ensure compliance with the regulations by securing the communication channel between the IOT device and the gateway.

Key Takeaways

The proliferation of connected devices today, projections for billions of devices in the next few years and the continued growth in the number of applications across industry sectors is an indicator of the enormous promise of the Internet of Things (IOT). This promise however could be undermined by the lack of adequate security safeguards with IOT devices. PKI provides some of the best options for IOT security including device identity management, code signing for device firmware, and encrypted communication between devices and other endpoints such as IOT gateways.

About the Author

Search any posts

A collection of Encryption related products and resources that every organization should have!

Cyber security experts conference 2022

Free Downloads

Datasheet of Encryption Consulting Services

Encryption Consulting is a customer focused cybersecurity firm that provides a multitude of services in all aspects of encryption for our clients.

Download

Internet of Thing’s Pathway to Security by use of PKI

The Internet of Things is leading the way for the Fourth Industrial Revolution. The Third Industrial Revolution was all about digitization and IT Technology communicating applications with people. The Internet of Things, however, disrupts the industries by having devices constantly communicate with other devices. Business Insider Intelligence expects there will be more than 24 billion IoT devices on Earth by 2020. The IoT allows physical devices to have a connection to the internet allowing organizations to collect and analyze valuable data. By analyzing this data, organization can transform their businesses to achieve various goals such as increasing revenue, upgrading customer service, optimizing operations, and discovering new opportunities. The number of devices connected to the Internet is growing everyday. The risk of cyber threats and data breaches is at an all-time high. Securing IoT data should beat the forefront of concerns, but yet, organizations lack the sophistication to implement the best methods and practices. Public Key Infrastructure (PKI) can play a critical role in alleviating a large amount of risk that IoT faces today by offering security mechanisms such as authentication, data integrity, and encryption.

Current Security Risks of the Internet of Things

Security must come first for the implementation of IoT. The Internet of Things has an endless potential of expanding the Internet to any device, surface, or object we interact with. Each IoT device can be identified by embedding a certificate within the existing Internet infrastructure. Each device connected by IoT must have its own security. One of the biggest factors for devices connected by IoT is being in an open and constantly threatened environment. For example, if a digital door lock lacked the proper security, a hacker would be able to unlock your door and intrude your home. The Mirai Botnet (aka Dyn Attack) was the result of the largest DDOS attack yet. The attack led to a temporary shutdown of Twitter, the Guardian, Netflix, Reddit, and CNN. Once the Mirai malware-infected computers, IoT devices such as DVRs and digital cameras were searched and hacked using their own default login and password.

Further Examples of Risks:

  • Unsecure Web Interface
  • Data Privacy
  • Unsecure Network Services
  • Unsecure Mobile Connections

What Public Key Infrastructure has to Offer for IoT

Public Key Infrastructure is a security ecosystem that has stood the test of time for achieving secure Internet-based transactions by the use of digital certificates. Digital certificates have provided security to servers and routers from the very early stages of the Internet through Public Key Infrastructure; it does away with the need for password policies, tokens or other ineffective methods by using direct communication for authentication of systems. PKI involves software, hardware, procedures, and policies to provide a core service for secure communications. The goal is to create and maintain trust in an IoT environment safe from threats by its main features: authentication, encryption, and data integrity.

Authentication:

  • Embed certificates to identify devices and secure connections by establishing a strong trust among device, services, and users.
  • Use short-lived certificates in case there is a compromise.
  • Provides strong authentication between users and devices, and from thing to thing in IoT.

Encryption:

  • Provides the essential methods for strong cryptographic encryption and ensures private communication.
  • Provides support for a wide variety of devices on IoT ranging from smart grids to vehicles.

Data Integrity:

  • Provides assurance that data has not been altered during transit.
  • Provides authorization and digital integrity by digitally signing documents, email, and various other types of data .
  • Increases trust in the data being received from devices and increases trust in the results of data analysis.

Challenges of IoT with PKI

While the Internet of Things is a new and upcoming technology, PKI has been around for the early stages of the Internet to provide consistent and strong security. There are new challenges that Public Key Infrastructure faces when being implemented with the IoT.

Scale-ability for PKI may become an issue

  • There must be a change implemented in traditional PKI if local databases cannot support the volume of authorization requests.
  • A need for an IoT-focused Certificate Authority.
  • Where and how will Certificate Authorities be provisioned.
  • Must be able to support a massive amount of volume with fast response time.

Diversity of the devices in Iot

  • Traditional PKI implemented common themes of issuing certificates to users for portal access or SSL certificates for public or internal servers.
  • However, each case in the IoT could be completely different.
  • Every device manufactured requires security implementations in the IoT.

PKI: Developments to Meet The Needs of IoT

Future enhancements must be made for PKI to maintain the complete security of those connected with IoT. As you read this, more and more devices are being connected through IoT. For PKI to maintain its heralded security, improvements must be made to keep up with the future.

  • Shorter hierarchy to validate chain and use of an algorithm such as ECC which consumer smaller amount of power for performing cryptographic operations
  • Enhancement of the API to support volume, performance, and availability
  • Complete automation

The Need for PKI to Secure IoT

From the dawn of the Internet, Public Key Infrastructure has been a staple in cybersecurity. The capabilities PKI offers an organization are the ability to freely utilize, implement and personalization make it the best security option. Organizations looking to take advantage of the newest technology that IoT presents must realize that PKI is the key to their security needs. PKI allows the devices that are connected by IoT to have a proper framework to identify themselves and protect the data being communicated. Using best practices for secure implementation will be the key to your success and reputation as an organization. At Encryption Consulting, we can help your organization to maximize security with the use of proper Public Key Infrastructure implementation and choose the best fit vendor.

About the Author

Search any posts

A collection of Encryption related products and resources that every organization should have!

Cyber security experts conference 2022

Free Downloads

Datasheet of Encryption Consulting Services

Encryption Consulting is a customer focused cybersecurity firm that provides a multitude of services in all aspects of encryption for our clients.

Download

Let's talk