Searching for a path to IoT security

My conversation with an informed skeptic.

1 2 3 4 Page 3
Page 3 of 4

Also provide a secure update mechanism, so users can securely patch their systems.  Those mechanisms exist; you don't have to invent things yourself.  You will, however, have to make an unpopular decision: Your devices must be updateable, and that means you can't go with a write-once system.  That will make the hardware a few cents more expensive.  You will also need to place a unique private key inside each device and you need to keep that key private.  That will add a step to your test processes and some extra IT infrastructure and protection.  You will also need to plan the infrastructure to monitor for security and safety issues and release updates as necessary.  For how long you ask?  Well, the market will ultimately decide that for you.  But if you sell a product that claims longevity, e.g., smart lightbulbs good for 50,000 hours, you better plan to provide security support for at least that length of time. “How could lightbulbs be a threat?” One manufacturer used a never-changing password that could be compromised.  Attackers were able to exploit this to establish a beach-head onto a wireless network, and use that beach-head as a basis for launching attacks on other networked devices.

SN: Another point of agreement: good systems engineering with diligent requirements definition are necessary to build AND maintain security in an IoT offering.  I don’t see that we need new fundamentals or process here, but I see a need for increased leadership in checks and balances as well as full product lifecycle management from a security point of view.  Clearly this is not happening enough today, but as we stated above there are multiple forces driving that change.  I believe we will see customers forcing the change through a combination of buying behavior and legal actions.

Security and Privacy:  Different but inseparable

SN: Let’s shift gears to privacy vs. security.  We both apply “security triads.”  Mine focuses on the functional needs for security in IoT from the user perspective.  One of these needs is Privacy.  This triad speaks to how security supports brand management by establishing trust with customers by meeting their security needs. 

user needs triad Scott Nelson

Assurance: Knowing that the data provided or processes controlled by the data are timely, truthful, and accurate. 

Privacy: Knowing that access to data and information is controlled and limited to those who are allowed to have access.

Liability: Knowing that the value of the asset or process to which the data applies is protected.

Your triad is more technically functional and I think does a better job of showing the interdependencies of functions involving security in systems design. 

system function triad Scott Nelson

Integrity: Knowing that the data has truthful value from an authenticated source. 

Confidentiality: Controlling access to the data or maintaining accessibility to the desired parties.

Availability: Providing the data to those parties for home the data is intended.

I see value in both perspectives but feel your point-of-view helps more with an approach to security.

TC: The policies and regulations come from different sources, but the engineering and technologies to provide security and privacy are strongly intertwined.  Some lawyers and scientists like to argue semantics.  I tend to favor simple models that give me tools to get work done.  The security model I use is simple: systems provide varying degrees of confidentiality (of which privacy is a factor), integrity, and availability.  Some systems stress certain aspects of those properties over others.  Historically, for instance, avionics and industrial controls emphasized integrity (do the right thing) and availability (when needed), over confidentiality.  Attackers exploited the lack of confidentiality controls to figure out which celebrities were flying, or what the recipes were for industrial chemicals.  So we saw confidentiality controls start to improve.  This relates to your triad; mine does not count for the strong legal aspect of liability or accountability of yours.  We saw this happen in aviation and the medical industry, where the law and regulations were necessary to protect innocent people from unscrupulous players. I believe we can combine the two triads into four-sided model to show how everything relates and is connected.

security surface polygon Scott Nelson

These properties, while different, rely on each other.  For example, many modern integrity controls follow a chain of reasoning that ultimately leads to a private cryptographic key to determine whether or not the device is running what it should be.  The integrity relies on that private key remaining private.  The Stuxnet attack and the RSA attack a few years ago are examples of what can happen when those private keys are compromised.  Security and privacy also have safety and dependability implications for safety-critical applications.  My go-to reference for all these terms is the IEEE article, “Basic Concepts and Taxonomy of Dependable and Secure Computing.”

1 2 3 4 Page 3
Page 3 of 4
7 secrets of successful remote IT teams