The recent DDoS attack using connected devices was massive and disruptive, to say the least. The attack which was done using the internet enabled Cameras affected lot of websites Twitter, Amazon, Reddit, Netflix, and more. The attack specifically targeted the DNS (Domain Name System) that maps human readable website address to their IP address.
In this attack, the malicious malware named Mirai was infected to the smart home devices like connected cameras that were vulnerable. Mirai spreads itself by scanning the Internet for IPs owned by commonly connected devices. These devices are often left with factory logins passwords and weak security protocols. The software uses this weakness to upload itself onto the device and take it over. Once the device is infected it will act like a botnet and sends spurious traffic to website swamping them that the website won’t be able to handle the load that it could break down. Cyber-attacks are not new but a smart device that have an IP address and that are not properly secured are vulnerable and could open the gate for more serious and dangerous attack.
IoT is influencing our lives in numerous ways by bringing a lot of value. But at the same time, IoT involves connecting the devices to Internet. Any connected objects like cars and home appliances are vulnerable. On one hand the enormous amount of data from the smart devices need to be secure and safe and should not fall into the wrong hands and on the other hand, the smart devices acting like botnets to create the DDOS type of attack.
Therefore, building secure IoT products and solution are a top priority and IoT product manufacturer, software vendors and platform vendors all have the task at hand to build a system which is secure and can prevent these kinds of attack.
Solving the Security Threat Using PAASMER platform
As a secure IoT platform, PAASMER’s goal has been to ensure that IoT service/products built using the platform is highly secure.
PAASMER Security framework follows a ground-up implementation to ensure data from the device to cloud and beyond is secure and no data compromise happens during. It also ensures that the devices are not exposed to any kind of attack.
PAASMER Security framework and how data safety is ensured is defined as below.
Device Level security
Device-level security in PAASMER ensures the edge devices and gateways are not vulnerable and they do not expose their IP address to other devices which are not authorized for the access. This prevents any type of attack on them.
PAASMER Device-level security is implemented in MISTY Operating system/Firmware package for IoT devices. The key features include
- Secure Boot
- Secure Provisioning
- Secure updates and patches
The secure boot validates and authenticates the software in the device each time the device powers up through a digital signature. This ensures no unknown software or malware is running on the device. An additional hardware chip called TPM provides enhanced security.
Secure provisioning uses secure tokens to establish the device into the network. Once the devices communicate its presence a secure token is released for the device to communicate with the gateway.
The IoT devices also need regular software updates and patches to keep them safe from malicious virus and attacks. However, what usually happens is once these devices are installed it’s forgotten. That’s why PAASMER offers Over the air software updates and patches which ensure the user does not need to bother about doing a regular software update. It’s automatically updated when a new patch is available after a secure device authentication.
Access Control, Authentication, and Authorization
Access Control is built into the operating system to ensure that only authorized users are accessing the device. User level policy, Device level policy limits the access to users/device to the function they must perform. Multi-layered authentication like username/password, passcode based authentication, strong password rule and policy based access is defined at the device layer. PAASMER security framework forces customers to rest password during the initial registration process forcing them to change the factory password and also implements stringent rules for passwords.
Device authentication allows each device to validate itself when they enter the network thus removing device trying to sneak the network.
PAASMER also provides end to end Data encryption. All the data service from the device to the gateway to cloud to applications are encrypted so no data theft is possible while the data is moving.
PAASMER Security Framework leverages the SSL 3.0 and TLS 1.0 standards to leverage the latest in session and security frameworks to ensure security for the data. All communications require valid certificates that are authenticated every time a client connects.
PAASMER also ensures the data itself is encrypted with the Advanced Encryption Standard (AES) encryption specification.
PAASMER mandates the usage of secure network tunnel for device communication with the cloud. The choice of network tunnel can vary between each use case. Handling all device communications over the secure network tunnel ensures that there is no network spoofing of device data or controls. Special Ant-DDoS choices on network tunnel ensure protection against the DDoS attacks.
To reap the full potential of IoT the security challenges faced by IoT devices should be mitigated. While the onus of Securing IoT devices lies with the platform vendors, software vendors, product manufacturers and consumers alike, vendors need to harden security in each of their offerings by the following end to end security implementation. By using PAASMER platform, IoT manufacturers can leverage the inbuilt security elements to build a Secure IoT platform in a quick, efficient way.