Home / Blogs

IoT Devices Will Never Be Secure - Enter the Programmable Networks

Juha Holkkola

Harvard Business Review just ran an interesting article on the information security aspects of Internet of Things (IoT). Based on the storyline, the smart city initiatives are doomed to fail unless the security of the IoT devices and the systems will be improved. While security of the digital society is obviously a key concern, I am not entirely convinced that relying on the security of individual devices and systems is the best course of action.

The biggest problem with IoT security is that most devices are going to be relatively simple and inexpensive connected things. The bandwidth consumption of these devices should be kept to the minimum to save bandwidth. Yet at the same time, security is supposed to be a continuous process. This involves a party that is responsible for keeping an eye on the various security vulnerabilities that emerge from time to time, and another one to make sure that suitable patches are being prepared and applied on timely basis.

While with smartphones, laptops, and servers, this work has commonly fallen under the responsibility of the device manufacturer, it is largely because they have been able to generate considerable service revenue from this work. Considering the much lower cost of IoT devices, it is likely that only a small percentage of IoT device users will be willing to pay a premium for such a service. Due to this dynamic, even the devices that leave the factory floor in pristine condition, face the risk of becoming compromised over time.

Therefore, it seems to me that looking at IoT device manufacturers as the likely saviours is wishful thinking at best. The business logic just is not there.

So where to look for answers?

When people think about Internet security, they often forget how the security is being taken care off in the physical world. Rather than trying to lock down and protect every single belonging in one's household, we tend to rely on locked doors and alarm systems that protect the perimeters of our homes. The things we keep in our houses tend to be reasonably secure, so long as the doors are locked properly, and the windows are not left open.

In much the same way, the IoT devices should be placed within the boundaries of protected network environments. While every IoT device will never be secure, the associated risks are well contained so long as the perimeter of each machine network is secure. To provide an analogy, my keys are not secure if I leave them on the table at Starbucks — but if I place them on a desk at the safety of my home, the situation changes completely.

Over the last couple of years, the network industry has developed technologies such as Software-Defined Wide Area Networking (SD-WAN) and Network Functions Virtualization (NFV) that allow new networks and security services to be deployed automatically. Although these technologies are not widely used for this purpose yet, they hold the key for securing smart cities as well as any other IoT use case the world holds in store for us.

That is why I believe that the future of IoT security lies in programmable networks and the service providers that operate them for us.

By Juha Holkkola, Co-Founder and Chief Technologist at FusionLayer Inc.

Related topics: Access Providers, Cyberattack, Cybercrime, Cybersecurity, Data Center, Internet of Things, Malware, Networks, Telecom

 
   

Don't miss a thing – get the Weekly Wrap delivered to your inbox.

Comments

Have you seen the recent Geoff Huston presentation on IoT security? Mike Burns  –  May 16, 2017 11:55 AM PDT

https://ripe74.ripe.net/archives/video/48/

Can the author comment more on how exactly SD-WAN and NFV will provide security for IoT devices by surrounding them inside a virtual perimeter?

Thanks for the link - I hadn't Juha Holkkola  –  May 16, 2017 2:50 PM PDT

Thanks for the link - I hadn't seen Geoff's speech before but really liked it.

Assuming that the device manufacturers are unable to produce secure things that the public would be willing to buy, I think we have to change something else in the equation. Given the advances that have been made on the networking side, that's the direction from which I would start looking for answers.

As far as SD-WAN goes, it is mostly used for enterprise connectivity between data centres and branches. But as the technology matures, I don't think it would be outside the realm of possibility to think that CSPs would start offering cloud-based SD-WAN services that would offer dedicated virtual overlay networks at price points that made them available to pretty much everyone.

Once we move on to 5G, one possibility would be to use smart phones as vCPEs that are part of the SD-WAN. With this kind of setup, networks wouldn't necessarily be tied up to physical devices at all. Rather, one could set up a new private network segment pretty much anywhere and use that to provide a WiFi, Bluetooth or NFC connectivity for different things.

Now, assuming that our things connected to the public Internet via a private network established between the vCPE and the cloud DC, there are a lot of different services that could be used to enhance the security even further. For example various kinds of scrubbing services, unified threat management and application sensitive routing come to mind. The NFV part comes into the picture when these services are deployed (at the edge) as virtual network functions.

While I do appreciate the fact that all the technologies I've described above are still in their infancy, they are are already there and could be used today to create very secure network environments. For now, this would be a cost-prohibitive approach to most use cases, but I believe that economies of scale could drive down the prices to a very reasonable level over time.  Much like the microprocessors that Geoff talked about.

To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Dig Deeper

DNS Security

Sponsored by Afilias

IP Addressing

Sponsored by Avenue4 LLC

Mobile Internet

Sponsored by Afilias Mobile & Web Services

Cybersecurity

Sponsored by Verisign

Promoted Posts

Buying or Selling IPv4 Addresses?

Watch this video to discover how ACCELR/8, a transformative IPv4 market solution developed by industry veterans Marc Lindsey and Janine Goodman, enables organizations to buy or sell blocks as small as /20s. more»

Industry Updates – Sponsored Posts

Verisign Named to the Online Trust Alliance's 2017 Audit and Honor Roll

Attacks Decrease by 23 Precent in 1st Quarter While Peak Attack Sizes Increase: DDoS Trends Report

Leading Internet Associations Strengthen Cooperation

Verisign Releases Q4 2016 DDoS Trends Report: 167% Increase in Average Peak Attack from 2015 to 2016

Neustar to be Acquired by Private Investment Group Led by Golden Gate Capital

Verisign Q3 2016 DDoS Trends Report: User Datagram Protocol (UDP) Flood Attacks Continue to Dominate

2016 U.S. Election: An Internet Forecast

Government Guidance for Email Authentication Has Arrived in USA and UK

ValiMail Raises $12M for Its Email Authentication Service

Don't Gamble With Your DNS

Defending Against Layer 7 DDoS Attacks

Understanding the Risks of the Dark Web

New TLD? Make Sure It's Secure

Verisign Releases Q2 2016 DDoS Trends Report - Layer 7 DDoS Attacks a Growing Trend

How Savvy DDoS Attackers Are Using DNSSEC Against Us

Facilitating a Trusted Web Space for Financial Service Professionals

MarkMonitor Partners with CYREN to Deepen Visibility into Global Phishing Attacks

Verisign Named to the Online Trust Alliance's 2016 Honor Roll

Verisign Q1 2016 DDoS Trends: Attack Activity Increases 111 Percent Year Over Year

Is Your TLD Threat Mitigation Strategy up to Scratch?