Amazon-owned smart home manufacturer Ring recently announced that it is strengthening the security of its Internet of Things (IoT) motion detection doorbell cameras by offers end-to-end encryption (E2EE) for streaming video. However, there is a catch. Users who choose to activate E2EE will find that they need to make significant trade-offs. Convenience and usefulness diminish if you want to enjoy the privacy benefits of E2EE. That highlights one of the problems with IoT security: balancing privacy with device purpose.
That tradeoff is familiar to people tasked with protecting IoT environments, especially in industrial settings. Today, manufacturers collect new streams of data (such as audio and video content) on the shop floor. They can also insert new control tools (such as voice control and wireless headsets) into processes. As they do so, they need to have this data on hand for processing. But you must also keep yourself safe.
Ring Doorbell Highlights IoT Risks
Ring has a long history of IoT security and privacy issues. In some of those incidents, threat actors used the camera’s two-way talk feature to harass customers. In the best known of these incidentsA widely shared video shows a faceless man taunting an eight-year-old girl from the Ring security camera her family had set up in her bedroom.
The company insisted that these incidents were the result of reusing credentials from clients. Ring stated that the bad actors used username and password pairs from third-party data breaches, not from a breach of Ring’s own network. However, the company later added two-factor authentication to its account login procedures after security experts discovered that it had no way to prevent so-called brute force attacks — in which attackers simply try a large number of possible passwords in an attempt to guess correctly. He also threw a new Control Center feature which allows users to better manage their privacy and security settings within the Ring app.
Ring is now implementing E2EE for streaming video data.
Why IoT security comes at a cost
According Ringthe company’s new E2EE option is an “additional feature focused on security and privacy.” [designed to provide] users with even more peace of mind.” To protect its customers’ streaming video data, Ring uses a technology called asymmetric key encryption. In this type of cryptography, data in transmission is encrypted when the device creates it. To decrypt it, you need a unique private key. This key only works on the local mobile device where the customer can watch your video. In this case, the paired phone app generates the key, a unique 10-word passphrase. The system randomly selects each word of the 7,776-word passphrase. To further protect the video stream, the phone app does not store the passphrase locally. Instead, the user must enter it every time he wants to watch your videos.
What does it mean for the user to trust asymmetric key encryption? Surprising few, the answer is not good at all.
First, customers using E2EE must retype their 10-word passphrase each time they want to check their video stream. The phrase will not make any sense, making it more difficult to remember. What happens if a user forgets their passphrase? They will lose access to the video content on their device, forever. After all, Ring does not retain the decryption key or store it elsewhere.
Balancing security and function
Second, because asymmetric key decryption requires some computation, it cannot be performed on any device. Only mobile phones with recent versions of iOS or the Android operating system can run Ring’s E2EE encryption feature.
And, more importantly, the asymmetric key encryption that Ring is based on is a one-to-one encryption protocol. This is typical of the cryptographic techniques that have been used most frequently in computing to date. However, it does not work well for securing cyber-physical systems and IoT devices. Smart buildings, smart factories and smart cities are based on geographically distributed sensor networks. Your data flows between interacting systems through multiple intermediaries. This means that IoT flows often have more than one recipient. Therefore, the device must encrypt, decrypt, and re-encrypt the data multiple times to keep it secure.
For Ring customers who enable E2EE, one-to-one encryption means a loss of functionality. E2EE users can no longer share their videos with other users. They also cannot view them online or through Ring’s Windows and Mac desktop apps. Additionally, Ring features that rely on external processing and analysis of video content will no longer function. Therefore, E2EE users can no longer access features such as automatic movement verification or people-only mode.
Tomorrow’s IoT security solutions need many-to-many encryption
Ring E2EE is an optional feature. By default, the device comes with this feature turned off unless users opt to use it. Many users will not. A large number of Ring customers bought their devices because they wanted to be able to watch their videos from multiple devices, share their data with others, or use popular social networking sites like Ring’s own Neighbors forum. For these users, the benefits of the enhanced privacy provided by E2EE do not outweigh the drawbacks.
For IoT security leaders tasked with protecting sensor data transmission in smart factories, the tradeoff is even more challenging. Making IoT data available for analysis both in the cloud and at the edge is the primary goal of Industrial IoT solutions. If the user cannot use the streaming sensor data because it cannot be decrypted, the devices involved lose their value.
At the same time, leaving streaming sensor data unencrypted (and therefore vulnerable to compromise) is not an option, especially in the face of today’s most prevalent threats against manufacturing and critical infrastructure. Instead, it is critical that the industry adopt lightweight many-to-many E2E encryption algorithms as an industry-wide standard. While emerging technology such as attribute-based encryption (ABE) and object security frameworks show promise, many-to-many encryption must become the norm if IoT security issues in industrial environments are to be solved.