SlideShare ist ein Scribd-Unternehmen logo

The Weakest Point of Security in IoT

N
nsangary
1 von 2
Downloaden Sie, um offline zu lesen
Title: The Weakest Point of Security in IoT Date: September, 11, 2015 Author: Dr. Nagula Sangary, CEO, BitCircle Inc. The risks to security and privacy of personal information is becoming a major issue in the Internet of Things (IoT) market as the hacking of databases is occurring with increasing frequency. As more people and organizations start to use or offer IoT-enabled services, the number of agents with malicious intent will also increase, given that the information found in the databases is a tempting target for those who would seek profit through identity theft or other criminal means. Although there are methods of addressing information security vulnerabilities, many players in the industry are not taking appropriate action to mitigate risks as they may be unaware of the specific flaws and attack points, or the solution to the problem may be at odds with their business model. If one were to investigate recent cybersecurity breaches you would readily determine that they occurred at the storage space of the data and not in the communication links or at the data’s point of origin. In general, most of the internet protocols, the wireless communication systems and the sensors used in the IoT have sufficient security features enabled to deter hackers. However, at the data storage point there are very few security safeguards implemented. The primary reason for this is that the authorized service providers need to view users’ personal data in order to provide the required services; having extraneous security measures in place would adversely impact their access to that data. In addition to the data being exposed at the point of storage, the number of authorized staff in a service provider company who have access to the data can be quite large and difficult to monitor, which is another risk. It would take only one employee with nefarious intentions to release clients’ personal data, or to give access to unauthorized staff, or convey knowledge of the weakest links in security protection to outside hackers. Neither corporate ethics policies nor laws are sufficient protection against acts of this nature. The security of IoT systems will continue to be an issue until gaps such as this are addressed. A solution to combat these threats lies in the following process: every piece of data that enters the specific IoT solution-space should be encrypted at the source and subsequently stored at a separate location rather than at a single repository, and for tight controls to be in place for authorized access to this data. One could draw an analogy between the early days of the computer age and the modern cloud-based services. Initially, computing services and applications provided to the users were based on a centralized client-server model, which was necessary due to the high cost of the main-frame computers. However, this changed over time with innovation in the Personal Computer (PC) industry. The lower cost of processors, memory, and associated components made it affordable for consumers to acquire their own computing power. A similar trend is taking shape in the world of IoT with sensors, devices and mobile computing getting cheaper every month. In addition to affordability, the exponential growth of PCs could also be attributed to the privacy and security it offered to the user. PC users wanted to regain control over the programs they used and the content they created, without the vulnerability of using computing resources over a shared system. Having their own personal computers afforded the users with a sense of comfort and this type of distributed system in essence created a new, better level of security. In the modern era of reliance on cloud services people are facing somewhat of an asymmetric problem. Due to the centralized model of the current cloud services, most cloud applications are offered to the users essentially at no cost. Cloud service providers offer “free” applications and service in exchange for the
users’ personal information. However, the risk that users face is in the potential theft of their personal information. As a result of this, the central cloud-based solutions should implement information storage methods in a similar fashion as the PC-era method, where the users’ personal data is distributed rather than centralized. Unlike the current system where hackers can break into one system and steal the personal data of thousands of users, in a distributed system the hackers would need to break into thousands of individual systems to achieve the same level of success. In addition, these individual (distributed) systems can be further protected by encrypting every piece of data stored in them. The encryption of users’ personal data with individual keys would provide an added level of protection and peace of mind. However, the presence of this encryption would be in conflict with the business models used by many corporations today. In the current models, in exchange for an individual’s personal information many service providers give free applications for promoting fitness, asset tracking, games and more. This data is then used for profiling people and the information is shared for big data analytics. Even though most corporations obtain this information with permission, the idea of “uninformed consent” is being raised by legal scholars and governments alike and this could become a major issue for these corporations in the future. All of the stated concerns can be addressed with a system that combines distributed storage and individualized encryption schemes. The method for generating individualized encryption keys, managing and protecting them may be complex, however, it can be done with existing technologies. Undoubtedly, development and deployment of such systems would require some expertise. Visionary companies such as BitCircle have recognized this need and are developing solutions to address the issue of privacy and security in the IoT space, and at the same time enabling the current business models of the service providers to exist as the users can authorize access for the service providers. The successful adoption of IoT technologies and resulting business growth will depend on the number of individuals making productive use of IoT-enabled services. In order for people to feel comfortable with the system, the key players in the IoT space must continue to address the privacy issue and provide the most secure environment for the users. Contact information of the author: Nagula T. Sangary PhD, MBA Chief Executive Officer, BitCircle Inc., 22 King St. South, Waterloo, Ontario, N2J 1N8 www.bitcircle.com Office #: (5190 725-2247 Email: nagula@bitcircle.com Adjunct Professor Department of Electrical & Computer Engineering University of Waterloo, Waterloo, Ontario, Canada McMaster University, Hamilton, Ontario, Canada Central South University, Changsha, China Email: nsangary@uwaterloo.ca

