Tuesday, May 5, 2020

Security Issues And Solution Internet Of Things

Question: Discuss about the Internet of Things for Security Issues and Solutions. Answer: Introduction The computers in the global network are interconnected through TCP/IP is called Internet. Internet changed the way for people from different parts of the world to connect with each other to share, learn and care instantly. Today, more devices used at home for an average household are connected to internet than the number of people at home. Internet of Things (IoT), involves set of devices and systems that interconnect real-world sensors and actuators to the Internet. IP address is the unique ID used to identify each device on the internet. So IoT is internet connectivity of smart objects and embedded system other computing devices with the existing Internet infrastructure. The gadgets used, device application, communication module, data security plays key role in performance, adoption, acceptance and behaviour of the IOT service. Copy of your published research report Summary of discussion The research report published by Federal Trade Commission covers both positive and negative aspects of IoT. On one end the view reflected in report is that regulations around IoT should be done in such a way that it should not adversely affect the benefits of Iot as they believe that IoT can lead to innovation that Supports Smart Living concept (Ungerleider; 2015). They believe that adoption of IoT will lead to increased use of fitness and general health monitoring devices which inherently bring health awareness and overall well being of society. Other view covered in the paper is that IoT should be regulated in early stages before there are cases of losses incurred due to data leakage and misuse. they believe that governance and legislations should be imposed irrespective of the benefits of IoT. They believe that data captured in IoT world is highly sensitive and if hacked by wrong hands then it might be used inappropriately for various decisions by corporate. Examples being insuran ce companies may use one's personal data to decide on insurance premiums, employers may take employments decisions and offer jobs in a biased fashion if they hold sensitive information of a perspective job applicant, financial companies that take credit decisions, housing and mortgage decisions may be influenced by these personal details. We believe that more points can be covered as part of security considerations in IoT world and same will be covered in subsequent sections. Issue not addressed adequately in the report From the discussion in above heads till now and from the research report we understand that IoT is a vast dramatic phenomenon which if used and applied effectively can lead to benefits that could lead to upliftment of human life, social circle and standard of living in general. BUT, from the discussion we also understand that if the technology and security governance applied is not effective then it might lead to security breaches that pose even a greater risk. If this darker side of IoT is exposed (like by misuse of data by cyber-attackers) then it may lead to financial damages or even physical injury. This will break trust of public in technology and benefits that IoT inherently carry and this should be avoided on highest priority. With that context, we will have to drive a way for growth of IoT so that it is win-win situation for Companies (device makers) Pioneering in IOT and their consumers. The research paper does not cover how this win-win situation can be achieved. We will need to do following things to achieve such strategic growth for IoT: Understand the loop holes leading to security issues (Storm; 2015) Device makers to focus on security and remediation to build efficient and robust devices Conduct workshop and Educate people to utilise and make out benefits from IoT offerings Loop holes leading to security issues: Use of weak passwords Unrestricted account enumeration Insufficient access controls Single system with two factor authentication Improperly and poorly configured SSL/TLS Insecure Cloud based interface Lack of account lock feature in case of automated machine attack Insecure Mobile based interface Unsecured data transfer methods Vulnerability to account harvesting leading hacker to guess and penetrate in system Impact of the above mentioned issues and their application/impact in the real world The impact of above mentioned issues is that the IoT products and offerings are mistrusted and have become synonym for breach (Daniel; 2015). This is not conductive to innovation and growth of the IoT segment. Due to this gap we can see the impact that IoT offerings are not adopted by consumers in market. This implicitly hinders the growth of the ioT world, also, users cannot make out value or benefit from the marvellous and up to the mark offering of IoT world. Few examples: Location Tracking Device: (eg to track ones child; people do not use as it might give information to wrong people leading to child kidnapping case) Medical and Heath Monitoring Devices: (people hesitate to adopt as it might leak data to insurance companies thus raising premiums) Vehicle central monitoring: leaked data might lead to Cars and Other Vehicles theft These are just few examples (Greenberg and Zetter; 2015) where in spite of extreme capabilities of IoT product offerings these are not adopted due to high probability of security failure and subsequently threat to consumer. We will cover remediation and solution in subsequent section. Reflection on Learning from discussions As covered in above section for the security issues below are the remediation and learning (Lomas; 2015) from the analysis of research report: Governance protocols for IoT Offerings: The governing agencies should issue legislation for the IoT device manufacturing companies so to cover from following perspective: Usage of proper data encryption methodology Usage of secure network to transfer data Practice Data minimization Encrypted connection for communication Network security and resilience Data privacy extensive Security testing (covers privacy, autonomy and spying) TCP connection may be encrypted with SSL/TL security by design increasing consumer transparency about data usage and re-usage Public awareness Workshops: We should make aware people about the control in place to handle any issues arising out of usage of IoT products Encourage people to centralise and encrypt network so that is is not possible to hack Use software and hardware solutions designed to mitigate IoT vulnerabilities Ready to tackle security breaches (if occurs) and secure essential data immediately Usage of Strong Credentials Avoid sharing extra (unrequired) Personal details with others/ vendors With these guidelines, and with appropriate security measures in every aspect we will be able to harness this most-hyped, emerging technology that will undoubtedly revolutionize the world. Conclusion There is a lot of work being done throughout the industry to make this framework more efficient and robust. There are lots of ideas flowing in from everywhere about how to build new systems using the IoT and many of them have also been implemented to provide some potential benefits. IoT with the wonders it can do , has also equally triggered security and privacy concerns both to the Business and the end users .Best thing, for now, is to educate ourselves in this smart framework and understand the potential benefits and challenges related to the IoT. To mitiage the risks associated with IoT products would require business, governance body and people to work in concurrence towards common goal References Storm, D. (Feb 11, 2015).Of 10 IoT-connected home security systems tested, 100% are full of security FAIL. Retrieved on 16th Sept from https://www.computerworld.com/article/2881942/cybercrime-hacking/of-10-iot-connected-home-security-systems-tested-100-are-full-of-security-fail.html Daniel. (Dec 29, 2015).Wearables IoT Security, Privacy and Safety Concerns. Retrieved on 16th Sept from https://www.appcessories.co.uk/wearables-iot-security-privacy-and-safety-concerns/ Greenberg,A and Zetter,K.(Dec 29, 2015).How the Internet of Things Got Hacked. Retrieved on 16th Sept from https://www.wired.com/2015/12/2015-the-year-the-internet-of-things-got-hacked/ Ungerleider, N. (Jan 27 2015).U.S. Gov't: The Internet of Things Is A Security Disaster Waiting To Happen. Retrieved on 16th Sept from https://www.fastcompany.com/3041532/us-govt-the-internet-of-things-is-a-security-disaster-waiting-to-happen Lomas,N.(Jan 27, 2015).UK Regulator Sets Out Priorities For Growing The Internet Of Things. Retrieved on 16th Sept from https://techcrunch.com/2015/01/27/ofcom-iot-priorities Bauer, M. (2011).Introduction to the Architectural Reference Model for the Internet of Things. Retrieved on 16th Sept from https://www.iot-a.eu/public/public-documents/copy_of_d1.2/at_download/file FTC Staff Report. (Jan 2015). Privacy Security in a Connected World. Retrieved on 16th Sept from https://www.ftc.gov/system/files/documents/reports/federal-trade-commission-staff-report-november-2013-workshop-entitled-internet-things-privacy/150127iotrpt.pdf

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.