Promises and Perils of Internet of Technology

...

Internet (Software) + Thing\Device (Hardware) = IoT Environment

We cannot put security controls in Internet because it is open to everyone. The only other option left is to enable the security controls in the device. To enable the very basic security controls (i:e a userid\password verification) in a device, it needs to have at least some computing power (processor) and few blocks of storage capacity (memory). Unfortunately most devices lack these requirements whereas today’s smart phones have abundance of computing power and storage capacity. Smart phones have dedicated processor chips and expandable memory capabilities. This is the main reason why smart phones are so secure because with ample of processing power and memory, they are able to implement complex security mechanisms needed to safeguard information exchanged over the Internet. Further, even if some devices have basic computing power, they cannot afford to spend precious computing power on additional functionality beyond their core service. Serious malware detection capability within an affordable IoT device is not currently feasible. Hackers will have more opportunity to infect IoT devices and go undetected by the victim compared to infections that occur on smart phones. So, what are the desired security mechanisms that can make IoT devices secure? Next I am going to describe some of the complex security mechanisms that can be used to secure the IoT devices.

Security Best Practices:

1.Secure Booting: When the device is powered on then the software on the device is verified against the master copy of the encrypted software image. This is to detect any modifications made to the device software.

2. Device Authentication: Before the device actually starts communicating over Internet, it is verified against list of devices allowed to connect to the Internet. This process is equivalent to the authentication process we use to access our email accounts, online bank accounts.

3. Firewall: A firewall is special software that can filter the incoming and outgoing Internet communication based on a set of predefined rules. For ex; one common rule is that the communication you receive over Internet is intended for you only.

4. Access Control: Access control is another specialized software that controls the behavior of your device when it is compromised by outside hacker. Identifying a hack, it then limits the communication from your device to other devices on the Internet to check the damage.

How And When Will We Get A Secure Internet of Things?

The field of IoT security is still evolving. There is no silver bullet that can effectively mitigate all the threats. In addition to the above best practices there are many other initiatives in the experimental stage. New manufacturing processes generally result in faster and more efficient processors, thus providing device developers with enough processing power to implement complex security features. Chipmakers like Intel and ARM are offering better security with each new generation of processors. I should note that the Internet went through a similar phase two decades ago. There were a lot of security concerns, and the nineties saw the emergence of the internet-borne malware, virus attacks, sophisticated phishing and more. Every technology has its maturity graph and sooner or later it reaches there. I am hopeful that we will see tremendous improvements in the IoT security in near future. Till then we can enjoy playing with our smart phones\watches. Oops….it’s almost time for my walk. Where’s my smartphone…

Bibliography

Communications, B. (2014, 04 01). Explore Cloud Bulletin, Bulletin Board, and more! Retrieved 09 16, 2016, from www.Pinterest.com: https://www.pinterest.com/pin/53550683044230036/

IANS. (2016, 02 01). World's first Internet of Things has successful trial. Retrieved 09 16, 2016, from www.NewSx.com: http://www.newsx.com/tech/21394-worlds-first-internet-of-things-has-successful-trial

Wikipedia. (2016, 09 16). Internet of things. Retrieved 09 16, 2016, from Wikipedia: https://en.wikipedia.org/wiki/Internet_of_things

WindRiver. (2015, 01 01). Security in the internet of things. Retrieved 09 16, 2016, from http://www.windriver.com: http://www.windriver.com/whitepapers/security-in-the-internet-of-things/wr_security-in-the-internet-of-things.pdf

Please find attached document[1] I selected for the exercise 1. It is a white paper published by one of my clients I worked with early this year. The paper analyses one of the most promising upcoming technologies and explores the security loopholes associated with it.

The technology is called “Internet Of Technology” or simply IoT. There are many examples of this technology from our day-to-day lives. Perhaps one of the most common examples is the Smart Watch or Fitbit wrist monitors most people use to track their daily workouts. This is the technology that basically tracks your workout performance and sends you an email at the end of the day\week with the details of your workout performance.

There are couple of reasons as to why I picked this particular piece of business artifact for exercise1:

The very first reason is that it is directly related to my field of work. One of the main challenges in my field is to consume technical communication and reproduce it in a form which is easy to digest by a wide variety of audience including Government Officials, Common public (End Users), and non-technical team members. The document starts off with the high-level details and gradually exposes the finer technicalities of the subject matter. Its contents make it a suitable candidate for me to convert it into an essay that is easy to understand.

Secondly, we have a program at my consulting firm where in every year we have to spend one week teaching to the new hires. The new hires are sometimes young graduates or sometimes middle aged people switching careers. The main challenge for us is to dilute the technical teaching material (PowerPoint’s, system manuals, research papers) to a level where the audience easily and effectively absorbs the teaching material. I can very well use this white paper in my next teaching assignment. So in this way, this exercise will augment my work life. I hope I am able to justify the selection of this document for exercise 1.

What I want to achieve with this document: The white paper is a technical document and includes lots of technical details. I want to reverse engineer the document or in simple words,