For the Internet of Things (IoT) to be safe and secure, there can't be any question about exactly who or what is on the other side of a transaction. There are two common ways that malicious hackers accomplish IoT attacks. One way is to replace original sensors with devices that have been compromised. Another way is to gain remote unauthorized access and transmit signals to a connected device.
Establishing digital identity and trust among all IoT devices prevents these two problems. How is such trust established? Through comprehensive approaches to Identity and Access Management (IAM) practices.
Monika Jha of Allerin discusses the following scenarios, as well as the IAM practices that make the IoT environment secure.
Scenario: Garage Door Security Breaches
Many smart garage doors feature network connectivity and IoT capabilities. If the garage door's digital identity is not protected and secured, it's vulnerable to thieves who can maliciously open the door remotely and enter the home with ease.
The IAM solution to this frightening security breach is to assign unique digital identities to all sensors in the IoT ecosystem. All sensors and devices--including a home's smart garage door--should have their own digital identities to ensure that they're distinguished from each other. This is done by converting pieces of information from the sensors into a digital identity record. The digital identity record includes a device's model number, information about its manufacturer, and more.
This unique-identities solution is easier said than done. The world's population is projected to be at almost 8 billion people as quickly as 2020, and much of that population will have several smart devices in the home. Therefore, assigning IoT identities is no small undertaking. Nevertheless, unique IoT identities will be crucial for security and trustworthiness within the interconnected ecosystem.
Scenario: Smart City Vulnerability
Some smart cities feature life-saving earthquake sensors. These sensors have the ability to send signals to shutdown facilities in earthquake affected regions to help protect against further destruction.
As beneficial as these sensors are, however, they can make smart cities vulnerable to hackers--malicious actors who can create devices that endanger public services. When hackers replace original sensors with compromised devices, none of the data from those devices can be trusted. This becomes even more of a problem when you consider the fact that even traffic lights are connected to sensors in smart cities.
When alarming security breaches happen, it is absolutely critical to be able to detect exactly which devices have been corrupted so they can be treated as malicious. To enable the awareness of malicious activity, it's important that the digital identity records of IoT devices are assigned a public key infrastructure (PKI) certificate. The PKI certificate, often assigned by the device's manufacturer, is provided at the sensor level.
Protection Beyond the Password
Unfortunately, traditional password protection is still used in an attempt to provide security in the IoT ecosystem. Default passwords for important hardware such as Wi-Fi routers are problematic in the struggle for security. Smarter solutions need to be implemented. Whether for automobiles, medical devices, security cameras or any other connected device, Identity and Access Management practices should be a high priority for security and safety.
Always enable two-factor authentication, because using it is a much smaller pain in the ass than trying to repair the damage from a hack. By the same token, conduct periodic reviews of the personal info on all your accounts to make sure the information is up to date. Outdated, unsecure accounts can and will be used against you.