Thoughts on building a security model for the Internet of Things

Due to the lack of human supervision and the lack of common security measures, countless and different types of IoT devices are becoming potential targets of attack. These devices include cars, electric motors, water supply pumps, etc. Let's learn about the relevant content with the network communication editor.

The network system of the Ukrainian power company was hacked at the end of 2015, resulting in a large-scale power outage in the western region. In this incident, many substations were offline and more than 230,000 homes and offices suffered a power outage of up to 6 hours. "The attackers even modified the firmware of key equipment so that they could not be remotely controlled and cut off. Other equipment had to be manually controlled for several months afterwards,"

said Rob Black, senior director of product management at ThingWorx.

Image: Rob Black, senior director of product management at ThingWorx

This is the first cyber attack that has caused a power outage in history. The attack on the industrial control system is undoubtedly a milestone and has attracted great attention from domestic and foreign media. It is reported that the attack came from a Russian hacker group and the malware used is called BlackEnergy.

Figure: BlackEnergy attack process

Last July, two hackers remotely controlled a Grand Cherokee and drove it at 70 miles per hour on the highway. They wirelessly turned the wipers on and off, turned the air conditioning to full blast, switched to different radio stations while driving, and then disabled the transmission function so the Jeep slowed down when it reached the interstate.

The two hackers wanted to publicize the security risks posed by the Internet of Things in cars, and it did have an effect - it eventually led to 1.4 million cars being recalled and patched against their systems.

Unfortunately, most companies can’t simply recall cars and patch their computing systems to address the security issues brought about by the Internet of Things. The biggest questions facing companies today are: Given that IoT devices are already widely used and spread throughout the enterprise, how secure are their production environments? And how easy is it to hack into corporate networks through these IoT devices? How can companies protect themselves?

IoT security is different from cloud platform security

The security of IoT is different from that of the cloud. The cloud has a well-defined security model and limited entry points, while the IoT has a wider range of attack targets due to different device types, operating systems, and protocols.

In terms of user management on cloud platforms, it is usually only necessary to grant access rights to a specific person for a specific project. However, IoT devices require a more complex authorization and permission model. IoT devices can authenticate themselves as an individual or a representative of an individual.

Some companies are aware of the danger, but because they have not yet used IoT applications on a large scale, they have not taken action. But do they really know how many of their devices are connected to the network and exposed to risks?

Shodan is a search engine that specifically searches for Internet-connected devices. Unlike traditional search engines such as Google, which use web crawlers to traverse your entire website, Shodan goes directly to the back channels of the Internet, audits various ports of devices, and constantly searches for all devices related to the Internet.

Every month, Shodan collects information on about 500 million network devices around the clock, and its search capabilities are extremely amazing, including countless traffic lights, security cameras, home automation devices, ice hockey stadiums, and even factory control systems and nuclear power plants. Most of these devices are connected to the network through an internal application by the manufacturer or a third party.

Most of these devices have very limited security features, and in many cases, no password is even required to connect to the device. Even if there is one, it uses a username like "Admin" and a very simple password like "1234". 70% of the devices still communicate in text format, making it easy to hack these devices even with more secure passwords.

Millions of devices are also using very outdated versions of software—software with well-known vulnerabilities and weaknesses. So, the problem for many companies isn’t even how to start an IoT project; their problem is how to manage and secure the unknown pieces of IoT that already exist.

A possible general security model

There is currently no universal security model specifically for the Internet of Things, however, the security architecture shown in the following figure can be used as a basis.

Figure 1. Elements and interactive objects covered by the Internet of Things

In Figure 1, I have highlighted the different elements of the IoT and the objects they interact with.

1. Devices are real objects connected to the Internet

2. Network infrastructure connects devices to the IoT platform

3. The operation platform provides the infrastructure for application development

4. An IoT platform is a set of components that can communicate with devices, manage them, and run applications

5. Development refers to the process of implementing IoT applications

6. Applications create additional business value by monitoring, managing, and controlling network devices

Figure 2. A general security model

The generic security model given in Figure 2 explains how IoT security responsibilities should be divided among different partners. Starting from the top, the customer is responsible for protecting various devices, denying unauthorized access and managing user accounts.

The IoT platform simplifies tasks by integrating visibility and permissions that can be used without coding. For example, regions, departments, and locations can be defined, and users can only access objects in their own region and not in other regions. Functional roles can also be created within an organization, such as "Service Manager", and the "Service Manager" role can also be assigned to new users, who automatically receive all the rights of the assigned role.

Ideally, with the help of connection servers, the IoT platform will provide the option of working in a "demilitarized zone (DMZ)" when the platform itself is located within the firewall. If the IoT platform is located within the internal network, even the most determined external attacker will have a great deal of difficulty. Good network concepts can help organizations better protect their IoT infrastructure.

Application developers can use the appropriate tools provided by leading platforms to implement best practices, such as the Open Web Application Security Project (OWASP) TOP 10, which are weaknesses that should be avoided when developing web applications. The U.S. Federal Trade Commission (FTC) strongly recommends that all companies follow the top ten web vulnerability protection guidelines published by OWASP.

SQL injection is one of the top ten problems. It means that the program directly uses a string input by the user to piece together SQL statements, which allows users to control SQL statements, such as adding delete behavior, bypassing user password verification, etc. The solution is to call SQL in parameter form/use stored procedures (do not use dynamic SQL to piece together statements in stored procedures)/use frameworks such as Linq and EF to write (do not use the direct SQL statement method in them). The IoT platform can prevent this attack by parameterising input and directly stopping SQL queries.

However, some of the responsibility for IoT security should be borne by developers. Through the Transport Layer Security protocol (TLS), most IoT platforms have the ability to provide encryption for device communication processes. Of course, this capability must be activated by the developer.

No matter how much attention is paid to security during the development of an application, the possibility of attack always exists, so it is critical to have a protection mechanism in place that allows each layer to be repeatedly updated to the latest version.

Therefore, an IoT platform should not only provide integrated software and content management capabilities, but also support automatic distribution of updates. More sophisticated platforms will also include options for how to distribute these updates. This means that you can import and test these options on a small number of devices before performing regular updates on all devices.

A common security model and many other features simplify the process of IoT application development and implementation. So you can optimize the performance of your widely distributed devices while ensuring protection against unauthorized malicious use.

The above is a detailed introduction by the editor of eeworld electronic engineering network network communication on the thinking materials on the construction of the Internet of Things security model. I hope that through the editor’s explanation, it can bring new insights to everyone. Pay attention to eeworld and electronic engineering, and you will be introduced to more relevant knowledge about semiconductors.