Internet of Things (IoT) security is being compromised by a lack of standardisation in the sector, leaving users open to the risk of cyber attack Beecham Research warned.
In a report into the security challenges facing the IoT industry, the research company noted that a lack of large-scale consumer and enterprise applications is the only factor currently deterring major attacks on IoT networks and services. Put simply, there isn't enough today to attract the unscrupulous, but the temptation will increase as IoT rollouts accelerate.
Professor Jon Howes, technology director at Beecham Research, explained that while traditional machine-to-machine (M2M) services are "relatively easy for security professionals to secure" due to their highly focused nature, IoT services straddle several different sectors, devices and networks. "Wherever there is a new interface between devices, networks, platforms and users, there is the potential for a new weak link," Howes commented.
The research company highlighted potential security threats in two elements of the IoT: sensors and devices; and network level threats.
In the sensors and devices category, Beecham Research said the main challenges lie in identification, authentication and authorisation. Howes added that it is possible to work out encryption keys by using Differential Power Analysis to listen to "very small changes in power consumption."
On the network level, the main threats of IoT occur at the interface between the different types of network. Because IoT straddles fixed-line infrastructure, cellular, satellite, low-power networks, and personal area networks, "the challenge is to secure the transfer of multiple streams of data between selected networks without exposure of key secrets or equipment control," Howes said.
Robin Duke-Woolley, Beecham Research CEO, said securing data in an IoT environment is "significantly more complex than existing M2M applications or traditional enterprise networks."
The CEO explained that the extra complexity arises from the fact that, in IoT, data "must be protected within the system, in transit or at rest" meaning "significant evolution is required in the identification, authentication and authorisation of devices and people."
Duke-Wooley added that the industry must "also recognise that some devices in the field will certainly be compromised or simply fail; so there needs to be an efficient method of secure remote remediation--yet another challenge if the IoT is to live up to expectations."
- view Beecham Research's announcement
Report: IoT platform revenues will grow to €2.4B worldwide in 2020
ABI Research: Data captured by IoT connections to top 1.6 zettabytes in 2020
Wireless IoT Forum launched to tackle IoT fragmentation
Bouygues Telecom launches IoT network based on LoRa technology
Tele2 focuses on IoT, M2M with HCL Technologies partnership