This Device Is Smarter Than Me: Enhancing IoT Security
By David Balaban
Sometimes, we tend to scold different devices, calling them stupid, when we cannot cope with them and they do something “wrong” or not what we expect. The topic that has to do with various problems awaiting us if artificial intelligence gains unconditional superiority over humans cannot but capture the imagination of everyone who has it.
However, today, there is a more acute problem of risks associated with the fact that we overestimate the capabilities of so-called smart technologies, sometimes entrusting them too much–decision making.
Connected cameras already surround us. Data received from these cameras has a direct impact on making many critical decisions and data from these cameras is transmitted via public channels. We have already had many cases of man-in-the-middle (MITM) attacks happening to IoT cameras. Such attacks allow the criminal to substitute and manipulate data solving his treacherous tasks, which can be very dangerous, especially in the context of moving to biometric identification and authorization. Hackers may accumulate data on thousands or even millions of citizens for future use in their rogue operations.
There are two options to “fix” this problem. They are quite obvious: replace cameras with those that have encryption tools of protection of class KC2 or higher or integrate hardware security modules (HSM) into all cameras. This will make the process of collecting data from cameras very secure. The cost of adding security modules into cameras is cheaper than the replacement of all cameras.
Home automation or “Domotics” is more and more associated with danger than with progress. Devices interacting over the network, at best, may fall under the control of not their own owner, but his ill-wisher, and at worst they will adopt artificial intelligence and rebel, however, this is not expected to happen very soon. You can draw many scenarios of this situation, both funny and scary. Leaving this task to the Sci-Fi writers, we can solve the problem radically – to protect the communication channels of IoT devices.
The criminal will no longer be able to turn off your refrigerator if you use a hardware crypto gateway as the concentrator of the streams of information between IoT systems. The smart home may become safer, but the problem again comes down to the point – should we adjust protection to fit the technology or change the technology to be more secure. The answer depends on how much can be spent.
If we take an ATM as an example, then at first glance, everything is pretty simple here. It consists of a dispenser, a computer, and some peripheral equipment. The computer interacts with the central processing center (for example, via IP protocol) and is often connected to a dispenser and other peripheral equipment using a USB cable. When working with an ATM, your data is read from a plastic card number, and the PIN is entered using the keyboard. All this is transferred to a processing center, where authorization is performed. If everything is OK, the requested amount of money can be withdrawn, and the ATM computer sends the corresponding command to the dispenser. Not many protection mechanisms are used here. It is just the dispenser that is located in a safe.
Such a very simplified description is already enough to understand what to do. It is necessary to protect the communication channels the data travels, both from the processing center to the ATM computer and from the computer to the dispenser to eliminate malicious redirects and man-in-the-middle attacks. In addition, it is necessary to ensure the integrity of the software and hardware environments of the computer. Again, hardware security modules come handy here making financial communications more secure.
Let’s use a railway as a model. If we consider it from the point of view of the network interaction of different connected objects, then we will see three global types of objects: trains, equipment at numerous local stations, and a central computer. The main interaction takes place between the trains and the central computer. It creates a schedule, accumulates data from trains, and sends out corrections based on real-time data. Station equipment also sends data on trains and passengers to the central computer. It also receives schedule adjustments and performs various auxiliary functions. Trains interact in parallel with station equipment and with the central computer, sending data and receiving instructions and corrections.
Obviously, a violation of this interaction can have extremely dangerous consequences, and it is also clear that the means of protection of this interaction must be unified. At the same time, it should be adapted to work in completely different conditions. Computers placed in trains work in conditions of constant vibration and temperature changes, and in general, they are built in a different way than your home PC. At the stations, the equipment is just a rack of servers. And the central computer is a big data center. The task of securing all these pieces is solved either by complex integration or by a universal platform for cryptographic information protection.
Let’s use electric substations as an example. These are objects designed to receive, convert, and distribute electricity. Many of them are located in open spaces, far from any infrastructure, and operate relatively autonomously. Such connected objects inevitably may attract the interest of intruders. Connecting to a substation is not difficult as such objects often do not have the resources to distinguish between legal and illegal requests. The negative effect of such actions is not limited to the uncontrolled consumption of electricity.
A smart substation having an emergency system as part of its control system can treat the load change as an accident and turn on counter-intrusion mechanisms. Plenty of articles and books have been written about manufacturing execution systems (MES). The need to integrate them with high-class cryptographic information protection systems, as well as all the difficulties associated with this, are well known. A number of large enterprises today have many of their infrastructure elements located in different places all around the world. Under unfavorable circumstances, these objects can be breached. The security system of such objects should be built on the assumption that the control center may cease to be a trusted source and its commands should be intellectually processed (with the help of AI) and not simply transferred to execution without any evaluation.
Metering devices have always been objects for “improvements” both from the side of unscrupulous users and from the side of dishonest operators (fee collectors). The Internet is full of tips on how to bypass any meters – from water to electricity.
Smart metering devices have two significant differences from conventional ones:
- They can be controlled remotely.
- They carry in themselves the functionality of not only accounting but also management.
This is completely logical: if the time limit to make a payment has expired or some other pre-assigned event has occurred, the smart meter may turn off the services without the human factor, except that a hacker can send his malicious command. Again, users will not be happy to replace metering devices with new – protected ones at their own expense. The argument that this is for their own security is likely to cause only annoyance. And for operating companies, it is also can be very expensive. A tool that can be installed into an existing system is obviously preferable in this case too.
Not only critical infrastructure needs protection. The need to secure their data is increasingly recognized by businesses, and not only large. For information systems used by businesses, the balance of price and quality becomes especially important. It is not good to overpay for the big brand name, excessive functionality, or to buy unreliable protection for little money.
The conclusion can be clearly seen here. Smart technologies can be safe. It is great if they are secure by design. But if during the design process many security issues were missed, the protection of the system should not lead to disruptions in its functioning. Smart technology should stay smart in every aspect.