The ‘dark’ side of IoT

The Asian Age With Agency Inputs

Technology, In Other news

The bad news is that cyber criminals are always on the lookout to gain unauthorized access to a network, cloud or device.

As we move towards a more connected economy, it is critical to integrate security solutions at a foundation level to prevent system attacks and user-data protection.

For the general audience, the concept of ‘Internet of Things’ will be limited to connected home devices and wearables – and that’s alright. The surge of affordable consumer electronic devices has brought the idea of network-connected devices to the masses and how technology can have a real impact on people’s lives.

Going deeper, you’ll realise IoT is a much broader subject. The concept defines the communication between objects that interact with internal as well as the external environment. It is widely known that more “things “connected to the internet today than people and the number is likely to grow to over 20 billion by 2020.

While this will likely have a positive impact on the world around us – From smart cities to industries, homes and more; the rapid surge may (most definitely will) cause a weak spot. AKA ‘Security’.

The bad news is that cybercriminals are always on the lookout to gain unauthorised access to a network, cloud or device. Another point to remember is that most devices and network infrastructure was designed without taking into consideration these potential threats. This makes infrastructure such as smart city grids, command and control centres and transportation system easy targets.

This leads to the conclusion that IoT infrastructure needs to be strong and tamper resistant – and despite IoT security no longer be an afterthought; it is still difficult.

Here are five reasons why:

Access to control: While traditional infrastructure was restricted to the physical environment, current devices enable access to even a secure network if the attacker presents the right credentials.

Automated services: Advances in network capabilities has allowed automation on a large scale. Home devices to health wearable are constantly monitoring behavioural patterns, habits and drawing analysis on a real-time basis. While these insights offer great automated services, they also, unfortunately, expose critical data that can be exploited by cybercriminals.

Seamless security integration: Security-by-design is a difficult task as system architects must anticipate and prepare for multiple potential hacks and attacks that can compromise the system.

One size doesn’t fit all: Security solutions are as diverse as the products that are on offer. While basic protocols can lay a common foundation, such as user access controls; there is a definite need to develop capabilities that are tailor-made for specific solutions.

Resilience: An IoT device can be compromised in two ways. Either infecting and attacking the defined device code or functional architecture or altering its external environment such as temperature. Despite multiple simulations, it is impossible to prevent every possible attack.

So what’s next?

Security solutions must understand the system they are aiming to protect - and adding protection at the silicon level is one of the best ways to keep security in check!

Silicon is the foundation on which solutions are built. To ensure device protection, a smart functioning chip is critical to isolate hardware and software layers – to prevent remote extraction and adverse effect on hardware via malware. This secures hardware independent of the software to prevent a complete device compromise.

Silicon is the starting point of security – it supports the layers of abstraction. While codes can be broken, device memory is hacked, operating systems can be corrupted – data stored in silicon is highly stable and resistant to change.

Certified implementations from third-party evaluations boost security testing and claims. Through a strict development process, careful reviews and complete control over components add to the effective security being offered at a silicon level. With more customers and service providers seeking IoT protection, third-party evaluations are even more important for security claims.

As we move towards a more connected economy, it is critical to integrate security solutions at a foundation level to prevent system attacks and user-data protection. This will not only help businesses prevent data leakage but also become future-proof.

The change starts now, and silicon is what this change hinges on. The onus lies on us – not only to provide the technology but also to innovate for all.

--Sanjay Gupta, Vice President; India Country Manager, NXP