Empfohlen

Coalition of IoT and Blockchain: Rewards and Challenges
Coalition of IoT and Blockchain: Rewards and ChallengesCoalition of IoT and Blockchain: Rewards and Challenges
Coalition of IoT and Blockchain: Rewards and Challengesanupriti
 
Blockchain and the Internet Of Things - Benefits of combining these two Mega ...
Blockchain and the Internet Of Things - Benefits of combining these two Mega ...Blockchain and the Internet Of Things - Benefits of combining these two Mega ...
Blockchain and the Internet Of Things - Benefits of combining these two Mega ...Tyrone Systems
 
Fog computing security and privacy issues, open challenges, and blockchain so...
Fog computing security and privacy issues, open challenges, and blockchain so...Fog computing security and privacy issues, open challenges, and blockchain so...
Fog computing security and privacy issues, open challenges, and blockchain so...IJECEIAES
 
Challenges of IP protection in era of cloud computing
Challenges of IP protection in era of cloud computingChallenges of IP protection in era of cloud computing
Challenges of IP protection in era of cloud computingBrandix India Apparel City Pvt Ltd.
 
Security & Compliance in the Cloud - Proactively Managing Governance, Risk & ...
Security & Compliance in the Cloud - Proactively Managing Governance, Risk & ...Security & Compliance in the Cloud - Proactively Managing Governance, Risk & ...
Security & Compliance in the Cloud - Proactively Managing Governance, Risk & ...Chad Lawler
 
IEEE 5G World Forum: 8 trends of iot in 2018 and beyond july 9th 2018 santa ...
IEEE 5G World Forum: 8 trends of iot in 2018 and beyond july 9th 2018 santa ...IEEE 5G World Forum: 8 trends of iot in 2018 and beyond july 9th 2018 santa ...
IEEE 5G World Forum: 8 trends of iot in 2018 and beyond july 9th 2018 santa ...Ahmed Banafa
 
Interner of Things Iinsurance gateway
Interner of Things Iinsurance gateway Interner of Things Iinsurance gateway
Interner of Things Iinsurance gateway Δρ. Γιώργος K. Κασάπης
 
Secure and Smart IoT using Blockchain and AI
Secure and Smart IoT using Blockchain and AISecure and Smart IoT using Blockchain and AI
Secure and Smart IoT using Blockchain and AIAhmed Banafa
 

Empfohlen

Coalition of IoT and Blockchain: Rewards and Challenges
Coalition of IoT and Blockchain: Rewards and ChallengesCoalition of IoT and Blockchain: Rewards and Challenges
Coalition of IoT and Blockchain: Rewards and Challengesanupriti
 
Blockchain and the Internet Of Things - Benefits of combining these two Mega ...
Blockchain and the Internet Of Things - Benefits of combining these two Mega ...Blockchain and the Internet Of Things - Benefits of combining these two Mega ...
Blockchain and the Internet Of Things - Benefits of combining these two Mega ...Tyrone Systems
 
Fog computing security and privacy issues, open challenges, and blockchain so...
Fog computing security and privacy issues, open challenges, and blockchain so...Fog computing security and privacy issues, open challenges, and blockchain so...
Fog computing security and privacy issues, open challenges, and blockchain so...IJECEIAES
 
Challenges of IP protection in era of cloud computing
Challenges of IP protection in era of cloud computingChallenges of IP protection in era of cloud computing
Challenges of IP protection in era of cloud computingBrandix India Apparel City Pvt Ltd.
 
