1. Security vs Convenience
We as human beings always try to balance between convenience and security. A soldier with heavy body armour would be slow on a battlefield but invulnerable to most attacks. Bare minimum armour would give more mobility but might tear apart at the slightest hit of shrapnel. More convenience leads to lesser security. The first and foremost principle IoT developers should follow is to not compromise on security for the sake of convenience.
Security testing should be performed at highest possible scale. The sheer volume of technology in IoT makes it necessary for every design and security consideration to be taken into account. Simple bootstrapping into an ecosystem can create a self denial of service condition at IoT scale. Security countermeasures must perform at volume.
2. Automated tests
Automated systems are capable of complex, monotonous, and tedious operations that are extremely difficult and time consuming for humans to perform. IoT systems should seek to exploit this advantage for security. Test every device with every attack vector. Test all publicly known bugs.
3. Prepare for the worst case
Expect downtime. Expect DoS and DDoS attacks. You can’t reduce security controls when you are offline. The advantage of autonomy should also extend to situations wherein a component is isolated. Security countermeasures must never degrade in the absence of connectivity.
4. Encrypt Everything
Data encryption only protects encrypted pathways. Data transmitted over an encrypted link is still exposed - prior to encryption, after decryption, and along any communication pathways that do not enforce encryption. The entire data lifecycle should be carefully scrutinised to ensure that encryption is applied uniformly and appropriately. Encryption is not absolute - be aware that metadata about encrypted data may leak valuable information to attackers. It is easy for developers to make mistakes when encrypting data - failing to validate intermediate certificates, failing to encrypt traffic with a strong key, using a uniform seed, or exposing a private key. Ensure a thorough review of any encryption capability to avoid these mistakes.
5. Penetration testing
Perform penetration testing for every code change and configuration change. Make sure that all IoT components are stripped down to the minimum viable feature set to reduce attack surface. Unused ports and protocols should be disabled, and unnecessary supporting software should be uninstalled or turned off. Be sure to track third party components and update them regularly. Ensure every line of code provided by third parties is audited.
6. Never expose a device that is not to be controlled
To every extent possible, limit access based on user acceptability criteria. Exposing a sensor interface on the internet is never advisable. Limit access to special cases in which the requirement is extremely specific.
7. Data in aggregate is unpredictable
IoT systems are capable of collecting vast quantities of data that may seem innocuous at first glance, but complex data analysis often reveals sensitive patterns and hidden information. Closely monitor all data and have checks in place to oversee which data gets assigned to whom.
8. Plan for the worst
IoT systems are not very powerful. They have multiple nodes even in cases of minimal computing. Always account for communication and processing issues. IoT systems should have capabilities to respond to compromises, hostile participants, malware and other adversities. There should be features in place to re-issue credentials, exclude participants, distribute security patches and updates, well before they are ever needed.
9. Use multi factor authentication for APIs
Ensure that security controls are equivalent across interfaces in the ecosystem. Attackers will try to identify the weakest component and exploit the vulnerability. Mobile interfaces, hidden API's, or resource constrained environments must enforce security in the form of more robust or feature rich interfaces. Using multi-factor authentication for a web interface is useless if a mobile application allows access to the same API's with a four digit PIN.
10. Transitive ownership
IoT components are often sold or transferred over the course of their respective lifespans. Plan for this eventuality and make sure that all IoT systems can protect and isolate data to enable safe transfer of ownership, even if a component is sold or transferred to a competitor or an attacker.
#IoT, #cybersecurity, #IoTsecurity, #smartcities, #applicationsecurity