Table of Contents
In this module, you learn concepts and strategies to assist in securing your IoT infrastructure. Using the AWS IoT security whitepaper, this introduction into IoT security will enable you to quickly gain familiarity with the terminology and concepts used in AWS IoT.
The AWS security pillar defines security as the ability to protect information, systems, and assets while delivering business value through risk assessments and mitigation strategies. Each of these is discussed during your IoT security introduction journey, starting with the connected IoT devices.
Connected devices are constantly communicating with each other and the cloud using different kinds of wireless communication protocols. IoT provides device software, control services, and data services. Each of these areas is secured and protected with different technologies to protect the infrastructure and ensure that your infrastructure is accessible only by authorized personnel who have a business need.
IoT is all about collecting, analyzing, and acting on gathered data to make informed decisions. Because data is the goal, along with a secure communication channel, it is important that data being generated is encrypted and secured both while moving between devices (in transit) and while in storage (at rest). Encrypting data ensures that any unauthorized user who gains access to the data cannot read or use the data.
Device exploits
An exploit area is a weakness that can be used to compromise the integrity or availability of your IoT application. IoT devices, by nature, are vulnerable. IoT fleets consist of devices that have diverse capabilities, are long-lived, and are geographically distributed. These characteristics, coupled with the growing number of devices, raise questions about how to address security risks posed by IoT devices.
Resource limitations
Many devices have a low level of compute, memory, and storage capabilities, which limit opportunities for implementing security on devices. Even if you have implemented best practices for security, security is a constantly evolving area. To detect and mitigate exploits, organizations should consistently audit device settings and health.
Physical security
To protect users, devices, and companies, IoT devices must be secured and protected. The foundation of IoT security exists within the control, management, and setup of connections between devices. Proper protection helps keep data private, restricts access to devices and cloud resources, offers secure ways to connect to the cloud, and audits device usage. An IoT security strategy reduces vulnerabilities by using policies such as device identity management, encryption, and access control.
Communications
Though communication creates responsive IoT applications, it can also expose IoT security exploits and open up channels for unauthorized users or accidental data leaks.
Skills gap
Hardware engineers traditionally lack the skills to implement proper integration between the cloud and the back end application. Security engineers do not typically understand hardware development well enough to assist the hardware engineers.
IoT security falls into different layers: physical device security, communications, and data. Let’s explore each of these in order.
Device security
The physical devices in your IoT environment can be as different in their primary functions as they are in their physical locations. Teapots, cars, light bulbs, industrial equipment, medical devices, temperature sensors, and more. Although each device performs a different task, each device shares some common attributes. They will each have software that enables them to function, a basic means to communicate to other devices or to a central repository, and each device collects data pertaining to their task.
Physical security
Physical device security deals with the risk or probability of the IoT thing to be physically altered, destroyed, or tampered with. This might be the removal of a device completely, the opening of a device to alter the wiring or tamper with the battery, or simply the destruction of the device, such as the destruction of a security camera during an altercation. Some devices, such as cameras, are more visible than others, such as the sensor inside an elevator engine, and therefore the physical security of the devices partially depends on the accessibility and location.
Software security
When discussing technology and security vulnerabilities, software security is often the first thing that comes to mind. The ability of an unauthorized user to access the software through a vulnerability is often a topic of discussion. Whether you have a handful of IoT devices or a fleet of thousands of devices, a prime planning discussion is how you are going to monitor, maintain, and update the device’s software. Patching and maintenance of devices is critical to their security, and time should be taken to understand your IoT infrastructure, the number and types of devices, and how best to roll out patches and updates.
Secure communications
With thousands of devices gathering data and communicating to each other, the security of the communications channel is an another critical part of your overall security plan. The ability to access data in transit and manipulate, delete, or acquire data as it traverses the network means that the protocols used to transfer the data must be able to inhibit unauthorized access. Using secure protocols enables authentication of the devices and ensures that the sender and receiver are who they say they are. This identification is crucial to maintaining the validity of the data. The use of Transport Layer Security (TLS), certificates, and other authentication mechanisms used to ensure transport security is discussed later in the course.
Data security
IoT is all about collecting, analyzing, and acting on gathered data to make informed decisions. Because data is the goal, along with a secure communication channel, it is important that data being generated is encrypted and secured both while moving between devices (in transit) and while in storage (at rest). Encrypting data ensures that any unauthorized user who gains access to the data cannot read or use the data.
Hi, I’m Vivek, a Senior Embedded Innovation Specialist. I have been working on Embedded Systems and IoT for the past 11 years. I love to share my knowledge and train those who are interested. Nerdyelectronics.com was started out of this interest. You can read my full profile in this link.
