How to Overcome Security Challenges in IoT

Printer-friendly version
Sub Heading: 
Mahabaleshwara Hegde, Services Architect, CA Technologies India Pvt Ltd.

How to Overcome Security Challenges in IoT

Mahabaleshwara Hegde, Services Architect, CA Technologies India Pvt Ltd.

The development of the Internet of Things will occur within a new ecosystem that will be driven by a  number of key players  These players have to operate within a constantly evolving economic and legal system, which establishes a framework. IoT brings together connected devices with people, process and data, it’s even more imperative that we ensure the things we connect are secure. Human being should remain at the core of the overall vision, as his or her needs will be pivotal to future innovation in this area. Indeed, technology and markets cannot exist independently from the over-arching principles of a social and ethical system. The Internet of Things will have a broad impact on many of the processes that characterize our daily lives, influencing our behavior and even our values, with this context security, privacy and polices, governance are very important and vital part of IoT Ecosystem.

Following are the major security concerns and which needs to be addressed.

  • Data confidentiality
  • Privacy
  • Trust
  • Policies

How to overcome these challenges

•      Data collection and analysis, Data ownership in distributed network (Data democratization): Data management  and confidentiality is very crucial and vital part of IoT. Big data, Big table other new technologies are applicable in this area.
•      New approach for personal data management: IoT interacts with various application and traverse in various networks. Hence need to have right approach towards personal data management. Storage, encryption, identity of person who is using it, authorization in whole vale chain
•      Complex Event Processing: In IOT various things needs to be context driven which is very key. Hence event driven process becomes very complex. Hence right technology like MQTT (MQTT is a machine-to-machine (M2M)/"Internet of Things" connectivity protocol) and messaging is very important.
•      Semantic network, sensors and data annotation: Utilizing metadata and semantic annotations to describe sensor/actuator and in general real world and logical world resources (i.e. ”things”) in a scalable and heterogeneous platform will enable different communities to exploit the emerging data and exchange information and knowledge in a collaborative environment. Semantic annotations, no matter inferred from the sensor data or provided by users, represent the context data which can be utilized to create context-aware applications.
•      Standardization and Interoperability: IoT space there various area like message exchanging, transport, security protocol common  standards are emerging. Like CoAP transaction which consumes less power than HTTP, direct access to web service enabled devices (Service orientation) etc.
•      Data sharing and optimization techniques: The optimizations are targeted directly or indirectly data sharing and storing w.r.t devices and network bandwidth and IOT enabled applications. It also covers data caches and dynamic and updates, concurrency techniques.

Privacy
•      User centric context-aware privacy and privacy policies
•      Data protection (Transmission and storage of data with Distributed systems, networks and applications)
•      Data minimization
•      Identification
•      Location privacy

It is very important to safeguard location of users make it available public at the same time using it for security purposes.
•      Personal content and Personal behavior which are purely private data collected by sensors/device

It is very important  safeguard the personal content and behavior patterns (based on the logs which are generated by devices). Hence there should be very structured logging and safe access to those logs

Trust
•         Key Management
Key management at devices and M2M level. Normally key exchange, encryption and decryption comes with cost. In IoT area we need to look into low cost, low power consumes and secured way of communication.
•         Attribute-based cryptography: This is new and latest light weight cryptography for messages exchange which is very relevant for IOT
•         Authentication: In IOT below are key authentication mechanisms to be established rather traditional way of authentication one factor or 2FA
           -- Source authentication
           -- Group authentication
           -- Mutual authentication
           -- User profiling
 
Key takeaway from the presentation
•      Brief about IoT and its Landscape
•      IoT Ecosystems and Roadmap
•      Applications and generic architecture
•      Security Concerns
•      How to overcome  IoT security and challenges (Privacy, data , trust , network , policies, governance)
 


Mahabaleshwara Hegde is a Services Architect with over 18+ years’ experience in CA Technologies. Current focus is on technical design , integration of CA security products like CA Authminder, CA Riskminder, CA Siteminder in an enterprise with CA Security Services and security domain. Focusing IOT and security on IoT space. He brings extensive experience on Enterprise Applications development and deployment using SUN/Oracle, IBM , Redhat and other Open Source technologies. He is a TOGAF 9 Certified Architect.
 

 

 

Home | Sitemap | Privacy | Legal