Wi-Fi, is and will be the most significant connection mechanism for the IoT due to the fact that the infrastructure to enable this securely exists already.
Other connectivity methods like Bluetooth Low Energy (LE) are less widespread and as such have fewer tools and ways to hack into them. Each have their own levels of security but need an infrastructure in place in order to support them. For IoT to be widely-deployed using Wi-Fi, significant barriers, including network security, need to be addressed.
In the home or enterprise space, everyone uses a single wireless network and populates the same pre-shared key to connect to the network. The concern here is the proliferation of the key and so putting in the right level of security for these new devices connecting to the network needs to be dealt with appropriately to avoid becoming an easy hacking gateway.
What we need to address first is the fact that it is not about how secure the network is, but how secure the device is to which it is connecting. Devices that usually connect to the network are low-cost such as sensors that are significantly cheaper than the usual Wi-Fi client and which have significantly less capability to protect themselves and the wireless network to which they attach themselves. These devices need to be easily configured and because of this, can be easily hacked, leaving the credential used to access the network exposed.
Context Information Security recently found this to be the case when demonstrating the security vulnerabilities of a smart light bulb. By gaining access to the master bulb, researchers were able to control all connected light bulbs and so expose user network configurations.
Using a pre-shared key is the typical way that these light bulbs and other devices connect to a network. The problem this evokes in traditional wireless networks however is that with a single pre-shared key, organisations end up needing a different wireless network for every device that they connect to the IoT, which is unfeasible. In addition to this, pre-shared keys can be easily discovered. With credentials at risk, it makes sense that this credential should have limited rights on that network.
Why? The primary concern with the IoT is the potential to capture credentials, particularly when you consider what the credential can do. This could range from controlling a light bulb, to refrigerators controlling temperature, to sporting equipment that feeds personal information to devices.
If using a pre-shared key to connect to the network, then that network should be locked and the device should have limited functionality. By using private pre-shared keys, an organisation can have different keys for different devices, each with different rights on the network. One group of keys could be used for guest access or BYOD. Meanwhile, another group of keys could be used for building management with a very controlled firewall policy that only allows the building systems to make changes. Lighting systems could be controlled by yet another group of keys, which may have their own firewall policy allowing corporate users to adjust the lighting in the meeting rooms, but not in the corridors.
This approach would provide users with the ability to have thousands of different pre-shared keys on a single network with different connection profiles, including firewalls and VLANs. So, in the Context scenario, should one light bulb be compromised, this threat couldn't impact on another light bulb as that pre-shared key would not have the right to do so. The threat of this compromise would be limited.
It is also absolutely essential that the credentials used are of little value to anyone that hacks into the network. A simple and secure way of authenticating and identifying the devices is needed. By allowing devices onto the network and giving them the appropriate access for that device type, organisations need to manage the threat when that credential is compromised, so that the credential has limited value to the hacker.
The most obvious way to do this would be putting individual certificates on the device to truly authenticate them. This, however, would be costly and complex. To circumvent this, businesses will instead end up using different networks for different types of devices. Using different networks would also waste time and resource, and becomes complicated for the user and will slow down overall performance.
What is needed is a simpler way to overcome this barrier to ensure all devices are managed securely from one access point.
In Wi-Fi terms, IoT is this is this year's BYOD and organisations are facing exactly the same security problems. As IoT consolidates itself for the next wave for networking, the industry will come up with many solutions to fix these issues.
What we need to bear in mind however is that the IoT is going to change and expand. Making sure the infrastructure can support different scenarios at the same time is going to be a challenge. Discussions about the security vulnerabilities of the IoT in terms of building management and personal interfaces to the network may be taking place now, but there still remains a vast array of scenarios that need to be connected to the IoT such as cars and infrastructure. It is when we consider this type of scenario that security concerns are heightened and with that, the solutions to allay these fears become more urgent.
Contributted by Philip Keeley, principal systems engineer, Aerohive Networks