IOT: Top 5 Things to Know About IOT Computer Security
Our CTO at SwitchDoc Labs (Dr. John Shovic) has run a computer security company and has taught computer security and information warfare at the undergraduate and graduate level at several universities. He is in the process of writing a book, to be published in April 2016 about the Internet Of Things (IOT) and one of the chapters in the book is about computer security and the IOT. In his book he is taking a different look at computer security than most. While he is discussing methods of encryption and authentication, he is also taking a top level view of the problem and a realistic view of what can and can’t be done with the small computers that make up the IOT.
With that, here are his thoughts about the Top 5 Things to Know About IOT Computer Security:
Number 1: This is important. You can prove your application is insecure, but you can’t prove your application is secure.
What? That doesn’t make any sense. My application only has 200 lines of code in it and I can see that it is secure!
There are two things to consider here. The first of all is those 200 lines have been compiled by a compiler that has 100,000+ lines of code. The operating system you are running on has at least 25,000 lines of code (yes, even an Arduino) and millions of lines of code in a Raspberry Pi or Windows machine. Your 200 lines of code interact with tens of thousands of lines of code. You don’t know how big your own program is. You don’t know about the compiler. You don’t know about the operating system. Yes, some micro controllers allow you to set up everything, but in todays development systems this is the exception, not the rule.
The second thing to consider is a proven theorem from Matt Bishop’s excellent book on Computer Security: “It is undecidable whether a given state of a given protection system is safe for a given generic right.” What does this mean? It means that “You can tell if your computer program is secure, but you can’t know if it is insecure“. Ouch.
Number 2: Security through Obscurity is not Security
An IOT system that relies on secrecy of the implementations or components of the system, is not security. Obscurity can be part of a defense in depth strategy but should not be relied on to provide security. Yes, someone can take your design and reverse engineer it and find out everything about it. Using a different port for SSH doesn’t even slow down hackers these days. People can snoop on what you are sending and figure it out. Your system needs to rely on the key to your system and not the structure of the lock.
Number 3: Always Connected? Always Vulnerable.
Every moment that your IOT device is connected to the Internet or the network is a moment that it can be attacked. Keep your device off the network as much as possible. This saves power too, which is often a defining design criteria.
Number 4: Focus on what is important to be secure in your IOT Application
Does a hacker care that the temperature in your aquarium is 85 degrees? Probably not. Do you want them to be able to change the temperature in your aquarium? Probably. Do you want your front door lock (that is connected to the Internet?) to be secure? Yes, all the time. And no, you don’t want hackers to be able to tell if the door is locked or unlocked. Just remember all the encryption in the world doesn’t matter if a person has the key. In this case either a physical key or a cryptographic key. Both can open your door. In our door lock IOT application, we must keep the key safe.
Number 5: Computer Security rests on three main Aspects: Confidentiality, Integrity and Availability
Confidentiality is defined as the concealment of information or resources. Keeping things secret (like keys) so the hackers can’t use them.
Integrity is defined as the trustworthiness of the data or resources. Making sure that a hacker can’t forge the directives to open your house door or car doors. Oh, that happens. Not good when it does.
Availability refers to the ability to access information or resources when required. If someone is doing a Denial of Service on your house or your Internet provider, you can’t get to your door lock. Yes, even with an Internet connected door lock, you should take your physical key along. And don’t set the access code to your birthday.
Conclusion
The IOT represents a huge opportunity to improve peoples lives and experience. When you design your Internet Of Things killer application and device, design security in from the beginning. Don’t tack it on to the end.
More on computer security in the IOT in future postings. Stay tuned.