Protecting entire supply chains in preparation for an IoT future

Protecting entire supply chains in preparation for an IoT future

The ‘Internet of Things’ (or IoT) industry has grown substantially over the last decade. Going from being a buzzword to a vital part of tens of thousands of companies, the industry is poised to pay off. $12.6 globally by 2030.

Essentially, as a result of the IoT industry, ‘data’ is being created everywhere, from traffic flows and footfalls to CO2 emissions, and a vast network of sensors can capture that data. Once all the data is collected, it can be analyzed, a job that is much easier to do now that cloud computing gives anyone access to the capabilities of a supercomputer. Devices can then make changes as needed.

The industry is already driving ‘smart cities’, however, only now are organizations starting to use data to its full potential. In fact, IoT is now a key component in Industry 4.0 (‘fourth industrial revolution‘) a term used in manufacturing where every component on a production line exists in both the digital and physical worlds. This works through 5G networks that constantly exchange data to make factories more efficient and proactively address maintenance issues. So, combined with robotics, autonomous systems, and 3D printing, a factory or warehouse could theoretically function without the help of humans.

However, it is important to step back and assess the security threats that data exchange on this scale, through Internet-connected components, represents a potential attack vector. This can be exemplified by looking at ransomware software, which can have devastating consequences in industrial settings. However, imagine what bad actors could accomplish if they gained access to an IoT network inside a factory, oil refinery, or power production facility, for example. By simply increasing the amount of torque a robotic screwdriver uses, they could ruin entire batches of products, or by turning off heat sinks, they could start a fire. It is important to note that this is not a concern of the future: IoT systems have already been hijacked and turned into huge botnets. This could mean that tens of thousands of smart devices could become spam servers, or could flood targets with email traffic. Distributed Denial of Service (DDoS) Attacks.

IoT protection through unique identification

In a commercial system, everything is connected to everything else, which means that a wireless thermostat with an unpatched vulnerability could theoretically provide access to an entire network. Although, because cryptographic keys exist, companies rarely need to worry about this happening. For example, imagine this in terms of physical security: if a thief wanted to enter a high-security building, he might find an open door or window, but could be quickly identified by the lack of a unique security pass. If everyone in the building wore the same identification badge, it would be easy for the thief, however, if they are unique to each person, personalized with a photograph, for example, it becomes much more difficult to break in successfully. A similar principle applies in IoT security.

It is possible that by 2025 there will be 38.9 billion IoT devices, and each device needs a unique identification in the form of a serial number from its manufacturer. Going back to our analogy of a burglar in a building, if they knew that someone authorized to be in the building is named John Smith, they could easily claim it to be him if confronted, unless there is another way to verify who is John and who is not. . Blacksmith. In fact, serial numbers could be spoofed in the same way, so when you log into sensitive accounts, a second form of identification that is much more difficult to determine is often needed to ensure that each IoT device is unique.

Public Key Infrastructure (PKI) is already used on the Internet to create a “root of trust” between devices, applications, and people, and can be used to secure the IoT. Key injection is a technique used to place a private key known only to the manufacturer in each device and generate a public key that can be used by everyone in the supply chain to verify the identity and therefore authenticity of each device. .

Protecting supply chains using public keys

Many components make up the IoT devices used by businesses, and given supply chain issues and a global shortage of microchip components, this raises a question about the authenticity of the products. Consequently, a counterfeit component could leave an entire network open to hacking, and this could be a major problem in applications such as networked vehicles. Therefore, components must constantly exchange, verify, and re-verify private keys, and manufacturers must have the hardware to make this possible. Hardware Security Modules (HSMs) is where key injection begins: these are offline components that cannot be interfered with remotely. They are also much more efficient than software solutions when it comes to creating random numbers – true randomness in computing is a process more difficult than you imagine.

As soon as companies adopt these public keys, IoT security is no longer a concern. These same principles can help protect data in transit between devices, preventing hackers from gaining access, and enable secure cloud-based systems that are increasingly part of IoT solutions. Each component can be identified as authentic and unique, and since PKI encryption is extremely difficult to crack, it becomes much more difficult for bad actors to establish a secure foothold in an IoT network.

#PKI can be used to secure #IoT. The components that make up IoT devices must constantly exchange, verify, and re-verify private keys, creating an interconnected #security infrastructure. #respectdataclick to tweet

The importance of creating an interconnected security infrastructure for IoT is crucial. In a world where everything communicates with everything else, it is not only business-critical but vital that everything from smart city networks to individual smart devices be secure.

Leave a Comment