IoT security

What is IoT security?

IoT security is the act of securing Internet of Things services, systems, devices, and the networks they’re connected to.

Many cybersecurity solutions can be inherited from the security standards implemented in more traditional IT, but unfortunately, IoT is a mix of different technologies of different capabilities and ages. It also overlaps the Operation Technologies (OT) used in industries that earlier were protected since they lacked a connection to the outside world. This changes when introducing IoT, bridging the gap.

Sensative offers IoT cybersecurity solutions that ensure ZeroTrust protection of your valuable IoT data. However, IoT device protection is implemented (or not) by the supplier of those devices, so we recommend that you do a risk analysis when selecting sensors and actuators and their suppliers.

Understanding IoT security risks

Modern IoT ecosystems are complex. Sensors and actuators can be connected and configured to send data over various networks to cloud applications and backends. The digital security risk is present at every step across the IoT implementation.

Unfortunately, diverse data types and often limited network bandwidth and computing power among IoT devices mean that you need different solutions to work in sync to protect the whole system.

Risk must be mitigated for the entire IoT lifecycle of the deployment, especially as it scales and expands geographically.

Breaking it down into four different areas

IoT device security

Most sensors and actuators are small and simple devices with minimal computing power, called constrained environments. They are also primarily battery-driven, and signaling must be kept to a minimum to save power.

These devices are more or less useless as an entry point in a more powerful hacker attack, but they are still susceptible to manipulation. In some applications, they need to have some physical protection if the data they provide is critical. For instance, an outdoor temperature might be mere information. In contrast, a temperature in an engine can be vital to preventing failures making it more interesting to manipulate if you want to cause damage.

IoT devices are highly reliant on the standard they implement. For instance, Sensative Strips have all the security measures provided by Z-Wave and LoRaWAN implemented. 

IoT network security

Protecting the transportation of the data can be challenging depending on the characteristics of the chosen IoT standard. For example, some standards, like CoAP, lack entirely any security measures in themselves. Others support higher bandwidth and thus support extra security layers in the protocol stack, like 5G. And others, despite being narrowband, have strong end-to-end security implemented in its core, like LoRaWAN or NB-IoT.

They all come with different price tags to implement and operate, and they all have their eco-systems of devices and suppliers supporting them, limiting the freedom to choose the best device for a specific task.

This is the reality for which we have developed our Yggio Digitalization infrastructure Management System. First, to enable the customer to choose the best and most cost-efficient solution for a specific service. Second, to mix different technologies but still manage it securely through one interface and one API.

IoT platform security

The central IoT platform is the most vulnerable part of an IoT system. This is where all data and automation control is aggregated and thus where you can do the most harm. 

Sensative’s Yggio DiMS platform has some cornerstone capabilities for providing the security your solution needs.

  • ZeroTrust architecture
  • Secure cloud or an optional on-premises deployment
  • IAM integration
  • OpenID Connect or SAML 2.0 authentication
  • TLS & DTLS for IP & non-IP network connections
  • OSCORE end-to-end encryption 
  • and more

IoT end-user service security

Besides the admin interface, the end-user service or app is the prime entry point for a hacker. At the same time, it must be convenient to use for the less technical user. It is essential that the connection to the IoT platform is secure, that the access is strictly controlled using multi-factor authentication, end so on.

Yggio provides all these mechanisms, including IAM integration for corporate users.

The end-user data must also be protected from a privacy point of view. Read more here about how Yggio and Sensative support your GDPR processes.

YGGIO DiMS

- THE SECURE LINK

zerotrust

Zero Trust architecture

A zero-trust security model is a way to design network security architecture that withholds access until a user, device, or even an individual data packet has been thoroughly inspected and authenticated. Even then, only the least amount of necessary access is granted. Zero-trust security can be summarized as “never trust, always verify.” Equating safety with “inside the firewall” is no longer acceptable.

All users must be authenticated, and each transaction, like data or device access, must be authorized.

When accessing Yggio through the API, you must provide an authorized access token in the request header. Otherwise, it will get rejected.

Authentication and Authorization

Access to data, sensors, and actuators is authenticated and authorized, with policy management and integration, e.g., LDAP and Active Directory.

Identity brokering and social login

Yggio can authenticate users with existing OpenID Connect or SAML 2.0 Identity Providers. 

User Federation

Yggio has built-in support to connect to existing LDAP or Active Directory servers. We can also implement your provider if you have users in other stores, such as a relational database.

Yggio security

Secure communication

TLS protects all communication on IP networks. Similar tunnels, DTLS, can protect some non-IP communication in more constrained environments.

All IoT standards differ regarding security protocols and principles if they have any at all. The Yggio integration layer, LENS, manages all these differences and makes it possible to add security to weaker protocols.

Yggio also supports the new OSCORE end-to-end encryption protocol for constrained IoT standards lacking security. This technology enables trust in IoT sensors or networks in otherwise untrusted environments. Using OSCORE, we can encrypt and protect data in an unbroken chain from an endpoint in the network through, for instance, gateways, public networks, and IoT platforms to a service and a user. However, this also prevents Yggio from accessing the information, meaning that some functionality will be limited, e.g., analytics and automation.

Visitor survey

Visitor survey

How can we get better?

Please tell us a bit about yourself and why you visit so we can provide you with better information in the future.

Thank you for subscribing to the Sensative newsletter

Your PDF download is now unlocked

Also, we have unlocked all services exclusive for the Sensative community