Re-engineering security for the Internet of Things

Phil Marshall / Tolaga
29 May 2015
00:00

The Internet of Things (IoT) promises to revolutionize enterprise services/operations - and transform consumer lifestyles - by delivering applications for industrial automation, home and personal area networks, and with networked devices. The applications are vast, ranging from residential thermostats to on-body devices for managing chronic illnesses, intelligent vehicle systems, smart grid technology, and seismic monitoring equipment for critical infrastructure.

IoT solutions depend on security regimes to protect the IoT data and overall system integrity. For these security regimes to be effective, they must accommodate the salient characteristics of typical IoT solutions.

The nitty-gritty of IoT protection

IoT devices tend to be resource-constrained and incapable of reliably supporting conventional network transport technologies, thus a variety of proprietary and specialized networking protocols are used for IoT connectivity. Examples include the Constrained Application Protocol (CoAP), Message Queue Telemetry Transport (MQTT), Extensible Messaging and Presence Protocol (XMPP), Zigbee, ZWave and 6loWPAN. Each of these protocols has unique characteristics that affect the network security solutions required.

Conventional end-to-end security protocols such as TLS and IPsec require modifications for typical IoT applications. For example, TLS essentially requires a stateful transport protocol like TCP, while IoT solutions tend to use stateless transport protocols like UDP. Instead of conventional TLS, most IoT implementations require Datagram-TLS (DTLS) which is designed specifically for UDP applications. IPsec uses unwieldy public key exchange protocols like IKEv2 (Internet Key Exchange) which can negatively impact IoT device performance and potentially create opportunities for denial-of-service attacks by overloading the CPU. A variety of alternative lightweight key exchange and management protocols, such as minimal-IKEv2 and HIP Diet Exchange (HIP-DEX), are suggested for IoT applications.

Related content

Comments
No Comments Yet! Be the first to share what you think!