Security & Compliance in the Cloud - Proactively Managing Governance, Risk & ...
Security & Compliance in the Cloud - Proactively Managing Governance, Risk & ...Security & Compliance in the Cloud - Proactively Managing Governance, Risk & ...
Security & Compliance in the Cloud - Proactively Managing Governance, Risk & ...Chad Lawler
 
IEEE 5G World Forum: 8 trends of iot in 2018 and beyond july 9th 2018 santa ...
IEEE 5G World Forum: 8 trends of iot in 2018 and beyond july 9th 2018 santa ...IEEE 5G World Forum: 8 trends of iot in 2018 and beyond july 9th 2018 santa ...
IEEE 5G World Forum: 8 trends of iot in 2018 and beyond july 9th 2018 santa ...Ahmed Banafa
 
Interner of Things Iinsurance gateway
Interner of Things Iinsurance gateway Interner of Things Iinsurance gateway
Interner of Things Iinsurance gateway Δρ. Γιώργος K. Κασάπης
 
Secure and Smart IoT using Blockchain and AI
Secure and Smart IoT using Blockchain and AISecure and Smart IoT using Blockchain and AI
Secure and Smart IoT using Blockchain and AIAhmed Banafa
 
Global Security Certification for Governments
Global Security Certification for GovernmentsGlobal Security Certification for Governments
Global Security Certification for GovernmentsCloudMask inc.
 
Second line of defense for cybersecurity : Blockchain
Second line of defense for cybersecurity : BlockchainSecond line of defense for cybersecurity : Blockchain
Second line of defense for cybersecurity : BlockchainAhmed Banafa
 
The Blockchain Wave in 2019 and Beyond
The Blockchain Wave in 2019 and BeyondThe Blockchain Wave in 2019 and Beyond
The Blockchain Wave in 2019 and BeyondAhmed Banafa
 
Trust management techniques_for_the_internet_of_things_a_survey-converted
Trust management techniques_for_the_internet_of_things_a_survey-convertedTrust management techniques_for_the_internet_of_things_a_survey-converted
Trust management techniques_for_the_internet_of_things_a_survey-convertedtanvir616
 
Does the Convergence of the Blockchain, the Internet of Things and Artificial...
Does the Convergence of the Blockchain, the Internet of Things and Artificial...Does the Convergence of the Blockchain, the Internet of Things and Artificial...
Does the Convergence of the Blockchain, the Internet of Things and Artificial...eraser Juan José Calderón
 
MIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the CloudMIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the CloudKumar Goud
 
Secure and Smart IoT
Secure and Smart IoT Secure and Smart IoT
Secure and Smart IoT Ahmed Banafa
 
IoT and Blockchain Convergence
IoT and Blockchain ConvergenceIoT and Blockchain Convergence
IoT and Blockchain ConvergenceAhmed Banafa
 
VET4SBO Level 2 module 6 - unit 4 - v0.9 en
VET4SBO Level 2 module 6 - unit 4 - v0.9 enVET4SBO Level 2 module 6 - unit 4 - v0.9 en
VET4SBO Level 2 module 6 - unit 4 - v0.9 enKarel Van Isacker
 
Four essential truths of the IoT
Four essential truths of the IoTFour essential truths of the IoT
Four essential truths of the IoTW. David Stephenson
 
THE INTERNET OF THINGS: NEW INTEROPERABILITY, MANAGEMENT AND SECURITY CHALLENGES
THE INTERNET OF THINGS: NEW INTEROPERABILITY, MANAGEMENT AND SECURITY CHALLENGESTHE INTERNET OF THINGS: NEW INTEROPERABILITY, MANAGEMENT AND SECURITY CHALLENGES
THE INTERNET OF THINGS: NEW INTEROPERABILITY, MANAGEMENT AND SECURITY CHALLENGESIJNSA Journal
 
Trust in the mobile internet of things
Trust in the mobile internet of thingsTrust in the mobile internet of things
Trust in the mobile internet of thingsAntonio Gonzalo
 
BLOCKCHAIN TECHNOLOGY IN AGRICULTURE: A CASE STUDY OF BLOCKCHAIN START-UP...
BLOCKCHAIN TECHNOLOGY IN AGRICULTURE: A CASE STUDY OF BLOCKCHAIN START-UP...BLOCKCHAIN TECHNOLOGY IN AGRICULTURE: A CASE STUDY OF BLOCKCHAIN START-UP...
BLOCKCHAIN TECHNOLOGY IN AGRICULTURE: A CASE STUDY OF BLOCKCHAIN START-UP...AIRCC Publishing Corporation
 
