Jasper is now part of Cisco

Learn More

Privacy Statement has been updated. Read statement

About Cisco

Jasper is now part of Cisco

Learn More

About Cisco

Privacy Statement has been updated. Read statement

IoT Security – Best practices for securing your IoT network and data

Security-Series-3-Desktop-Listing
Security-Series-3-Mobile-Main
Security-Series-3-Mobile-Listing
February 21, 2017

by

Sanjay Khatri

Connectivity is the linchpin of IoT services – after all, it puts the “Internet” in the Internet of Things. Because that network connection enables the communications (i.e., data) between your devices and your cloud applications to deliver IoT services, it’s mission critical to protect everything in that communication chain.

preview

Many things can go wrong between the intended use of connected devices and their services in the cloud. A myriad of network intrusions can compromise data integrity and security, such as “man-in-the-middle” hacks or session hijacking, which intercept communications between the device and the cloud application. Having the appropriate security policies in place can minimize privacy breaches of transmitted data, and help ensure you deliver the secure, reliable services your customers expect.

Protecting device data and IoT networks

As we’ve said before, IoT security is not one size fits all – and that definitely applies to how you protect your IoT networks and data flowing between your devices and applications in the cloud. There are numerous ways to handle security for IoT networks and data, and your strategy will depend on the type of connectivity, networks, and device usage scenarios you have. Wireless connectivity such as cellular and Wi-Fi, and fixed line connections each have their own set of security protocols you can implement. On a high level, however, you’ll want to consider three best practices:

  1. Data encryption – Device data in transport should always be encrypted, with nothing in clear text that can be easily hacked. Unlike websites that can use SSL credentials to secure data transmitted via the internet, IoT devices don’t support that kind of application-level encryption. Fortunately, the wireless industry is rapidly evolving to address the privacy challenge for IoT. As an example, cellular connectivity uses GSM (Global System for Mobile communication) standardized encryption between the mobile network and the device. The GSM network initiates the encrypted communication with a ciphering mode request, and the GSM device uses ciphering keys and encryption algorithms on the SIM itself to securely transmit and receive data. The keys are never exposed outside of the SIM hardware, and the true identity of the end device is never revealed—two factors that make this solution particularly secure.
  1. Secure private networks – Device data in transport should be parsed in secure private networks rather than simply sent over the internet. Isolating device data from other parts of internet or network traffic not only shields the data from risks that could be introduced by that traffic, but protects the enterprise from exposure if device data is hacked. Organizations often use dedicated links and sophisticated VPNs to safeguard connections between the enterprise data center and the network service provider, but those solutions are expensive and impractical for low-cost IoT devices.

    Again let’s look at cellular IoT, as it provides a cost-effective alternative. With cellular, you can use custom access point names (APNs) to extend a secure local area network (LAN) from your enterprise data center, across the mobile network to your remote IoT devices. You can then allocate your own private IP addresses, and specify additional levels of authentication and authorization beyond what’s provided by the GSM encryption network.

  2. Network authentication – To make sure devices communicate only with the appropriate applications, network authentication allows you to verify and authorize devices on both the network and applications within the network. It adds another layer to establish the “trust relationship” for your IoT traffic.

Application scenarios: Applying best practices for network and data security

The implications of network and data security vary for different IoT business scenarios. Some carry more inherent risk – whether due to broader exposure, higher value of assets involved, or the sensitivity of data being transported to and from the cloud. Below we look at two different IoT scenarios and how real-world companies are applying security best practices.

Consumer applications – Secure private networks for Connected Cars

Connected cars have multiple types of services, such as telematics to support safety, security, diagnostics, infotainment such as internet radio, and passenger-centric services like in-car Wi-Fi. Each service handles different types of data with different levels of sensitivity. Using cellular connectivity, secure private networks enable automakers to separate all traffic into unique network paths as data is transported from the vehicle to the appropriate place in the cloud. This security strategy is especially effective to insulate the most critical data like telematics, reducing risk in the event that other services such as infotainment data are hacked.

Enterprise applications – Data encryption for Retail Point of Sale

Retail point-of-sale devices such as grocery store payment terminals, train ticket kiosks, or smart parking meters all handle sensitive financial payment card information. Transported data must be encrypted to ensure no one hijacks the confidential details as data travels between the retail outlet and the financial backend. Many retail businesses rely on cellular connectivity as it provides multi-layered protection as part of standard encryption protocols with the GSM network.

Protecting your network and device data is mission critical to your IoT business. But as we’ve illustrated in part 1 and part 2 of this blog series, IoT security has many components. In our next article, we’ll focus on security at the application level. Don’t miss it – subscribe to our blog!

Post a comment

Comments

Post a Comment:

Subscribe

By email

Follow Us