Security in IoT is paramount. And the most difficult at the same time. Difficult because of the nature of the tiny devices that have very small storage and very low processing power. But any new product or protocol must be designed with at least the fundamental security features as standard:
- The design must be published, so it can be analyzed and scrutinized publicly. You should not even try to touch a proprietary solution.
- It must be upgradable. Bugs happen and can be fixed. But what is a fix worth if it cannot be deployed?
- It must be physically resistant to attempts of extracting security material (keys). External flash memory is a no-go.
- No keys should ever be hardcoded. Because they will fall eventually.
- Humans should not be responsible for creating the keys. Because they usually will be weak. Keys should be generated by truly random generators.
- Nonces have to be truly unique. Not just random.
- A system should be able to roll the keys periodically to prevent brute force attacks.
- Rolling keys should be possible in a way that selected devices are blacklisted. If there is a "CIA mike" in the room, there must be a way to cut it off.
- Messages should be protected with long integrity codes. 64-bit integrity codes are minimum nowadays.
- Devices should be strongly authenticated when joining the system. You don't want to give your network keys to your neighbor's light bulb.
- Privacy should be protected. Nothing that goes in the air should disclose publicly who sends it. Never use static addresses (such as MACs) unencrypted.
There is probably more to add. But the list above serves as a good starting point. It is hard to dispute, but it already disqualifies majority of wireless IoT systems / protocols in use today. And the prime examples are...
smart locks...
Comments
Post a Comment