https://www.iotworldtoday.com/wp-content/themes/ioti_child/assets/images/logo/footer-logo.png
  • Home
  • News
    • Back
    • IoT World 2020 News
  • Strategy
  • Special Reports
  • Galleries
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • IoT World 2020 News
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Video / Podcasts
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Strategic Partners
  • IOT World Events
    • Back
    • Internet of Things World: San Jose
    • IoT World 2020 News
Iot World Today
  • NEWSLETTER
  • Home
  • News
    • Back
    • IoT World 2020 News
  • Strategy
  • Special Reports
  • Galleries
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • IoT World 2020 News
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Video / Podcasts
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Strategic Partners
  • IOT World Events
    • Back
    • Internet of Things World: San Jose
    • IoT World 2020 News
  • newsletter
  • IIoT
  • Cities
  • Energy
  • Homes/Buildings
  • Transportation/Logistics
  • Connected Health Care
  • Retail
  • AI
  • Architecture
  • Engineering/Development
  • Security
ioti.com

Security


Image of closeup green eye

Five Best Practices For Developing Secure IoT Solutions

Padraig Scully shares exclusive insights from the latest IoT Analytics whitepaper on best practices in IoT security.
  • Written by Jeremy Coward
  • 7th June 2017

Padraig Scully, vice president of market research for analyst firm IoT Analytics GmbH, shares exclusive insights from the latest IoT Analytics whitepaper on best practices in IoT security:

Security is often an afterthought when developing IoT solutions. Security features are commonly cut from initial designs to accommodate additional device functionality. However, security needs to play a central role in IoT projects if we are to secure the Internet of Things.

The process of developing secure IoT solutions was recently analyzed as part of an industry white paper published by IoT Analytics with the title “Guide to IoT solution development”. In the paper, the analysts discuss the IoT Solution development process across 5 major phases: 1. Business case, 2. Build vs. Buy Decision, 3. Proof of Concept, 4. Piloting, and 5. Commercial Deployment.

According to the paper, discussions with IoT experts revealed the following 5 best practices to develop secure IoT solutions:

1. Use a security threats model to assess the attack surface

Security can’t be done by the device or cloud alone. Rather, both must work together and with each component of the solution to reduce the overall attack surface area and keep the weakest link to a minimum. It is important to realize that one weak link can open up your whole system (e.g., hackers have gained access to entire company networks by simply entering the default device password for an IoT connected surveillance camera).

Combining hardware and software solutions (i.e., cyber physical) that go from device to cloud and cover everything in between will enable more seamless security in IoT. OEMs /ODMs /device manufacturers need to understand that threats can come from a number of different areas and may be unknown initially; the STRIDE model outlines six possible threats to IoT.

STRIDE MODEL Example
Spoofing identity Attacker uses another user/device's credentials to access the system
Tampering Attacker replaces software running on the device with malware
Repudiation Attacker changes authoring info of malicious actions to log wrong data to log files
Information disclosure Attacker exposes sensitive information to unauthorized partners
Denial of service Attacker floods device with unsolicited traffic, rendering it inoperable
Elevation of privilege Attacker forces the device to do more actions than it is privileged to do

2. Implement security by design

Security-by-design is a fresh approach that entails security experts, architects and engineers from each layer getting involved in full architecture design of an IoT solution right from the outset and to create a security development lifecycle (SDL).

As outlined in IoT Analytics’ 2016 IoT platforms market report, thinking about security across the product lifecycle helps IoT developers build more secure software and address important security compliance requirements. Another innovation related to security-by-design is the involvement of an “attacker” performing penetration testing to assess the system and look for vulnerabilities in the product development process.

3. Force yourself to think security from end-to-end

IoT demands end-to-end security solutions that traverse the layers. A Senior Product Manager at a leading IoT cloud platform says “IoT Security must be consistent across the device OS, network, cloud and application.” Unfortunately, not all IoT systems are thought out from end-to-end. For example, in many cases identity verification is only available on the device level.

However, if a hacker jailbreaked the device he/she could remove software restrictions imposed by the OS and permit root access to the file system allowing them to install untrusted applications on the device. In case of such a hardware compromise the other layers should also confirm authentication of device and user identity e.g., the cloud should know which device is compromised and restrict access to the network.

4. Do not minimize security features to get the MVP out quickly

Companies developing IoT solutions often want to get to market quickly and overlook the importance of building crucial security features into their minimum viable product (MVP) or even beyond. In many cases, it is up to the solution providers to make the customer aware of threats and push for security.

However, with 360+ competing providers in the market today the competition is fierce and for companies the temptation to rush to market without the highest security level is unfortunately a reality.

5. Design the system using proven industry best practices

The white paper outlines some best-practices of engineers building secure IoT Solutions including:

  • Employing hardware-based security such as TPM 2.0 to offer an additional root-of-trust.
  • Using unique identity keys associated with the device (flashed into the hardware trust module or using manufacturer IDs e.g., Intel EPID).
  • Shielding devices behind a gateway or firewall.
  • Enabling user-selected device IDs verified across the stack e.g., on OS, Edge gateway, Cloud.
  • Employing secure boot processes for malware resistance (e.g., only run secure signed images).
  • Using a cross-stack standards-based security approach, thereby making it easy to adopt, easy to adapt (with the standard) and easy to justify to the stakeholders.
  • Auditing and monitoring events and potential breaches in real-time, employing security analytics.
     

