IoT Security – are we going about it the right way?

Aaron ArdiriBlogs

Tweet about this on TwitterShare on FacebookShare on LinkedInShare on Google+

This one is for the way-out-there department but makes for interesting discussion on security, accessibility of data and a biological approach to how IoT systems can begin to defend themselves as nature has proven so effective.

EET India published an article recently that makes a good point of questioning if security within IoT, mobile and computing in general is being actually being tackled appropriately – instead of implementing physical security measures, is there a possibility to learn from biology to protect and adapt against attacks to strengthen each node in a deployment?

Security techniques in the Internet have largely drawn inspiration from physical security—keys, firewalls, trusted zones, and more. However, there are other possible sources of inspiration, biology being an obvious example.Quote from EET India article

While technology and biology are two completely different areas – after reading the article and thinking about it closer, there are a lot of interesting points raised that if implemented correctly, could see a rise in adaptable security and diversity in technology; as nature models perfectly.

As HP has reported previously up to 70% of IoT devices are vulnerable, the main reason for this is the lack of diversity and common 0-day attacks being exploited across multiple devices, including the likes of shellshock, heartbleed and blatant lack of security in the first place.

The article also covers the concept of immunological defence that can be adapted for use within technology – that threats are identified based on behavioral factors rather than a database of known signatures that are effectively out of date the second the product ships.

Once an alarm has been triggered the system must respond to the threat – taking the immune style approach; the node could resolve the threat and take one for the team yet at the same time alert neighbouring nodes of the threat to assist isolation of the threat and spawn a redundant node to replace the functions performed by the infected one.

The basic gist is to start out expected to be attacked and focus on protecting the health of the total system understanding a small sacrifice (with learning and fall back concepts) may be the best for the greater good overall – the concept is food for thought for sure.