You’ve probably heard of the Internet of things. But, do you know how it will impact cybersecurity? If you’re like most people, the idea of appliances being connected independently to the Internet seems a bit strange. Here’s what it’s all about and why you should care.
LG Mobile Research IoT Security Engineer Harsh Kupwade Patil’s team tried to figure out whether it’s possible to have mutual authentication between devices and devices and users and devices.
That’s important because users will be interacting with devices in the home, and those devices will need to interact with other devices. For example, a smart fridge would need to know whether a user needs to restock the milk, if something has gone bad in the refrigerator, and who uses what.
And, for households with multiple users (i.e. families and couples), the refrigerator needs to be able to cater to everyone’s tastes and preferences. Smart fridges would likely make shopping lists based on the contents of the fridge, user preferences, and other factors, then communicate with local grocery stores to find deals on items, reducing or eliminating shopping hassles.
But, passwords become a problem in this scenario because each person will need to authenticate the fridge (imagine that) before information can be transferred. Patil’s team did discover that mutual authentication is possible, but it’s not simple.
Context-aware security, entirely new gateways and architectures are needed.
Companies, like Sec-Tec.co.uk, who audit and test security systems on networks, have an easier time of testing security because everything exists on the same network and is, more or less, compatible.
But, would this be true of an Internet of things, where the “network” is really an entire Internet of devices trying to talk to each other?
Smart Home Problems
Let’s say you just purchased a new home. It’s a smart house with all the creature comforts and bells and whistles you’d expect. Once you’ve signed on the dotted line, you drive up to see your new home, unlock the door and find that the keys don’t work – the seller is unwilling or unable to give them to you. Now what?
One possible solution is to have a “factory wipe” option where keys can be reset to factory defaults for times when property changes hands. It’s not without its own risks, but it’s a start.
Then there’s smart grids. A power company of the future may have to deal with an attacker who tries to take control of a customer’s smart meter or thermostat, forcing the user to consume (and pay for) more energy than he or she wants to. Or, worse, turns off the power without the user’s consent.
How could the power company know the system had been compromised? This is a complex issue with no clear answer yet.
One of the looming questions about security is on older devices or multiple devices made by different companies, all of which have run out on their warranty. Who will service the security and update the firmware?
This is a challenge because there is no industry set up right now that can handle this, but a new industry could conceivably spring up to take care of the problem.
Dominic Griffiths works as an IT security consultant. He enjoys sharing his cybersecurity insights online. His posts appear on many security blog sites.