Home » Posts tagged 'Internet of Things'
Tag Archives: Internet of Things
Internet of Things: Confidence not Confidentiality
The Network of Autonomous Devices is forming; small things talking to each other, making decisions based on their exchanged information about how to manage the world around us.
Attacks are now being seen against these networks, both by researchers and by those with malice aforethought. In addition to using the devices to undertake tradition computer based activities, such as Denial of Service launching, many of these attacks have had an end objective: To take control of machinery.
Much has been said about security within cars, where attacks are performed by, for example, presenting fake throttle data to the engine management unit, or pretending to be the vehicle’s wheel rotation sensor to get the ABS controller to release the brakes – because if it believes that the wheels are skidding it will do what it is designed to do.
An attack against a building can be imagined where wireless temperature sensors are blocked and spoofed to mis-inform the HVAC system, which in turn will render the building unreasonably hot, or cold, making it unusable to a business. Or overheating a datacenter shutting it down. A disruption and cost to a business.
The opportunities for spoofing information to create a change are endless.
The The Internet of Things requires there to be confidence in the information being used.
- Are you confident that the device you are getting the information from is actually what it claims to be. Is it really the front left wheel rotation sensor on this car? or is it something else pretending to be?
- Are you confident that the information it is sending has not been tampered with? Is the temperature received from that sensor is sending really what it is sending?
- What do you do if you mistrust the device? What assumptions do you make? How do you re-establish trust with that device? How do you report it? and will who is being informed react to it correctly?
Yes, Confidentially is important, the data you are sending may be personally identifiable. However, the Integrity of the data, the Confidence you can have in it, is crucial.
