Two years ago, our “Collaborative Security Approach” proposed a way of tackling Internet security issues based on the fundamental properties of the Internet and the voluntary cooperation and collaboration that’s been prominent throughout the Internet’s history. In this post, let us look at each of the five key Collaborative Security characteristics as they apply to security of the Internet of Things (IoT).
Fostering Confidence and Protecting Opportunities. In short, we should always have these objectives in sight when developing security solutions.
The IoT is a rapidly developing industry sector. Beginning with providing internet connectivity to isolated systems (e.g. cars, early generation SCADA systems), it is evolving into complex distributed systems enabling communication between (embedded) sensors and actuators with application, data storage and middleware components.
The main drivers for this explosive development are:
- cheap and small sensors and actuators that can be attached to almost any physical object;
- ubiquitous wireless connectivity;
- application clouds, allowing to separate an upgradable intellect from the “smart” objects themselves (a more appropriate name would in fact be “dumb objects”).
Unfortunately, as is often the case with fast-pace developments, security of IoT components and the system as a whole is lagging. Price and functionality features take higher priority.
We need to make security and privacy the most important features. Never before has the virtual world penetrated so deep into our physical lives, and if the gap isn’t shortened there is a high risk of long-term damage to user confidence in the IoT.
Addressing security challenges must be done while preserving the fundamental drivers. For example, too rigorous security requirements for devices may stifle innovation and development, while addressing system wide security is a more appropriate and long-term strategy.
Collective Responsibility. This notes that participation on the Internet means global interdependency. If participants act solely in their own self-interest, not only is the security of the internet affected, the social and economic potential of the internet to the global community also diminishes.
The IoT is not a thing, not even zillions of things; it is an interconnected system. Subsequently, there are many parties with a stake in security, including:
- Vendors of sensors and actuators (devices)
- Middleware developers
- Application developers
- Protocol developers
- Middleware operators
- Application services operators
Figure 1: Generic IoT model
All of them are interested in a sustainable IoT, but not all of them realize its dependence on security. Each player has responsibility in the overall security of the system, and each of them can be the weakest link that undermines it.
And we should not forget another important “stakeholder” – the user, be it an organization, municipality, government, or individual. All of them have a stake and responsibility. Their choices define how valuable security features are.
Fundamental Properties and Values. In short, solutions should be compatible with human rights, values, and expectations (e.g. privacy), and what we call the “Internet Invariants” (open standards, voluntary collaboration, reusable building blocks, integrity, permission-free innovation, and global reach).
As I just emphasized, the IoT is a system that should be analysed and addressed as a whole. Focusing on isolated components without holistic risk and threat analysis tends to provide temporal fixes (if any), and may significantly hinder the innovative potential of the IoT.
Because the Things in IoT are part of the bigger internet, it is important that the solutions build on and do not harm the fundamental properties of the internet – the Internet invariants.
Privacy implications of unsecured IoT systems are far reaching. Even if the system is secure, the breadth of the data collection should be carefully assessed. Recommendations outlined in the 2016 Global Internet Report provide an essential baseline.
In the IoT world, security and privacy often translate into human safety; these crucial factors should be part of the overall risk analysis and risk management.
Evolution and Consensus. In summary, security solutions must be grounded in experience, developed by consensus, and evolutionary in outlook. They need to be flexible enough to evolve over time. In a quickly evolving system, an open, consensus-based participatory approach is the most robust, flexible, and agile.
Security building blocks with a proven track record of protection and deployment in the greater Internet should be used as much as possible. Not every solution works for the Internet; some take off quickly and some never see wide deployment. This experience should be used when looking at security solutions for the IoT.
IoT is rapidly evolving. The most effective solutions are those that anticipate the development trend and address the problems of tomorrow. In developing such solutions, all players need to be brought to the table to produce most robust, flexible, and agile outcomes.
Today, there is a tendency to associate almost any device connected to the Internet with the IoT. Many such devices, like modems, routers etc., have existed since the birth of the Internet, and if we only focus on solving their problems we will miss important emerging threats. IoT systems are distinct in how the “things” are communicating, and how they are administered and controlled. Recognizing these patterns and trends is a key to effective long-term solutions.
Think Globally, Act Locally. For greater effectiveness and efficiency, solutions should be defined and implemented by the smallest, lowest, or least centralized competent community at the point in the system where they can have the most impact.
IoT security is hampered by negative economic factors, such as negative externalities and information asymmetry. This is not unique to the IoT; our recent analysis of data breaches revealed similar issues.
For instance, device vendors do not provide strong security because they do not bear the costs of security exploits. And consumers have no way to assess the security of the IoT system as a whole, thus diminishing motivation for the vendors to deliver secure solutions. There are other examples.
I mentioned several key players that take part in creating an IoT ecosystem. Understanding the relationships between them, their motivations, and incentives helps steer their behaviour and operation toward most favourable outcomes.
For example, raising consumer awareness of the risks of connected devices can help establish ranking or certification programmes, like the one started by Consumer Reports in the USA.
What is crucial here is “norm setting” based on industry-developed and agreed principles and recommendations. A great example of such an effort is the Online Trust Alliance IoT Trust Framework that includes 37 principles addressing privacy, security, and sustainability of the IoT systems.
Looking at the trends again, it seems that consumers will be less interested in do-it-yourself IoT installations, but rather go for a “platform,” like HomeKit, Alljoyn or Weave. The platform vendors and operators can differentiate themselves based on security and privacy protection of their systems, as well as provide necessary pressure on the component suppliers (for example, through programs like MFi by Apple. Providing independent assessment of the security level of the platforms and associated certification or ranking can have a significant impact on the whole IoT ecosystem. Again, security frameworks like the OTA IoT Trust framework provide a good foundation for such activity.
It is unrealistic to expect we can achieve absolute security for the IoT. Nor it is necessarily desirable, as getting closer to this goal may have unbearable costs. It is about how to keep pace and strike right balances when trade-offs are encountered. We hope that the collaborative security approach can help us think about both.