Building the Internet of Trusted Things
The past few years have seen a steady increase in the number of devices connected to the Internet, ushering in the era of the Internet of Things. Devices as diverse as cars, TVs, electric meters, home alarms, and door locks, pace makers and insulin pumps are connecting to the Internet. According to Gartner, approximately 3.9 billion connected devices were in use in 2014 and this figure is expected to rise to 25 billion by 2020.
The purpose of the Internet of Things is to offer consumers innovative products to enhance their lives. For example, smart electric meters can use information provided by a smart grid and turn on/off selected appliances to optimize energy cost savings. Smart homes may rely on smart locks that give the possibility to use a smart phone at a distance to open/close doors and windows. Connected cars have the ability to record and report diagnostic information, and arrange appointments at repair-shops when needed. Connected pacemakers allow monitoring patients in their homes rather than in medical facilities.
The potential economic impact of the Internet of Things is huge. It will be $4 trillion to $11 trillion a year by 2025 says a report published by McKinsey Global Institute.
The flip side of the rise of Internet augmented products is that the Internet of Things has glaring security weaknesses. In other words, connected devices can be easily hacked. A recent HP Research study reported that the average Internet-connected consumer device has a staggering 25 security vulnerabilities and 70% have at least one such vulnerability. Hackers can take advantage of those vulnerabilities to launch cyberattacks aimed at taking control of devices, stealing sensitive information, or disrupting essential services. For example, a cyberattack could take control a home’s smart electric meter in order to cut off power supply to security mechanisms and make a burglary attack a lot easier. As for cars, they are becoming more susceptible to cyberattacks because they are increasingly computerized. Hackers could for instance take full control of a car or disrupt essential car operations with potentially disastrous effects. A recent report by two security researchers compiled a list of most hackable cars, and surprisingly, world-renowned cars such as the 2014 Jeep Cherokee and 2014 Toyota Prius are among the most hackable. In the case of the Prius, the car’s radio and Bluetooth systems share a network with the steering, brakes, and tire pressure monitor.
In order to build a more secure Internet of Things, a comprehensive security framework should be devised. The framework has to be designed in a way that takes into account the fact that most of the devices that form the Internet of Things are embedded systems with limited resources (especially storage space and processing power). The security framework needs to address the following issues:
• privacy threats: here, determining the amount of sensitive information that needs to be collected is the core issue;
• lack of authentication and authorization: mechanisms such as passwords of sufficient complexity and length, certificate-based authentication and, in the long run, smartphone-based biometric authentication are essential to address this issue;
• insufficient confidentiality and integrity: here, encryption, lightweight firewalls and rules-based filtering play crucial roles;
• insecure software and firmware: it is of primary importance that connected devices’ software and firmware are securely updated on a regular basis which implies that the devices should be designed in a way that enable software and firmware downloads and an extensive use of encryption.
In summary, the Internet of Things has a shining future; it has the potential to transform the lives of billions of people around the globe. But in order to realize its potential, it has to overcome major challenges and addressing cyberattack threats is one of those challenges.
Rafik Hanibeche & Adel Amri (Trustiser Founders)