The importance of security in an IoT world

Shane Buckley, CEO, Xirrus

In October 2016 the world received a harsh wake-up call about the importance of IoT security, says Shane Buckley, CEO of Xirrus.

The trigger? A catastrophic distributed denial-of-service (DDoS) attack that created a massive Internet outage for millions of users on the east coast of the United States. The attack disrupted many popular websites such as Netflix, Twitter and Paypal.

An investigation revealed that the method behind the hack involved infecting thousands of connected devices with unchanged default passwords. Routers, surveillance cameras and other IoT devices with unchanged default passwords were infected to form a botnet that launched a denial-of-service attack on Dyn, a major internet services provider.

Increasing IoT awareness

The aftermath of the attack highlighted the challenges posed by IoT devices. With Gartner predicting the number of IoT devices will grow to more than 20 billion by 2020, the focus on IoT security is becoming increasingly important.

Engineers have pioneered new ‘IoT-aware’ Wi-Fi networks, which are designed specifically to accommodate the unique security challenges of IoT devices.Phone

Organisations and users face two primary challenges when it comes to secure deployment of IoT devices. They must have the ability to connect to Wi-Fi in a simple manner, given their mass numbers, and then remain secure once connected.

Given that adding more security features to a network tends to reduce the simplicity of connecting devices, it can be difficult to achieve both goals simultaneously. Fortunately, there is a way to keep both pillars structurally sound.

Connecting securely

Public Wi-Fi networks that are encrypted typically use shared passwords, providing a false sense of security. While virtual private networks (VPNs) provide an appropriate secure solution, they add complexity, cost, and time – meaning most users won’t bother.

To connect IoT devices securely to a Wi-Fi, an ‘IoT-aware’ network runs ‘User Pre-Shared Key’ (UPSK) technology. Simply put, this creates a new UPSK for each device, ensuring every device has unique security credentials within the network, and security credentials never get openly shared. Most IoT devices do not have keyboards or browsers, and cannot connect to traditional captive portals to enter their security information.

Controlling the network

Very few public Wi-Fi networks protect user data. The networks simply do not encrypt the Wi-Fi data, opening up a myriad of security risks if the user is not taking appropriate precautions. Hackers can intercept user data and if it is not encrypted, steal passwords, credit card information, company data, and more.

An ‘IoT-aware’ Wi-Fi network uses Application Control (Deep Packet Inspection) technology. The traffic control process starts by feeding this application intelligence into the policy engine. Once in action, the engine works to identify and classify IoT devices by type.WIFI HotSpot

The network can then enforce firewall rules on devices according to their type (sensor, appliance, etc.). Meanwhile, the network also implements policies that control the application(s) each device uses, through methods like prioritisation, bandwidth throttling, and blocking controls.

The IoT security balance

The two pillars of simple access and security must work in unison. The first provides a simple way to securely connect devices to the Wi-Fi network, while the second ensures only the IoT application can traverse the Wi-Fi network from the IoT device to the server.

Combined, these two pillars could have prevented the DDoS attack last October that originated from Wi-Fi enabled IoT devices. Even with default passwords in place, the malware could not have communicated to the Dyn servers while the application rules were in effect, which would have eliminated the malware’s impact. To safely unleash the full power of the IoT world, we need to start with smart Wi-Fi that keeps us both connected, and secure.

The author of this blog is Shane Buckley, CEO, Xirrus

Comment on this article below or via Twitter: @IoTNow_ OR @jcIoTnow

Recent Articles

Avoid IoT project failure with device design, data handling and connectivity that enable the business outcome

Posted on: April 7, 2020

Findings from Beecham Research’s recent report on ‘Why IoT Projects Fail’ relate closely to whether or not deployments achieve the anticipated business outcomes. In a discussion with Robin Duke-Woolley, the chief executive of Beecham Research, Nick Earle, the chief executive of Eseye, explores how organisations approach their IoT deployments from identifying the initial business goal

Read more

COVID-19 is writing a new world order

Posted on: April 6, 2020

Amidst the socio-economic disruptions caused by COVID-19, the common cause of finding a solution to the pandemic has brought together individuals, institutions, communities, governments and society at large. Looking at such collaborative initiatives, says CP Gurnani, MD and CEO, Tech Mahindra.

Read more