Preserving endpoint device security in the Internet of Things

Preserving endpoint device security in the Internet of Things

Max Smolaks

August 13, 2019

5 Min Read

Getting data out of smart fridges in a secure manner isn’t all that straightforward

By Jelani Harper 13 August 2019

Cyber security remains a major obstacle toincreased adoption of the Internet of Things technologies. IoT security issuesare compounded by the plurality of the task of protecting the network. On onehand, organizations must safeguard data traveling to centralized clouds; on theother, they must fortify communication of endpoint devices at the cloud’sextremities.

The issue of endpoint device security isparticularly prominent since these devices are located outside of conventionalperimeter security mechanisms, such as firewalls. Additionally, these smallerdevices are frequently less equipped to handle the compute and storagenecessary for enterprise security features because they’re designed primarilyfor simple data transfer.

“The assumption is yeah, I’ve got an operating system and a processor running in my [smart] refrigerator, but it can’t be a full blown laptop because I can’t afford to embed a $200, $300 chip in every refrigerator I send out,” Don Boxley, CEO of security software vendor DH2i, said.

IoT initiatives, then, must account forauthenticating endpoint devices in the network, protecting those devices, andensuring secure transmission to and from centralized clouds. By relying on acombination of newer and established techniques related to containers, machinelearning and linked data, organizations can accomplish these objectives forsafe IoT deployments, avoiding data breaches.


Container deployments are becoming increasingly vital to the cloud and the IoT. These logical environments are all but the de facto means of swiftly spinning up nodes in the distributed setting typical of the IoT.

“That’s where the real bulk of theactivity on microservices is happening,” Boxley said. This fact, in addition tothe lightweight, highly portable nature of containers, makes them primed forconnecting IoT endpoint devices to the cloud. “Relative to the latest andgreatest 9th generation Intel processor running in the latest and greatestlaptop, [containers] aren’t nearly as beefy, but they’re good enough so they’reused to manage the device.”

Container security, and by extension thatof the endpoint devices in the IoT, is reinforced with software-definedsecurity methods leveraging invisible micro-tunnels that effectively hide datatransmissions. Such dynamic perimeter security options can be embedded into IoTcontainers, which connect endpoint devices to centralized locations via cloudgateways routed through a secure matchmaking service before closing theconnected ports, concealing the tunnels.

Machine learning

In the smart refrigerator case, suchsoftware-defined security options are simply “a program that’s running on topof whatever Linux operating system they’re using to manage their refrigerator,”Boxley explained. The architecture for these cloaked transmissions not onlyincludes a matchmaker service that randomly assigns ports for the gateways onboth ends, connects, then closes them; it is also designed to involve thirdparty security tools via APIs.

Such instruments are frequently enhanced by machine learning applications for security analytics. This technology’s advanced pattern detection can identify anomalies in the data transmissions, or in parts of the network (depending on how it’s architected) to alert users of potential issues. Machine learning applications in third party cloud tools can “actually authenticate the nature of the device,” Boxley said.

Linked data

Authentication is central to redressing the security issues that plague the IoT, which can even lead to the use of such devices in Distributed Denial of Service (DDoS) attacks.

One way to verify endpoint devices is to leverage smart data approaches buttressed by semantic standards, in which devices are authenticated by the actual data they send. According to Franz CEO Jans Aasman, “A lot of sensors already do emit as JSON objects. If they were JSON-LD objects then the identity of the sensor would be built into the signal.”

JavaScript Object Notation Linked Data(JSON-LD) is a lightweight data interchange format dynamic enough toaccommodate schema on read, yet useful for its linked data qualities – i.e. dataobjects can be connected to other objects on a semantic graph.

Using JSON-LD to describe sensor data ishelpful for authenticating transmissions because of the richness of thedescriptions and the unique identifiers native to the semantic graphtechnologies. “A sensor could have a unique ID, obviously a URL,” Aasman explained.“And that’s just the sensor, but then the type of that sensor would be like apressure sensor, and then we would have a taxonomy that describes what pressuresensors are.” With this approach, IoT data transmissions are verified by theactual data—and the attributes—it contains.

Practical reality

The security issues of the IoT aren’tlikely to be solved anytime soon. However, there are several measuresorganizations can take to fortify both endpoint devices and centralized cloudsto which they’re connected.

Software-defined security measures in containers conceal transmissions with closed ports, third party machine learning tools can celeritously analyze this data for aberrations, and linked data technologies can identify specific sensors and their data. Deploying these techniques makes endpoint device security in the IoT a practical reality, necessary for the ultimate success of this distributed infrastructure application.

Get the newsletter
From automation advancements to policy announcements, stay ahead of the curve with the bi-weekly AI Business newsletter.