Devices connected to the Internet offer flexibility and mobility, but they also present a serious security risk. The Internet of Things (IoT) has been growing, and businesses have been seeking ways to protect information shared over the Internet by this increasingly diverse collection of devices. WindRiver, a global leader in embedded technology solutions, discusses in a white paper, “Security in the Internet of Things — Lessons from the Past for the Connected Future,” ways in which businesses can minimize risk and protect their own — and their customers’ — data.
Network security has evolved over the years, but applying these same security practices to the IoT requires they be adapted to address device capability. The variety of IoT applications also poses a security challenge. WindRiver recommends a multi-tiered approach to device security that starts when power is applied to a device and operates throughout the device lifecycle, from the initial design to the operational environment.
This approach begins with secure booting. Authenticity and integrity of the software on the device is verified using cryptographically generated digital signatures, ensuring that only the software that has been authorized to run on that device, and signed by the entity that authorized it, will be loaded. The next step is access control. Different forms of resource and access control are applied, which, even if a component is compromised, allow the intruder only minimal access to other parts of the system. Another security measure is device authentication. Much like user authentication allows a user to access a corporate network based on user name and password, machine authentication allows a device to access a network based on a similar set of credentials stored in a secure storage area. Devices must have specialized firewalls or deep packet inspection capability along with updates and patch that conserve the limited bandwidth and intermittent connectivity of an embedded device and eliminates the possibility of compromising functional safety.
Maintaining security in the IoT does not, thankfully, require an entirely new approach but rather an adaptation of the security measures that have already proven successful in IT networks. Using practical solutions, VARs can assist their clients to gain the maximum benefit from the IoT while minimizing the risk associated with it.