Internet Things (or) Internet of things
What is the internet things?
The Internet of Things (IOT) is the interconnection of embedded computing devices with internet. Embedded computing device means, a programmed controlling and operating system with a dedicated function within a hardware system.
Computing devices use sensors and APIs to connect, communicate and exchange data over the Internet.
Examples of IoT devices are; smart watches, connected car, smart security system, smart lock, health monitor, smart wearable devices.
Components used in the internet of things
• Sensors: Sensor is a device, composition of different modules, like energy modules, radio frequency modules and sensing modules.
• Standard Devices: Desktop, tablet, cell phone, router, switches.
• IOT software: This software is responsible for data collection, cooperation between devices, converts data into human analysis pattern and allows access to certain mobile devices or instruments.
• Protocols: Radio frequency identifications (RFID), near field communication (NFC), Bluetooth, wireless, radio protocols, long-term evolution (LTE).
What are the security Concern for IOT?
• Weak authentication mechanism at user interface. For example, weak password policy or default credentials are being used or no account lockout mechanism implemented or two-factor authentication is missing.
• Common vulnerabilities like cross-site scripting, SQL injection, cross-site request forgery at the user interface.
• Communication happens in clear text format or SSL not implemented.
• User role segregation or proper access control not implemented.
• Unnecessary ports are open at the network layer.
• The network may be vulnerable to Denial of service or DOS attack and buffer overflow attack.
• Lack of encryption or weak encryption of data at rest and transmit.
• Cloud based web interface is not secure enough.
• The mobile user interface is not secure enough.
• Logging mechanism is not configured or weakly configured.
• Internet of things (IOT) software is not updated regularly.
• Physical security is missing. The USB port is not blocked.
How to make secure “Things of Internet”?
• Implement strong authentication mechanism for web interfaces, cloud web interfaces and mobile interfaces. Two-factor authentication mechanism is recommendable.
• Make sure proper HTML encoding of special characters are implemented to prevent XSS, Stored procedures are configured to protect against SQL injection, and CSRF token being used for all sensitive pages at web interface level.
• HTTPs protocol with strong encryption algorithm should be used for transmit of data.
• At the network level, disable all ports, which are not required, disable USB port and limit the request number (at a time) comes from user end to prevent DOS attack. In addition, configure character limit for all parameters to prevent buffer overflow attack.
• Enable the logging mechanism to detect malicious activity.
• Update all software on daily basis.
• Implement proper physical security for all IOT hardware devices.
New attacks, then new defenses will closely follow new technology. To make secure, threat assessment is necessary. Multi-layer security should be implemented to give maximum security to IoT devices or technologies.