Crypto Quantique is a UK-based company producing a quantum-driven secure chip (QDSC) – a solution which combines quantum physics and cryptography. It makes some lofty promises about their system, which can be offered as an integrated part of the development processes or retrofitted in IoT devices. The chips, by harnessing the power of quantum processes, generate numerous unique, unclonable and tamper-evident cryptographic keys. Importantly for IoT’s inherent limitations, there is no need to store the keys on the device, and there is no possibility of data leaks.
Bayshore Networks offers active protection of IoT networks. Their automated Learning Engine sends timely alerts of possible threats.
BlueID is a company that provides a platform for secure, cloud-based identity maintenance and access control. What makes it perfect for Internet of Things is the fact that it works independently of the network: BLE, NFC, RFID, WiFi, or 2G/3G/4G.
Why Is IoT Security So Important?
IoT devices may be more susceptible to security threats than regular internet devices. There are a couple of reasons for that:
Many points of exposure. The number IoT devices, applications, systems and end users is growing exponentially, making it a very complex and vast system.
Each Internet of Things device can be hijacked to become a new attack point. This translates to a higher probability of attacks.
Increased impact of attacks: IoT devices are present in new areas where they interact with many different, often critical systems. Severity of attacks could range from damage of property to loss-of-life, e.g. in the case of hijacked IoT-enabled implants.
New threats from across the stack: a complex technology stack means completely new threats (i.e. due to new hardware, communication protocols, and software elements). This requires constant oversight of knowledgeable maintenance.
Which Areas Should IoT Security Cover?
Considering the above, IoT security involves the seamless integration of three elements: secure devices working over secure networks, sending protected data.
By the way Internet od Things systems are designed, some devices may need to operate unattended for very long stretches of time. And due to irregular updates and patches, such devices are more susceptible to attacks. Making sure they are tamper-proof and resistant to attacks is an important endpoint-hardening measure which involves a layered approach, i.e. implementing multiple obstacles designed to protect the device and the data it transfers from unauthorized access.
Companies operating IoT devices should be aware of known vulnerabilities, such as TCP/UDP ports, serial ports, open password prompts, places to inject code such as web servers, unencrypted communications, and radio connections.
It is also critical to carefully manage the identities of IoT devices to ensure trust when devices attempt to attach to a network or service.
Relevant network security measures for IoT should include: access control, firewall, IPS, IDS, and end-to-end encryption.
Networks which IoT devices are connected to should be secure, which involves implementing strong user authentication processes and access control measures. For example, workers should be encouraged to use strong passwords to prevent against brute force methods.
On top of that, organizations should use two-factor authentication, whereby a password is used alongside another authentication factor, i.e. a code provided to the user via a text message.
For IoT applications, it’s a good idea to use context-aware authentication (or adaptive authentication). This involves the use of contextual information and machine-learning algorithms to constantly evaluate risks without impacting the user’s experience.
Strong encryption should be in place as an additional layer securing networks against network-based attacks. Communications occurring between devices can potentially be hacked, and both IoT and IIoT involve a multitude of network protocols used both at network layer and transport layer.
Protecting the data
Companies also need to secure the data transferred to and from Internet of Things devices. Failure to protect sensitive, personally identifiable information may result in loss of business or financial penalties imposed by regulatory authorities.
People may be another weak link in ensuring protection of data. Strong security policies and comprehensive training programs should be in place for employees involved in the IoT/IIoT environment.
Although Internet of Things security is clearly becoming a priority, many device manufacturers or companies using IoT networks are not giving it enough consideration. When building systems and selling devices they don’t make sure their devices are patchable, which may render them non-compliant or completely obsolete from the security point of view.
Before investing in IoT networks, it is essential to evaluate the security capabilities of the devices in terms of security future-proofing.