Getting data out of smart fridges in a secure manner isn’t all that straightforward
By Jelani Harper 13 August 2019
Cyber security remains a major obstacle to increased adoption of the Internet of Things technologies. IoT security issues are compounded by the plurality of the task of protecting the network. On one hand, organizations must safeguard data traveling to centralized clouds; on the other, they must fortify communication of endpoint devices at the cloud’s extremities.
The issue of endpoint device security is particularly prominent since these devices are located outside of conventional perimeter security mechanisms, such as firewalls. Additionally, these smaller devices are frequently less equipped to handle the compute and storage necessary for enterprise security features because they’re designed primarily for simple data transfer.
“The assumption is yeah, I’ve got an operating system and a processor running in my [smart] refrigerator, but it can’t be a full blown laptop because I can’t afford to embed a $200, $300 chip in every refrigerator I send out,” Don Boxley, CEO of security software vendor DH2i, said.
IoT initiatives, then, must account for authenticating endpoint devices in the network, protecting those devices, and ensuring secure transmission to and from centralized clouds. By relying on a combination of newer and established techniques related to containers, machine learning and linked data, organizations can accomplish these objectives for safe IoT deployments, avoiding data breaches.
Container deployments are becoming increasingly vital to the cloud and the IoT. These logical environments are all but the de facto means of swiftly spinning up nodes in the distributed setting typical of the IoT.
“That’s where the real bulk of the activity on microservices is happening,” Boxley said. This fact, in addition to the lightweight, highly portable nature of containers, makes them primed for connecting IoT endpoint devices to the cloud. “Relative to the latest and greatest 9th generation Intel processor running in the latest and greatest laptop, [containers] aren’t nearly as beefy, but they’re good enough so they’re used to manage the device.”
Container security, and by extension that of the endpoint devices in the IoT, is reinforced with software-defined security methods leveraging invisible micro-tunnels that effectively hide data transmissions. Such dynamic perimeter security options can be embedded into IoT containers, which connect endpoint devices to centralized locations via cloud gateways routed through a secure matchmaking service before closing the connected ports, concealing the tunnels.
In the smart refrigerator case, such software-defined security options are simply “a program that’s running on top of whatever Linux operating system they’re using to manage their refrigerator,” Boxley explained. The architecture for these cloaked transmissions not only includes a matchmaker service that randomly assigns ports for the gateways on both ends, connects, then closes them; it is also designed to involve third party security tools via APIs.
Such instruments are frequently enhanced by machine learning applications for security analytics. This technology’s advanced pattern detection can identify anomalies in the data transmissions, or in parts of the network (depending on how it’s architected) to alert users of potential issues. Machine learning applications in third party cloud tools can “actually authenticate the nature of the device,” Boxley said.
Authentication is central to redressing the security issues that plague the IoT, which can even lead to the use of such devices in Distributed Denial of Service (DDoS) attacks.
One way to verify endpoint devices is to leverage smart data approaches buttressed by semantic standards, in which devices are authenticated by the actual data they send. According to Franz CEO Jans Aasman, “A lot of sensors already do emit as JSON objects. If they were JSON-LD objects then the identity of the sensor would be built into the signal.”
Using JSON-LD to describe sensor data is helpful for authenticating transmissions because of the richness of the descriptions and the unique identifiers native to the semantic graph technologies. “A sensor could have a unique ID, obviously a URL,” Aasman explained. “And that’s just the sensor, but then the type of that sensor would be like a pressure sensor, and then we would have a taxonomy that describes what pressure sensors are.” With this approach, IoT data transmissions are verified by the actual data—and the attributes—it contains.
The security issues of the IoT aren’t likely to be solved anytime soon. However, there are several measures organizations can take to fortify both endpoint devices and centralized clouds to which they’re connected.
Software-defined security measures in containers conceal transmissions with closed ports, third party machine learning tools can celeritously analyze this data for aberrations, and linked data technologies can identify specific sensors and their data. Deploying these techniques makes endpoint device security in the IoT a practical reality, necessary for the ultimate success of this distributed infrastructure application.
Jelani Harper is an editorial consultant servicing the information technology market, specializing in data-driven applications focused on semantic technologies, data governance and analytics.