As the Internet of Things (IoT) combines with big data and cloud computing, and other technologies, the world grows more connected. Gartner estimates that by 2020, there will be about 21 billion connected devices worldwide.
These ubiquitous connections have tremendous potential to deliver broad economic and social benefits. McKinsey projects that the IoT will create up to $11 trillion in economic benefitsby 2025 and contribute 11% to the global economy.
But ubiquitous connectivity brings security concerns. To realize the life-saving potential of robotic surgery and enjoy the convenience of smart homes and self-driving cars, we must secure the IoT at every possible level. How can we rise to this challenge?
IoT sensors and gateways have less processing and storage capacity than traditional IT infrastructure, and these constraints make it difficult for them to run complex security protocols. Any solution that overcomes this challenge will involve multi-layered defense measures that prevent cyber attacks on the IoT. It will detect attacks as soon as they occur and isolate any compromised components from the larger system. Data stored in the cloud must be encrypted, making it unusable to anyone who would steal or tamper with it.
What’s needed is a framework that uses the best security measures available to construct an integrated system of defense. Such a framework provides protection at three levels – device, network, and platform – and prescribes a system for managing network governance, operations, and maintenance (O&M).
First, devices should be fortified with multiple defensive capabilities. These are adapted to the needs of different industries, and take into account the computing capacity of each device and how it will be used. Security is engineered into the device chipset to support a range of defensive protocols that protect devices from malicious attacks.
Second, networks themselves should be enhanced with strong protocols that detect and isolate devices that come under attack. When a device is compromised, the network defense detects the threat and isolates the device, preventing it from harming the IoT platform or the network.
Third, platforms where the data winds up – whether corporate data centers or cloud-based repositories – should include security protection based on cloud computing and big data analysis systems. This layer of protection ensures that data stored on the IoT platform and the cloud is secure, while preventing malicious breaches or data leaks.
The final ingredient is a management framework that provides best practices for secure end-to-end governance and O&M of the IoT’s many devices. Handling such a large number of devices poses challenges related to network registration, authentication, and O&M automation; but these challenges can and must be met. While one small device may seem unlikely to harm the entire network, last year’s attacks on Internet infrastructure by the Mirai botnet show that hundreds of thousands – or, in the future, hundreds of millions – of devices can do real damage to Internet services.
To help these defensive elements work in concert, leading ICT companies should concentrate their R&D in three main areas.
The first is detection and isolation of malicious devices based on behavioral analysis. Investing in this area strengthens our ability to detect device abnormalities, including non-standard communications behavior and models. Our research enables us to analyze the behavior of devices, endpoints, and data flows; to isolate any suspicious devices that are detected; and to automatically adjust policies and notify management so that action can be taken immediately to protect the integrity of the IoT.
A second area of research is distributed authentication technology based on digital signatures – unique identifiers that validate the authenticity and security of a message or document.
Identity authentication and confidentiality are always needed for cyber security, and this is especially true of communications on the IoT. Distributed authentication technology built on digital signatures employs user IDs in a system of public key encryption, where a trusted source generates a private/public key pair for a user that is mapped to his or her identity. The private key is used to encrypt and sign data exchanged with others, who, in turn, can use the public key to verify the sender’s identity and to decrypt the data.
The third area of R&D centers on devices that have greater computing capacity than most IoT devices but also require a higher level of security, such as those inside connected cars. Here, chip-level security technology is crucial. Chip providers must enable strong hardware-level encryption and isolation, while providing a trusted environment and secure storage. They should store important keys in trusted chips to prevent data leaks and support secure booting of devices. To ensure data integrity, they should also verify signatures each time software and firmware are booted and upgraded.
By working together and making strategic investments in defensive technology, we can safeguard the IoT, ensuring that its considerable economic and social benefits reach the maximum number of people around the world.
Chen Lifang is a board member at Huawei Technologies and a member of the company’s Global Cyber Security Committee.