written 2.7 years ago by |
Security in IOT :- IOT security refers to the methods of protection used to secure internet-connected or network-based devices. The term IoT is incredibly broad, and with the technology continuing to evolve, the term has only become broader. From watches to thermostats to video game consoles, nearly every technological device has the ability to interact with the internet, or other devices, in some capacity.
Few of the IoT security challenges that continue to threaten the financial safety of both individuals and organizations :-
1. Remote exposure - Unlike other technologies, IoT devices have a particularly large attack surface due to their internet-supported connectivity. While this accessibility is extremely valuable, it also grants hackers the opportunity to interact with devices remotely. This is why hacking campaigns like phishing are particularly effective. IoT security, like cloud security, has to account for a large number of entry points in order to protect assets.
2. Lack of industry foresight - As firms continue with digital transformations of their business, so, too, have certain industries and their products. Industries such as automotive and healthcare have recently expanded their selection of IoT devices to become more productive and cost-efficient. This digital revolution, however, has also resulted in a greater technological dependence than ever before.
3. Resource constraints - Lack of foresight isn't the only IoT security issue faced by newly digitized industries. Another major concern with the IoT security is the resource constraints of many of these devices. Not all IoT devices have the computing power to integrate sophisticated firewalls or antivirus software. Some barely have the ability to connect to other devices. IoT devices that have adopted Bluetooth technology, for example, have suffered from a recent wave of data breaches. The automotive industry, once again, has been one of the markets hurt the most.
Privacy in IOT :- Internet of Things privacy is the special considerations required to protect the information of individuals from exposure in the IoT environment, in which almost any physical or logical entity or object can be given a unique identifier and the ability to communicate autonomously over the Internet or similar network. Privacy is a very broad and diverse notion for which literature offers many definitions and perspectives.
Privacy in the Internet of Things is the threefold guarantee to the subject for -
- awareness of privacy risks imposed by smart things and services surrounding the data subject
- individual control over the collection and processing of personal information by the surrounding smart things
- awareness and control of subsequent use and dissemination of personal information by those entities to any entity outside the subject’s personal control sphere
Authentication in IOT :- Authentication is the process of identifying the device. For Message Queuing Telemetry Transport (MQTT), the process of authentication is to confirm that the device’s client ID is valid; that is, the ID belongs to the device in question.
The ability to secure data and limit it to only those with the correct permissions is not a new idea and is used extensively in many industries. One can only wonder why connected devices were not subject to the same security principles from the beginning.
There are simply too many categories of IoT devices to mention in a post of this size but they vary widely in terms of security levels. Some connect using proximity-based protocols such as Bluetooth, RFID (radio frequency identification), or Wi-Fi while others use GPS, 4G or are hard-wired. Connecting them is often as easy as scanning for nearby devices, by inputting a short code (that may or may not be changed from a default) or by using a form of multi-factor authentication to verify device and recipient permissions.
Trust in IOT :- The word “trust” in this context means reliance. A trust model shows how each entity in an ecosystem relies (or could rely) on another. And human-centric in this context means a trust model aimed at giving effective administration of security, not to computing professionals, but to average users.
Various components of such a model :-
Devices and Hosted Applications - When I bring an IoT device into my environment, what aspects can I rely on for security, safety, and privacy? What are the intrinsic properties and capabilities of the device that make it trustworthy?
Resources - An IoT device can have various resources made available to a number of entities through the Internet. They might consist of device controls and state information, as well as streams of information from connected sensors and computation capabilities.
Trusted Attributes - Consider this context: if I give a youngster access to some home automation capabilities, I might want to be reminded that this action includes a hot water temperature control and isn’t considered child safe by the developer.
Delegating Trust - When I bring a device home, I claim it as mine, perhaps with some straightforward gesture. Only I can control it and be privy to the data it collects.
Virtual Composite Devices - These human-centered difficulties need to be considered in IoT trust models because physical devices can be virtualized and/or be parts of virtual composite devices, the components of which may interact.