IoT Security

We are in this time era, where everything has become “smart” using technology. There is rapid rise in development of IoT devices now days like wearable Trackers, Smart TV and Smart Cars. IoT devices basically sense, collect, process and transmit wide array of data to Central Server. IoT devices can provide lot of benefits and conveniences in terms of efficient business environment, Inventory tracking, improved efficiency and greater productivity.

IoT platform creates a new type of Cyber Security risk for society that already suffers lot much kind of hacks and data breaches. The core security features for any IoT devices are –

1)  IoT device should be able to identify by its unique address when connected to network. Manipulating a single node in interlinked ecosystems can create data integrity security issue.

2)  IoT device should be able to give access rights of configuration or firmware updates only to authorised Users.

3)  IoT device should be able to protect the data that it stores or send over the network using advance level encryption techniques.

4)  IoT device software or firmware should be updateable using secure mechanism.

5)  IoT device should be able to create event log for investigation, if required.

IoT devices are power efficient, which make them lack in encryption for security. IoT devices have low processing power and have hardware constrained; hence sometimes vulnerable too eg sensors that monitor humidity or temperature can’t handle advanced encryption. Sometimes, there is no mechanism to update the security patches on routine basis for IoT devices placed in field to collect the data. The main challenge to secure IoT devices is that they don’t have any operating system or anti-virus, hence traditional security approach can’t be applied in them. Insecure Web-Interface, Insufficient Authentication, Lack of Transport Encryption and insecure Firmware are the IoT Security challenges. To mitigate IoT security issues, it is important to track the device using network access control and inventory control for IoT devices visibility and check for any vulnerability. IoT security involves complex heterogeneous multi-layer security at each point – End Point devices, Central Server & Mobile application too. 

IoT devices works on MQTT protocol, which is light  weight messaging protocol designed for low processing devices like sensor communications, home automation small devices and mobile applications. User name and Password can be pass-on with MQTT packet and additional security can be added by application encryption data but this feature is not built-in to MQTT protocol in order to keep it light weight.

IoT vulnerability cases continue to surface from time to time eg Security flaws in IP Surveillance Cameras, Vulnerability in Medical devices and Hackable Smart Home. The attacks on IoT devices can potentially catastrophic effect as IoT devices are connected to critical and live saving stake services. We can see so much eagerness for IoT innovation, however critical element of security is missing, hence IoT vulnerabilities are being found across all industries. IoT device collect, process & transmit lot of data, hence data encryption is important. Authentication of source of collected data by IoT device is another important factor to identify security risk.

IoT devices generates, process and exchange lot much critical as well as privacy sensitive data, hence is target to various cyber-attacks. Presently, we have approx. 27 billion IoT connected devices, which is expected to grow to 60 billion by 2025. IoT are simple low processing devices but mostly are connected to critical system of the network. It is important to note that majorly IoT devices are entry point for the hacker to enter into larger networks eg security researcher Charlie & Chris in year-2015 were able to intrude in IoT vehicle connect system and take control of changing Car’s Media Centre, turning its Air-Conditioner Off and stop Accelerator from working.

Presently several approaches like light weight encryption or honeypot techniques are being used to make IoT communication secure, however all these approaches are either infrastructure dependent or centralized in nature. We have designed complete decentralized and infrastructure independent proof of data scheme for peer to peer network suing block-chain technology; hence our approach has higher privacy level. Our approach eliminates physical miners and node registration, mining, transaction and view chain is done in autonomous manner with zero transaction cost, making it efficient and cost effective.