In the last two years, Internet of Things (IoT) has grown exponentially, increasing its presence in our lives. Nowadays, we have TVs connected to the internet, cars connected to the internet, cameras in our garage that send us images through the internet, and everything you can imagine will be on the internet in the short term.
However, there are several reasons to be cautious regarding IoT security: these devices can be easily hacked due to their (poor-security) design, they can be used to violate our privacy, or they can be used to attack other targets, as it happened with Dyn Attack last year.
One of the main reasons why IoT devices are vulnerable is different vendors use different communication protocols, which increases the complexity of establishing security standards. Moreover, some security protocols are not compatible with energy-saving policies. Besides, the time-to-market challenge vs. security is also another dilemma.
Our review from experts’ publications allowed us to identify some solutions like the use of a standard protocol for encryption, authentication, and authorization for IoT communications. Besides, analytics technologies that evaluate the device’s behavior of the devices seem to be a promising path.
Simple security solution approach for HTTP-running IoT devices
The following Node.js code proposes a monitor server that records information from usage indicators on the device (we assume in the example that the device runs an HTTP server). It also registers the failures to detect possible Denial of Service (DoS) attacks. Logged information can be analyzed to detect functional faults and to trigger alerts. Machine learning and other big data techniques can be used for processing the information.
IoT Security represents a big challenge for the IT community. We must face it responsibly. Take some time to evaluate your security threats while developing an IoT system; you’ll save a lot of time and money. ?
