Cyber security and the Internet of Things: Future-proofing IoT security

The Internet of Things is changing the way we live and work. It’s not just industry that will benefit: the IoT is already transforming the way all of us interact with objects in our daily lives. But, the approach to IoT security is currently highly fragmented and in certain instances, non-existent.

There is a need for common standards to ensure the IoT is provided with baseline security.Consideration should be given to identity-based public key cryptography, which, due to its characteristics, can provide a sector-agnostic baseline security, from smart homes through to industrial IoT, says Roderick Hodgson, director, Secure Chorus.

This was the theme of a recent talk I delivered to the European Telecommunications Standards Institute (ETSI) Security Week held at ETSI’s headquarters in Sofia Antipolis, France. I was speaking as director with special responsibility for technical oversight of Secure Chorus, a not-for-profit organisation that provides thought leadership, common standards and tangible capabilities for the cyber security industry.

I also reported that industry as a whole is currently seeing a 600% annual increase in IoT cyber-attacks, with commercial and industrial electronics, utilities, medical, automotive and transportation, being most at risk by virtue of being at the forefront of IoT adoption.

The IoT is not a device or technology, but a framework for embedding connectivity and intelligence through a range of devices. Collecting and reacting to data in real-time is the key capability brought to life through the IoT. Data can be collected on a range of devices and can be accessed and interpreted through new computing technologies.

Cloud computing, analytics engines and big data solutions, bring about tremendous innovation when combined with the IoT. State-sponsored attacks, massive economic shutdown, and attempts to cause widespread chaos are all plausible risks in a world where IoT systems are bigger than the sum of their parts.

While the IoT is not a new phenomenon, increasing numbers of devices are being connected and becoming smarter. This trend is occurring across sectors including some considered to be critical national infrastructure (CNI), making cyber security a leading concern. Catastrophic failures in nuclear, aviation and essential services need to be considered by manufacturers, adopters of industrial IoT, nation states and regulators.

The IoT deployments face critical cyber security risks:

  1. The number of devices that need to be secured is far greater than in the traditional business and industry IT environments;
  2. Devices and systems found in the IoT are highly varied. While some solutions rely on low-power and low data bandwidth, others are dedicated to performing far more computation over high-speed networks;
  3. IoT devices are being used across a wide range of environments, each presenting challenges caused by differences in processing capabilities, use cases, network capabilities and physical locations; and
  4. IoT devices are becoming component parts of systems that directly affect health and safety.
Roderick Hodgson

The issue of simultaneously addressing authentication and security challenges in IoT systems can be met with the use of ‘identity-based public-key cryptography’, in which the cryptographic keys are directly tied to the identity of an IoT device or sensor.

The added use of Key Management Servers (KMS) simplifies key management, providing scaling to number and compatibility with the wide variety of devices and sensors, while at the same time ensuring that trust can be provided between parties for the devices they control, beyond the perimeter of a single system or organisation.

Secure Chorus has enabled the development of an ecosystem of Secure Chorus Compliant Products (SCCP) ensuring the following:

  • Data security – This is achieved with end-to-end encryption to ensure that any data processing activity can be undertaken without compromising data security.
  • Data ownership – This type of cryptography includes a Key Management Server (KMS), giving the system owner full control of system security.
  • Identity based public key cryptography does not require expensive and complex supporting infrastructure for distributing credentials, allowing for at-scale implementation. This represents substantial innovation in the field of cryptography.

One of the biggest challenges in securing IoT is to find a solution that works for low-power devices, while being secure enough for critical infrastructure systems. Data Security, authentication and trust are best achieved in an IoT environment through the use of the identity-based public-key cryptography protocol.

MIKEY-SAKKE is one such identity-based public-key cryptography protocol, providing effective authentication, key distribution and revocation in a variety of deployment scenarios. Secure Chorus and its members have chosen MIKEY-SAKKE as our open cryptography standard, allowing us to develop interoperability standards for MIKEY-SAKKE based multimedia communications solutions.

The author of this blog is Roderick Hodgson, director, Secure Chorus

About the author

Roderick Hodgson is a technologist and innovation strategist with oversight of all technology aspects of Secure Chorus, including technical management, setting technical strategy and representing the technology externally.

Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow


What Matter? – The newly smart home standard

Posted on: December 2, 2022

Matter is an industry-unifying IoT wireless network standard that still needs to be released. It strives to become a reliant, frictionless, safe communication basis for connected objects. The project was announced and started in 2019. By utilising a specific collection of IP-based networking technologies, initiating with Thread, wi-fi, and Ethernet, Matter is a platform built

Read more

Ericsson, Thales launches IoT accelerator device connect with eSIMs for enterprises

Posted on: December 2, 2022

Ericsson’s Internet of Things (IoT) business, in partnership with Thales, launches IoT Accelerator Device Connect, a service offering generic eSIMs unbundled from pre-selected Service Providers. For the first time, enterprises have the flexibility to select one or more Service Providers easily and instantly at the time of device activation. This new business model dramatically accelerates

Read more

The IoT Adoption Boom – Everything You Need to Know

Posted on: September 28, 2022

In an age when we seem to go through technology boom after technology boom, it’s hard to imagine one sticking out. However, IoT adoption, or the Internet of Things adoption, is leading the charge to dominate the next decade’s discussion around business IT. Below, we’ll discuss the current boom, what’s driving it, where it’s going,

Read more

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, home automation using iot is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more

5 challenges still facing the Internet of Things

Posted on: June 3, 2020

The Internet of Things (IoT) has quickly become a huge part of how people live, communicate and do business. All around the world, web-enabled devices are turning our world into a more switched-on place to live.

Read more

What is IoT?

Posted on: July 7, 2019

What is IoT Data as a new oil IoT connectivity What is IoT video So what’s IoT? The phrase ‘Internet of Things’ (IoT) is officially everywhere. It constantly shows up in my Google news feed, the weekend tech supplements are waxing lyrical about it and the volume of marketing emails I receive advertising ‘smart, connected

Read more