by Ludwig Seitz
The Internet of Things (IoT) has particular security and privacy problems. The Internet Engineering Task Force is designing authentication and authorization mechanisms for the most constrained devices which are part of the Internet of Things.
In many of the applications of Internet of Things (IoT), sensors measure variables such as speed, pressure, consumption, temperature or heart rate, and actuators control physical systems, such as brakes, valves, lights, power circuits, or automated drug dispensers.
What makes these scenarios interesting from a security and privacy perspective, is that they all affect the physical world, sometimes controlling critical infrastructure, and sometimes gathering very private information about individuals.
Clearly, there is a need for security and privacy protection in the IoT. Some of the devices used in the IoT have extremely limited memory, processing capacity and battery power; consequently, classical IT security mechanisms are often inadequate to cope with the unique security situations that arise. Many such devices operate on wireless networks, which only offer low bandwidth and which are prone to losing data-packets in transfer.
One would think that Moore's Law would fix these problems over time, by giving us more powerful processors, and cheaper memory modules. However, advances in this area go largely towards reducing the cost per unit, as well as power consumption, and not towards increasing performance.
We therefore need adapted security and privacy mechanisms that allow us to reap the potential benefits of the IoT, without endangering critical infrastructure or individual privacy.
Another problem is fragmentation, since security solutions are either not standardized, or are standardized only for one application area. This affects IT security in general, but IoT is particularly affected owing to the need for interoperability between devices produced by different vendors (otherwise we'd lose the 'Internet' from Internet of Things) and the rapid development of new technologies in that sector.
Privacy protection, on the other hand, depends largely on individual users to understand and configure security settings. This often requires a high level of IT security competence, and is therefore likely to fail more often than not. Addressing this issue is likely to greatly improve public acceptance of IoT consumer end products.
Currently the Internet Engineering Task Force (IETF) is working on various security topics related to the IoT. IETF is a large, international standardization organization, with a wide range of Internet related working groups. IETF has developed a number of protocols aimed at IoT applications, such as 6LoWPan, CoAP, and DTLS, and it currently has two working groups active in IoT security. The first, DICE, deals with adapting the DTLS [1] protocol to constrained environments, while the second, ACE, addresses authentication and authorization in constrained environments [2].
An example of the limitations that affect constrained devices is memory: it is assumed that the smallest devices capable of implementing some meaningful security measures would have around 10 KB of RAM memory and roughly 100 KB of persistent memory (e.g. flash-memory). As a comparison, the certificates that are sent over the network and processed as part of the HTTPS protocol (and the underlying TLS protocol) have a size of at least 2 KB, and would therefore require a sizable part of the small device's memory, making normal operation difficult.
The author with a sensor node.
While DICE’s work will result in a protocol that allows these tiny devices to establish secure connections, the next security and privacy relevant question is what a device is allowed to do when it has successfully and securely connected to another. In traditional web services, these questions are answered by access control systems that usually query a database of authorization policies, defining who may access what under which circumstances.
It is obvious that the access control mechanisms designed for powerful servers cannot be applied for IoT without adapting them to the resource constraints described above. To this end, ACE is examining mechanisms where, for example, the burden of making access control decisions is shifted to a more powerful trusted third party and the device just has to enforce these access control decisions.
Thus the work on securing the IoT is ongoing, and the repercussions of the decisions that are made now will be affecting us for many years to come.
Links:
(1) DICE WG: http://datatracker.ietf.org/wg/dice
(2) ACE WG: http://datatracker.ietf.org/wg/ace
References:
[1] E. Rescorla, N. Modadugu, “Datagram Transport Layer Security Version 1.2", RFC. 6347, January 2012, http://www.rfc-editor.org/info/rfc6347.
[2] L.Seitz, G. Selander, C. Gehrmann: “Authorization Framework for the Internet-of-Things”, D-SPAN 2013.
Please contact:
Ludwig Seitz, SICS Swedish ICT
Tel: +46 703 49 9251
E-mail:
