We are all familiar with the term “Internet of people.” Every minute, there are around four million posts being shared on Facebook, around half a million tweets, and hundreds of hours of new videos being uploaded. You might even share this article via one of the social media. There is no doubt, this is a successful revolution.
Nowadays, we are experiencing the revolution of the Internet of Things (IoT). Basically, “Things” can communicate between themselves. For example, lighting systems can adjust the lights in your living room, cars can be self-driven, and so on. it is estimated that by 2020 there will be around 100 billion IoT devices in use (accounting for nearly half or more of all connected devices).
The growth of the Internet of Things (IoT) in our daily lives creates immense opportunities and benefits for our society. However, IoT security has not kept up with the rapid pace of innovation and development, leading to substantial security flaws and jeopardizing our privacy. In the past year, we have heard a lot about security breaches, documents being stolen, hospitals and power plants being shut down—all due to cyberattacks. Today, anyone can be a hacker, even without deep technical knowledge. It just takes downloading some script and running them (so-called script kiddies). “Things” that are supposed to protect us (home security cameras) are opening doors for new types of thieves. This happens because software is not adequately secured.
As engineers, we should emphasize security from day one. Or, in other words, we must secure by design. In order to make IoT more secure, we must re-think and focus on a few elements.
When we build an IoT device, we must consider three main pillars:
- Confidentiality —Access to data or functionalities should be authorized on a need-to-know basis only. This means using better authentication. For example, authenticate using two factors — something that the user knows (password) and something that the user has (send SMS to a phone). At the moment, many devices use default usernames and passwords that are rarely changed.
- Integrity — We need to ensure data is not tampered with or altered by unauthorized users.
- Availability — We need to ensure systems and data are available to authorized users when they need it.
This is especially important because we are also moving toward the edge of distributed systems. There is too much data being collected and the cloud cannot process it efficiently or quickly enough. Consider a self-driving car that collects images for navigation—sending that data to the cloud, processing it, and sending it back it takes too long. So, each device will be able to manage micro-processes by itself. Therefore, the device as well as the cloud will have to be protected.
Another important aspect is securing IoT networks — IoT network security is more challenging than traditional network security because there is a wider range of communication protocols and standards. We need to protect these new end-points using traditional methods, but also create new innovative solutions. For instance, we can monitor the network and detect suspicious behavior using artificial intelligence.
We are living in exciting times. Things that until recently would be possible only in Hollywood exist in real life. However, in addition to better regulation, companies and engineers must take greater responsibility and focus on protecting users and their data—not because it is easy, but because it is necessary.