An IoT topology consists of 3 parts:
- The IoT device
- the communication
- and the Backend.
To secure hardware a lot of technologies already exist. Just look at bank terminals (ATM): trusted hardware and encryption on-chip. Which way to go depends on the criticality of the system and the amount of money to be spent to insure it. Here are some concepts to secure hardware:
- mutual authentication (two-factor authentication) for human access to IoT devices.
- securing the production process by placing unique IDs and certificates on the devices
- operation of a central certificate management to ensure the identity and authenticity of all communicating devices.
- encryption mechanisms for device, gateway and backend (e.g. mutual TLS)
- physical protection for devices that are in the field to prevent theft of local data.
To attack the communication line to a sensor you don’t need physical access to the device. If the device is connected to the public internet, the attack takes place somewhere in the world over that network. There are two directions of communication. One reads information and visualizes them in dashboards or stores them for further analysis. The other sends data or commands to the device, to evoke an activity. Looking at the topic of security, the second one is most critical as you can gain influence or control of a process using this device. The answer to these threats is encryption. There are various protocols available to ensure end-to-end encryption (e.g. HTTPS, MQTT).
In the backend application, all the “known” hacking scenarios of IT systems come into place. The most used recommendation is “Security by Design”. Here we are talking about the development, the governance, the verification, and the deployment process of the application. A well-known standard for that approach is SAMM (Software Assurance Maturity Model).
These three topology parts must fit together in a security architecture, a holistic look at the whole system, not only the single components.