It is worth noting, if the hardware is designed with vulnerability the end-to-end solution may still be compromised. Thus, it is important to not only look at the software security aspects but also the hardware aspects e.g., root-of-trust chip security, board-level protection and anti-tamper measures.

For more details on developing secure IoT solutions as well as other best practices for OEMs, ODMs, and device manufacturers check out the IoT Analytics’ “Guide to IoT solution development” white paper which is available for download free of charge.

Tags: Article Supply Chain, Transportation & Logistics Connected Health Care IIoT/Manufacturing Retail Security Smart Homes and Smart Buildings Smart Environments Energy/Utilities Strategy Technologies Vertical Industries

Related


  • Data-Driven Digital Transformation Propels Airbus to New Heights
    Airbus wanted to get more customer focused through data-driven strategies. But instead of gathering new data, it brought discipline to its existing data.
  • IoT security
    IoT Device Security: Risk Assessment, Hygiene Are Key
    As devices and data proliferate at the edge of the network, IT pros have encountered new challenges in securing enterprise IT systems.
  • Build Connected Devices on Twilio IoT’s New Platforms
    Does your embedded IoT development team need a tightly integrated, ready-to-deploy IoT platform that lets you quickly build and commission your connected devices to the field? Or does it need a highly flexible IoT platform that lets you reuse your code and do things your way, but still take care of critical security and reliability? […]
  • Drone Technology Extends Reach of Mobile IoT
    Drones are expanding the reach of mobile IoT and can be a low-cost and less dangerous way to address issues in the field.

Leave a comment Cancel reply

-or-

Log in with your IoT World Today account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Content

  • Five Principles in a Zero-Trust Security Approach to IoT
  • AI in Health Care Continues to Make Gains
  • Drone Infrastructure Needs Attention From Cities
  • Smart Transportation Projects Foundational for Sustainable Cities

News

View all

Private LTE Market Projected to Grow to $13 Billion

12th January 2021

IoT World Announces 2021 IoT World Advisory Board

9th December 2020

White Papers

View all

Smart and Flexible Automotive and Tire Production

20th December 2020

Unlock the Potential of Digital Transformation in Oil & Gas

15th December 2020

Special Reports

View all

Cybersecurity Protection Increasingly Depends on Machine Learning

28th October 2020

Webinars

View all

From Insights to Action: Best Practices for Implementing Connected Device Security

15th December 2020

Real Cyber Threats and Best Practices Cyber Security Strategy and Solutions for Smart Manufacturing

1st December 2020

Galleries

View all

Top IoT Trends to Watch in 2020

26th January 2020

Five of the Most Promising Digital Health Technologies

14th January 2020

Industry Perspectives

View all

IoT Spending Holds Firm — Tempered by Dose of ‘IoT Pragmatism’

1st December 2020

The Great IoT Connectivity Lockdown

11th May 2020

Events

View all

IoT at the Edge

17th March 2021

Embedded IoT World 2021

28th April 2021 - 29th April 2021

IoT World 2021

2nd November 2021 - 4th November 2021

Twitter

IoTWorldToday, IoTWorldSeries

The DOD turned to #kubernetes #containers for #IoTdevelopment to brace for rapid change. dlvr.it/RqzsLz https://t.co/t8W7coEdZN

20th January 2021
IoTWorldToday, IoTWorldSeries

Food for thought: Food and Beverage Industry eBook @ROKAutomation dlvr.it/Rqz00T https://t.co/Z3y18vuozF

20th January 2021
IoTWorldToday, IoTWorldSeries

Facility of the Future dlvr.it/Rqyzvm https://t.co/ytpsOUTtGP

20th January 2021
IoTWorldToday, IoTWorldSeries

A new day in automotive production #digitalmanufacturingsolutions @ROKAutomation dlvr.it/RqyrNS https://t.co/yxPFrBZGVg

20th January 2021
IoTWorldToday, IoTWorldSeries

Unlock the potential of digital transformation in Oil & Gas @ROKAutomation dlvr.it/RqyrBV https://t.co/kzHcGjf2OK

20th January 2021
IoTWorldToday, IoTWorldSeries

.@Airbus’s #datdriven #digitaltransformation focused on getting its existing data in order rather than just gatheri… twitter.com/i/web/status/1…

19th January 2021
IoTWorldToday, IoTWorldSeries

#EdgeNLP enables devices to do much more #NLP locally that better approximates human conversation.… twitter.com/i/web/status/1…

19th January 2021
IoTWorldToday, IoTWorldSeries

#Supplychain analytics, #digitaltwins and other tools are key to predicting COVID-19-style disruption in the supply… twitter.com/i/web/status/1…

18th January 2021

Newsletter

Sign up for IoT World Today newsletters: vertical industry coverage on Tuesdays and horizontal tech coverage on Thursdays.

Special Reports

Our Special Reports take an in-depth look at key topics within the IoT space. Download our latest reports.

Business Resources

Find the latest white papers and other resources from selected vendors.

Media Kit and Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • IoT World Series
  • Channel Futures
  • RISC-V
  • Dark Reading
  • ITPro Today
  • Web Hosting Talk

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Login/Register

FOLLOW IoT World Today ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X