Hi! For subscription need to sign up or login the account.Signup
Introduction to IoT Security
IoT devices bridge between the virtual and physical world. Unlike general-purpose computers, they are
networked computing devices with narrowly defined physical functionality primarily based on
sensors and actuators. Main challenges IoT devices are facing globally include security threats, data
privacy as primary issues and compliance requirement, third party data requests, access
management and others as secondary issues. Hundreds of different IoT attacks can be broadly
clustered into four major categories, as follows –
‘Ignoring the IoT functionality’ attack
Since IoT devices are relatively vulnerable entry points into customers’ domestic and/ or
organizational network, this attack ignores the intended functionality the IoT device is designed to
‘Misusing the IoT functionality’ attack
This attack replaces the originally intended functionality with another functionality in an
Extending the IoT functionality’ attack
This attack includes the original functionality of IoT devices and extends the functionality in
order to achieve a completely diverse physical impact.
According to the National Institute of Information and Communications Technology
a number of domestic cyberattacks have gone from 5.6 billion in 2010 to 54.5 billion in 2015.
Another survey made by Varonis stated that only 5% of companies’ folders are properly
protected, on average. According to the latest forecast from the Gartner survey, worldwide
spending on cybersecurity is forecasted to reach approximately $133.7 billion in 2022, which
was $124 billion in 2019.
Chain of trust and Secret Protection in IoT – Immensity of Data causes Threat
Implementation of the cryptographic suite for IoT devices relies on the ‘chain of trust’. If a single link in
the chain of trust in the security system is affected, the security of the entire system will eventually
collapse. ‘Knowledge is power’ is a very well-known phrase in the context of IoT. A complex system
works in collaborative fashion where multiple IoT devices work interoperably to perform certain
task. Consider the example of smart car manufacturers whose action is capturing data for inter-car
communication, smart parking, range estimation, traffic compliance, livelock avoidance and many
more. The vast amount of data shared over IoT devices keeps a breach open for theft, falsification,
impersonation, hacking, ransomware, denial of service and a lot more.
Paradox of Randomness in Cyber-immuned IoT Infrastructure
Most of the hackers and intruders attack IoT functionality through a technique called ‘Bayesian
estimation of discrete entropy’, which enables them to deduce the considerable amount of hackable
information regarding system specifications and operation details from observing samples. Thus
security and privacy are two major considerations and both relying on stronger encryption models
which can only be obtained from a reliable source of truly random numbers. Ics used in IoT often
give off ‘side-information’ like Radio-Frequency (RF) emissions, rate of variation in power
consumption – which is a source of concern as after drawing statistically significant conclusions
from Bayesian entropy analysis, physical devices might undergo probing and reverse engineering.
This is caused due to a lack of randomness or entropy used for securing the key to encrypt data. Many
Random Number Generators (RNGs) used in IoT rely on the time of day which is obtained
mathematically by combining digits representing different units of seconds to produce an
‘apparently random’ seed. This is pseudo-randomness, as feeding the exact time of day to the same
RNG will return the same sequence of random numbers. Thus, “unpredictability and statistical
independence will never be achieved due to insufficient entropy generated and weak entropy
source used.” On the contrary, random numbers generated from a true random number generator will
never undergo physical, electronic and statistical attacks through observation or manipulation.
Quantum hype in IoT marketplace
Evolution beyond classical computing is through the quantum realm of computing in a recent state of
technological flux in notable dimensions. Quantum enables envision the future to explore
accelerated growth in the marketplace to impact the landscape of machine learning, artificial
intelligence, and IoT to a greater extent, despite its development nascency. The following represents
the status of quantum computing and its reach in industry and academia in two different time zones.
IoT incorporates controllability, readability, addressability, locatability, and recognizability of things via the internet. Operational units of IoT include devices, sensors, machines, data and interaction
among them. The digital economy is currently girdled by IoT devices and IoT infrastructure, where
there is amazing snowballing of data and devices. As per a forecast by Business Insider Intelligence,
“by 2023 consumers, companies and governments will install 40 billion IoT devices globally.”
Cloud-based IoT security is indeed a cardinal issue in growing IoT connectivity. Overcoming
security hurdles and ensuring quality services of IoT implies scalability, efficiency, interoperability
and responsiveness of IoT devices imposed over trillions of sensors. Securing IoT communication is
performed using cryptographic algorithms currently available in the marketplace.
No wonder, security is a pre-eminent issue as encryption relying on the public-key cryptographic model
is susceptible to sophisticated hacking in the near-term future using powerful quantum computers.
Rqubit is able to provide a competitive advantage to IoT industries with stand out security
Security vendor key factor collected 75 million RSA (most popular public-key cryptographic
the algorithm, so far) digital certificates and found that at least 435,000 of these certificates were
vulnerable to factoring attacks