The Internet of Things (IoT) enables billions of Web connected devices to exchange meaningful information without human intervention. It has the power to revolutionise the retail business, hospitality, healthcare and other sectors. To ensure IoT based devices are connected to each other properly, open source software now plays an increasingly important role.
Today, more devices are connected to the Internet than people. Cisco predicts that 50 billion devices will be connected to the Internet by 2020 and over 60 billion by the end of 2025, nearly five times the expected population at that time. The IoT helps these devices to connect to each other automatically.
IoT is transforming how individuals and organisations connect with customers, suppliers, partners and other individuals. It is all about connecting sensors, actuators and devices to a network and enabling the collection, exchange and analysis of the information generated.
Hardware innovations like the Raspberry Pi are making it easier, faster and cheaper to develop new devices. Networking standards for low power networks, like LoRaWAN or NB-IOT, create new opportunities for connecting very small devices to a network. New standards are being deployed specifically for IoT use cases. These include MQTT for messaging, OMA Lightweight M2M for device management, or W3C Web of Things and one M2M for service inter-portability. Finally, there has been significant improvement in data storage, data analysis and event processing, making it possible to support the amount of data generated in large scale IoT based systems.
Let us look at the example of an intelligent device like a camera that monitors the road for congestion, traffic accidents and weather conditions. In the world of IoT, the camera relays that information to a gateway, combines it with data from other traffic cameras and forges a citywide traffic monitoring system, that is in turn connected to other traffic systems. If a traffic camera detects a car accident on a main road, for instance, that information is sent to a central city traffic system to enable traffic to be rerouted in order to avoid the accident spot.
Open source software
Open source software, as we all know, can be used freely. Programmers write the code. Other people can use and change the code to a certain extent, depending on the licence. The process of changing the original code is known as upstreaming, and those who make the change become contributors. Resources and community websites are the main examples where such open source code is available free. Though misinformation can exist in such communities, the openness allows errors to be detected and corrected in real-time.
Open source software is closely related to IoT. Contemporary storage and processing devices cannot manage the amount of data collected by IoT devices. Advances in computer science such as AI and data mining are helping in this regard by providing standard analytical tools. Open source Big Data tools make IoT data readable.
In tandem with the emerging IoT industry, the general software industry has moved towards open source as being a key supplier of critical software components. The major open source software used in IoT systems include:
- Operating system: Linux
- Big Data: Apache Hadoop, Apache Cassandra
- Middleware: Apache HTTP Server, Apache Tomcat, Eclipse Jetty
- Cloud: Open Stack, Cloud Foundry, Kubernetes
- Microservices: Docker
Open source standards provide a basis for communication among IoT devices. The Open Connectivity Foundation (OCF) and the Linux Foundation, for example, are working on a project called IoTivity to provide a framework to connect billions of IoT devices.
Open source software also play a key role in the security of IoT. Developers and cyber security experts can conduct security audits, which systematically review the source code of cyber attacks.
IoT devices do face risks, which the industries producing them are generally unprepared to deal with. Time after time, we see new data violations aimed at harming IoT products which make us increasingly cautious about buying them, with good reason. IoT devices are frequently under the threat of being hacked. In 2018, 21 per cent of the companies surveyed reported data violations or cyber attacks due to unsecured IoT devices, according to a Ponemon Institute (US based) survey. Ensuring enterprise security is a major concern for businesses. In the online world, hacks are primarily focused on identity theft, credit card fraud, etc.
IoT vendors always work hard at implementing many of the basics when building IoT devices securely. Consider the case of security cameras. In case they are used with the same compulsory password or if it is difficult to update faulty firmware in them, then there is plenty of room for security breaches.
Protecting user information in case of credit card numbers, home addresses, or possibly more sensitive details like medical records, are some of the situations in which the security of IoT devices comes into play. With several such challenges, open source technologies may offer these manufacturers a way to develop innovative and powerful software that is more secure, while keeping up with the latest developments in the industry.
Companies that develop IoT devices should follow certain steps in order to keep their customers and their data secure:
- Encrypt user data.
- Allow users to change passwords of IoT devices from time to time. This helps to reduce the chances that a hacker could reuse a single password to harness thousands of devices (or more) for their own evil purposes.
- Use proven open source components for application development. An automated SCA (software composition analysis) tool can also alert developers to newly discovered vulnerabilities as soon as they are disclosed, giving their team the time to implement the patch before hackers have an opportunity to exploit customer applications.
- Not collect more information than is needed from IoT devices.
IoT is growing rapidly, spurred by a culture that demands digital connectivity and smart devices that can be applied to all areas of life. Many people don’t realise just how vulnerable they can be when making the most of the IoT. There are several security and privacy risks that pose a serious threat. Any device that shares a wireless network is inherently at risk of a security breach – when someone gains access to your smart devices, he or she can harvest your data and manipulate or use it.
How to provide security to IoT based systems
The following steps can be adopted to secure your family of IoT devices.
Let’s start with the router: The router is said to be the ‘front door’ to your smart home, and this is what you need to secure first. So it is advised to invest in a well-known router that comes with a higher degree of security, as standard.
Create a secondary or guest network: You can create multiple networks on your Wi -Fi router. Create networks with parental controls for children, guest networks with potential controls, or guest networks for visitors. You can create additional networks if required. By doing this, one can prevent potential hackers from accessing sensitive data, shared files, and other bits and pieces from other devices.
Check your IoT devices’ settings and keep them updated: Your IoT device probably comes with default settings and you may change them if required.
Enable two-factor authentication: Two-factor authentication is an additional security layer on top of a device password that requires secondary authentication. It is a one-time code sent via email or SMS before access is granted.
Disable UPnP features: IoT devices tend to have Universal Plug in and Play (UPnP) features, enabling different devices to find and connect to one another. This may help third-party attackers.
How to provide security to data centres connected to IoT systems
The increasing digitalisation and automation of several devices deployed across different areas of modern urban environments are set to create new security challenges for many industries. These challenges will soon explode, since the Big Data created as a result of the billions of devices in use drastically increases security complexity. Both personal data (consumer driven) and Big Data (enterprise driven) are created by IoT devices. As consumers use more apps and IoT devices, more data is generated.
Today IoT devices need more storage capacity and IoT data needs to be stored in a cost-effective and secure manner.
It is important to understand the potential threats to an IoT device and add the appropriate defences while the system is being designed. Retrofitting security defences to a large network of IoT devices in the field is unfeasible, error prone and leaves customers at risk. Threat modelling can help development teams to understand what an attacker might do and why. Security must be provided to IoT architecture at the following zones:
- Field gateway
- Cloud gateway
The Eclipse IoT community is today a pioneer in providing IoT security solutions. For example, Eclipse tinydtls provides an implementation of the DTLS (Datagram Transport Layer Security) protocol, ensuring transport layer security between the device and the server. Eclipse Keti provides an access control service that allows each stack in an IoT solution to protect its resources using a RESTful interface.
Today, most IoT systems are targets for cyber attacks. As a result, encryption is currently gaining importance. Lightweight cryptography is an encryption method that features a small footprint and low computational complexity.
Future-proofing and a flexible approach are two important factors that IoT designers should consider. So they need to adopt ‘security by design’ principles. Future-proofing devices will soon become standard for IoT security. As malicious actors are constantly showing their skills at hacking networks, businesses must be flexible and proactive in their approach to security.