The hottest year 2018 will be a crucial year for t

2018 will be a crucial year for IOT

2018 will be a crucial year for IOT. It is estimated that 2.8 billion new devices will be connected to the Internet, thus realizing various scenes in science fiction a decade ago. Even the medical equipment, watches, home automation equipment, smart cities, smart cars and industrial equipment, whether in the personal field or the business field, will change the communication mode between people and the environment

now is the best time to reflect on our mistakes in the past and decide to do better in the future. My first consideration is security. We can easily immerse ourselves in the new things brought by IOT, but we can't ignore the security risks brought by IOT

more than a year ago, Mirai malware controlled hundreds of thousands of IOT devices and launched the largest and most destructive network attack. According to Webroot, the fundamental problem is that the above seven points are the seven points that the hydraulic universal testing machine complies with. The manufacturer only pays attention to the function of the equipment and does not invest enough money in safety testing

therefore, I think everyone should make such a decision in the next year: make security a part of the IOT design process! But what does this mean? This article mainly talks about some problems that need to be considered from the beginning

1. Does the equipment perform safety sensitive operations

if hackers can control the actuator signal of insulin pump or nuclear power plant valve controller, it will obviously bring huge safety problems. Even the control thermostat, a less critical device, is a safety problem in cold winter. On the contrary, controlling your robot vacuum cleaner may not have a great impact

safety is more important than everything. Whether the equipment involves potential safety hazards will become an important factor for you to consider what strength safety measures to take

2. Does the device process sensitive information? CDW (6) type 0 impact test low-temperature tank series is a newly developed tightening mechanism cold equipment according to the requirements for low-temperature devices in gb/t229 (1) 994 "metal Charpy Notch Impact Test Method". Any kind of privacy sensitive information should be paid attention to, especially the gdpr regulations will be implemented in Europe. If these data are not processed properly, they will be severely punished. Sensitive information not only refers to personal information, but also financial data, login credentials, telemetry and configuration need to be carefully protected

when designing a product that brings confidence to extruder enterprises, ask yourself, what will happen if hackers get these data? If you think this consequence is unacceptable, you should consider using password encryption to process the data in storage and transmission

3. Does your device need security authentication

it is worth noting that only authorized IOT devices can be added to your IOT ecosystem

think about it. What will happen if a hacker's device can disguise as a car sensor and trigger the behavior of some autonomous vehicle control systems? What happens if the insulin pump receives a reading from a fake blood glucose sensor? In security sensitive situations, it is crucial to verify the identity of IOT devices

encrypted secure identity can provide powerful authorization and security for devices, and can be applied to a variety of scenarios to ensure that all devices in the IOT ecosystem are trusted

4. Is the encryption method you are implementing correct that materials are the basis of industrial development

for data protection, secure communication and authentication, cryptography is a forward-looking technology, which is difficult to implement and deploy correctly. Encryption will protect the data, but you must also protect the key

one of the characteristics of IOT is that these devices are usually in a physically uncontrolled environment, which gives hackers more opportunities to directly access devices. Therefore, it is easier to reverse engineer devices to find keys. The protection key may need to install a special hardware security storage key on the device. If it cannot be achieved, white box encryption needs to be implemented

you also need to consider the entire lifecycle of key management. How are keys generated and distributed? The key is usually generated on an unprotected computer, and the private key is not fully protected or backed up, resulting in serious security vulnerabilities. The correct generation and distribution of keys requires special technology, facilities, processes and personnel. If these functions cannot be realized by your own enterprise, you may need to outsource services for key generation and configuration

5. How do you protect applications on IOT devices

you should consider protecting applications as part of the development lifecycle. Many tools can be used to analyze the code to find potential vulnerabilities that you should fix before deploying the code to the field

of course, new vulnerabilities are constantly discovered. You should have some methods to safely update these devices after deployment. Consider using a secure authentication channel when deploying patches to devices, and using code signing technology to ensure that only authorized updates are installed

deploying IOT devices in an uncontrolled environment provides hackers with many opportunities to reverse engineer code, so it is very important to evaluate tools to prevent tampering

there is still a lot of work to be done to improve the security of IOT, but considering these five issues, you should embark on a safer IOT deployment path. Good luck in 2018