Protecting Devices From Data Breach: Identity of Things (IDoT)

IoT Ecosystem

It is a necessity to protect IoT devices and their associated data. As the IoT ecosystem continues to expand, the need to create an identity to newly-connected things is becoming increasingly crucial. These ‘things’ can include anything from basic sensors and gateways to industrial controls systems, retail terminals and scanners, and kiosks to medical devices, heating and lighting systems, connected homes, and smart cars.

Identity and authentication for the IoT enables the use of foundational information security concepts, including confidentiality, integrity, availability, authentication, and non-repudiation. At the core, identity binds credentials. It allows an operator to well manage IoT devices, define access, set policies, and secure communications to protect devices and data. But within the Identity of Things (IDoT), how does one clearly define the credential and the accompanying authentication and encryption services?

Identity and Access Management

The Cloud Security Alliance (CSA) first raised this issue back in September 2015 when the organization released a Summary Guidance on Identity and Access Management (IAM) for the IoT. Within the document, the CSA emphasized the importance of properly identifying things in order to enable authentication, encryption, and data integrity in an ecosystem. Currently, there are more than 20 different study groups, consortiums, alliances, and standards initiatives working toward creating a secure framework for the IDoT.

connected-iot

Issues such as scale, power and computational constraints, ruggedized requirements, energy limitations, increased number and variation of connectivity protocols, and cost factors, among others, make it difficult to simply impose a legacy enterprise IAM or credential management solution. Furthermore, while scenarios for IoT authentication are numerous, there are three notable challenges: token-based authentication currently only works for HTTP, symmetric key mechanisms require input at manufacture, and standard Public Key Infrastructure (PKI) is generally considered impracticable for constrained environments.

Cybersecurity Obstacles

The three obstacles are ones the cybersecurity industry is working diligently to overcome. For token-based authentication, new methods need to be devised for all the new connectivity vectors (cellular, Bluetooth, Wi-Fi, NFC, RFID, etc.), either as one, convergent authentication method or one for each vector. Both approaches will require significant research and development.

Alternatively, and with some modifications, symmetric key mechanisms can be adapted for the IDoT. For example, Digital Short Range communications (DSRC), used in vehicle-to-vehicle communications, supports a much smaller certificate structure than the standard X.509. Meanwhile, the use of certificates requires some form of central mechanisms and management structure, such as PKI. In fact, many (and notably certification authorities) tout PKI as the contending standard for identification, encryption, and authentication of IoT devices, but traditional PKI does not scale well for the IoT. A more dynamic key architecture may need to be developed. Essentially the method chosen will depend on the constrained devices in question and their respective environment.

From a private sector perspective, a number of firms are already promoting authentication, identity, and related management services to address the challenges head-on. The movement in the private sector is dynamic, with numerous firms—from startups to big players in the enterprise IAM and authentication and key management space—investing in the IoT market. While some are offering data-centric security platforms for IoT and M2M, others are developing cloud-based IoT security platforms to create and manage digital identities. The solutions are wide-ranging and varied.

In all, the IDoT market opportunity is still nascent, but it is evidently expanding quickly. Most pressing is the development of adapted identity solutions. These solutions will need to revolve around data centric encryption, dynamic certificates and key architecture.

By Michela Menting

EV Sales

Growth of Electric Vehicles – Heading In The Right Direction

Growth of Electric Vehicles The global electric vehicle market is projected to reach $802.81 billion by 2027, registering a CAGR of 22.6%.1 The highest revenue contributor was Asia-Pacific, which is estimated to reach $357.81 billion ...
Move bot migration

MoveBot – New Data Transfer Platform

Data Transfer Platform Branded post by Movebot As cloud computing and storage continue to provide enhanced ROI to organizations, businesses are storing their data on the cloud– instead of on-premise servers. Storage migration is an ...
Ronald van Loon

Reimagine Contact Centers with AI and Cloud

Contact Centers with AI and Cloud Contact centers have experienced overwhelming strain since the onset of the pandemic and for many organizations this chaotic trajectory has continued. In the travel industry, for example, airlines are ...
Rajesh Khanna

How to Re-imagine DSP’s Contact Centers with Intelligent Process Automation

Intelligent Process Automation Enable agents to work smarter, reduce call volume, and improve efficiency The current state of Digital Service Providers’ (DSPs) manual or semi-automated contact centers is no more enough to provide customer delight, ...
RPA-Data

How Digital Service Providers (DSPs) can Leverage RPA to Accelerate Data Migration by 2X

Accelerate Data Migration by 2X Ongoing trends in the Telco/DSP industry such as M&As, migration of the application to the cloud, and modernization of legacy applications have increased the frequency and scope of data migration ...

PROXY SERVICES

The CloudTweaks technology lists will include updated resources to leading services from around the globe. Examples include leading IT Monitoring Services, Bootcamps, VPNs, CDNs, Reseller Programs and much more...

  • Smartproxy

    Smartproxy

    Smartproxy is a rising star in the constantly growing proxy market. Smartproxy offers awarded customer service, impressive performance, and is serious about your anonymity (yes, cybersecurity matters). The latest features developed by Smartproxy are 30 minute long sticky sessions and Google Proxies. Rumor has it, the latter guarantee 100% success rate

  • Bright Data

    Bright Data

    Bright Data’s network is one of the most robust of its kind globally. Here are its stark advantages: Extremely stable connection for long sessions (99.99% uptime guaranteed). Free to integrate with our Proxy Manager which allows you to define custom rules for optimized results. Send unlimited concurrent requests increasing speed, cost-effectiveness, and overall efficiency.

  • Rsocks

    Rsocks

    RSocks team offers a huge amount of residential plans which were developed for plenty of tasks and, most importantly, has been proved to be quite efficient. Such variety has been created on purpose to let everyone choose a plan for a reasonable price, online, rotation and other parameters.

  • Storm Proxies

    Storm Proxies

    Storm Proxies' network is optimized for high performance and fast multi-threaded tools. You get unlimited bandwidth. No hidden costs, no limits on bandwidth. Try Storm Proxies 100% Risk Free. If you are not happy with the service email us within 24 hours of purchase and we will refund you.