Preserving endpoint device security in the Internet of ThingsPreserving endpoint device security in the Internet of Things
Preserving endpoint device security in the Internet of Things
August 13, 2019
Getting data out of smart fridges in a secure manner isn’t all that straightforward
By Jelani Harper 13 August 2019
Cyber security remains a major obstacle to
increased adoption of the Internet of Things technologies. IoT security issues
are compounded by the plurality of the task of protecting the network. On one
hand, organizations must safeguard data traveling to centralized clouds; on the
other, they must fortify communication of endpoint devices at the cloud’s
The issue of endpoint device security is
particularly prominent since these devices are located outside of conventional
perimeter security mechanisms, such as firewalls. Additionally, these smaller
devices are frequently less equipped to handle the compute and storage
necessary for enterprise security features because they’re designed primarily
for simple data transfer.
“The assumption is yeah, I’ve got an operating system and a processor running in my [smart] refrigerator, but it can’t be a full blown laptop because I can’t afford to embed a $200, $300 chip in every refrigerator I send out,” Don Boxley, CEO of security software vendor DH2i, said.
IoT initiatives, then, must account for
authenticating endpoint devices in the network, protecting those devices, and
ensuring secure transmission to and from centralized clouds. By relying on a
combination of newer and established techniques related to containers, machine
learning and linked data, organizations can accomplish these objectives for
safe IoT deployments, avoiding data breaches.
Container deployments are becoming increasingly vital to the cloud and the IoT. These logical environments are all but the de facto means of swiftly spinning up nodes in the distributed setting typical of the IoT.
“That’s where the real bulk of the
activity on microservices is happening,” Boxley said. This fact, in addition to
the lightweight, highly portable nature of containers, makes them primed for
connecting IoT endpoint devices to the cloud. “Relative to the latest and
greatest 9th generation Intel processor running in the latest and greatest
laptop, [containers] aren’t nearly as beefy, but they’re good enough so they’re
used to manage the device.”
Container security, and by extension that
of the endpoint devices in the IoT, is reinforced with software-defined
security methods leveraging invisible micro-tunnels that effectively hide data
transmissions. Such dynamic perimeter security options can be embedded into IoT
containers, which connect endpoint devices to centralized locations via cloud
gateways routed through a secure matchmaking service before closing the
connected ports, concealing the tunnels.
In the smart refrigerator case, such
software-defined security options are simply “a program that’s running on top
of whatever Linux operating system they’re using to manage their refrigerator,”
Boxley explained. The architecture for these cloaked transmissions not only
includes a matchmaker service that randomly assigns ports for the gateways on
both ends, connects, then closes them; it is also designed to involve third
party security tools via APIs.
Such instruments are frequently enhanced by machine learning applications for security analytics. This technology’s advanced pattern detection can identify anomalies in the data transmissions, or in parts of the network (depending on how it’s architected) to alert users of potential issues. Machine learning applications in third party cloud tools can “actually authenticate the nature of the device,” Boxley said.
Authentication is central to redressing the security issues that plague the IoT, which can even lead to the use of such devices in Distributed Denial of Service (DDoS) attacks.
One way to verify endpoint devices is to leverage smart data approaches buttressed by semantic standards, in which devices are authenticated by the actual data they send. According to Franz CEO Jans Aasman, “A lot of sensors already do emit as JSON objects. If they were JSON-LD objects then the identity of the sensor would be built into the signal.”
(JSON-LD) is a lightweight data interchange format dynamic enough to
accommodate schema on read, yet useful for its linked data qualities – i.e. data
objects can be connected to other objects on a semantic graph.
Using JSON-LD to describe sensor data is
helpful for authenticating transmissions because of the richness of the
descriptions and the unique identifiers native to the semantic graph
technologies. “A sensor could have a unique ID, obviously a URL,” Aasman explained.
“And that’s just the sensor, but then the type of that sensor would be like a
pressure sensor, and then we would have a taxonomy that describes what pressure
sensors are.” With this approach, IoT data transmissions are verified by the
actual data—and the attributes—it contains.
The security issues of the IoT aren’t
likely to be solved anytime soon. However, there are several measures
organizations can take to fortify both endpoint devices and centralized clouds
to which they’re connected.
Software-defined security measures in containers conceal transmissions with closed ports, third party machine learning tools can celeritously analyze this data for aberrations, and linked data technologies can identify specific sensors and their data. Deploying these techniques makes endpoint device security in the IoT a practical reality, necessary for the ultimate success of this distributed infrastructure application.
About the Author(s)
You May Also Like