Following the news that Internet of Things security is under scrutiny as Apple moves to introduce its smart home system, Toyin Adelakun, Vice President, Sestus explains why the same constraints and principles apply to Internet of Things security:
“It always helps to go back to first principles when considering a fresh security challenge, or an existing challenge on a new scale or in a new context. Security first principles are expressed in terms of the "CIA" triad that reflects the central requirement to safeguard the Confidentiality, Integrity and Availability of data and systems. These constraints apply at the level of the data itself, and at also the level of its use and management. The Internet of Things presents security challenges in a new context (increasingly autonomous machine-to-machine communications) and on a new scale (many billions of devices and appliances, rather than a few billions of people) — but the same constraints and principles apply.
“So, it might be useful that my energy meter can be queried — but only by the billing system of my energy utility company, and not, for example, by my ISP: that is one possible confidentiality constraint. It will also be important that the data sent from my meter to the utility cannot be interfered with — for instance, by a hacker wishing to inflate my energy bill: that is an integrity constraint. Moreover, it should not be possible for an ISP, hacker or any other malevolent party to disconnect or block the communications to or from my energy meter: that is an availability constraint.
“Even these trivial examples indicate that there is no single biggest barrier to IoT adoption. Sestus’ approach to IoT challenges is to enable device manufacturers, service providers and end-users to strongly identify devices to one another, and thus provide a cryptographically-strong mutual authentication foundation upon which trusted communications can be built. But overall, perhaps the most important security principle is “defend in depth”. The success of IoT will likely have a lot to do with the ease of creating multiple cooperating layers of security for all IoT participants.”