Xylos Clients Day - Public cloud and security go hand in hand, if you approac...
Xylos Clients Day - Public cloud and security go hand in hand, if you approac...Xylos Clients Day - Public cloud and security go hand in hand, if you approac...
Xylos Clients Day - Public cloud and security go hand in hand, if you approac...Karim Vaes
 
9 IoT predictions for 2019
9 IoT predictions for 20199 IoT predictions for 2019
9 IoT predictions for 2019Ahmed Banafa
 
IoT, AI and Blockchain: Catalysts for Digital Transformation
IoT, AI and Blockchain: Catalysts for Digital TransformationIoT, AI and Blockchain: Catalysts for Digital Transformation
IoT, AI and Blockchain: Catalysts for Digital TransformationAhmed Banafa
 
A Secure Model of IoT Using Blockchain
A Secure Model of IoT Using BlockchainA Secure Model of IoT Using Blockchain
A Secure Model of IoT Using BlockchainAltoros
 
Global Digital Sukuk (GDS) - A basic framework
Global Digital Sukuk (GDS) - A basic frameworkGlobal Digital Sukuk (GDS) - A basic framework
Global Digital Sukuk (GDS) - A basic frameworkTariqullah Khan
 
Cloud Information Accountability Frameworks for Data Sharing in Cloud
Cloud Information Accountability Frameworks for Data Sharing in CloudCloud Information Accountability Frameworks for Data Sharing in Cloud
Cloud Information Accountability Frameworks for Data Sharing in CloudIOSR Journals
 
12 Myths about Blockchain Technology
12 Myths about Blockchain Technology12 Myths about Blockchain Technology
12 Myths about Blockchain TechnologyAhmed Banafa
 
I want you to Read intensively papers and give me a summary for ever.pdf
I want you to Read intensively papers and give me a summary for ever.pdfI want you to Read intensively papers and give me a summary for ever.pdf
I want you to Read intensively papers and give me a summary for ever.pdfamitkhanna2070
 
Blockchain IoT Security Why do we need it.pdf
Blockchain IoT Security Why do we need it.pdfBlockchain IoT Security Why do we need it.pdf
Blockchain IoT Security Why do we need it.pdfRosalie Lauren
 

Weitere ähnliche Inhalte

Was ist angesagt?

Global Security Certification for Governments
Global Security Certification for GovernmentsGlobal Security Certification for Governments
Global Security Certification for GovernmentsCloudMask inc.
 
Second line of defense for cybersecurity : Blockchain
Second line of defense for cybersecurity : BlockchainSecond line of defense for cybersecurity : Blockchain
Second line of defense for cybersecurity : BlockchainAhmed Banafa
 
The Blockchain Wave in 2019 and Beyond
The Blockchain Wave in 2019 and BeyondThe Blockchain Wave in 2019 and Beyond
The Blockchain Wave in 2019 and BeyondAhmed Banafa
 
Trust management techniques_for_the_internet_of_things_a_survey-converted
Trust management techniques_for_the_internet_of_things_a_survey-convertedTrust management techniques_for_the_internet_of_things_a_survey-converted
Trust management techniques_for_the_internet_of_things_a_survey-convertedtanvir616
 
Does the Convergence of the Blockchain, the Internet of Things and Artificial...
Does the Convergence of the Blockchain, the Internet of Things and Artificial...Does the Convergence of the Blockchain, the Internet of Things and Artificial...
Does the Convergence of the Blockchain, the Internet of Things and Artificial...eraser Juan José Calderón
 
MIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the CloudMIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the CloudKumar Goud
 
Secure and Smart IoT
Secure and Smart IoT Secure and Smart IoT
Secure and Smart IoT Ahmed Banafa
 
IoT and Blockchain Convergence
IoT and Blockchain ConvergenceIoT and Blockchain Convergence
IoT and Blockchain ConvergenceAhmed Banafa
 
VET4SBO Level 2 module 6 - unit 4 - v0.9 en
VET4SBO Level 2 module 6 - unit 4 - v0.9 enVET4SBO Level 2 module 6 - unit 4 - v0.9 en
VET4SBO Level 2 module 6 - unit 4 - v0.9 enKarel Van Isacker
 
Four essential truths of the IoT
Four essential truths of the IoTFour essential truths of the IoT
Four essential truths of the IoTW. David Stephenson
 
THE INTERNET OF THINGS: NEW INTEROPERABILITY, MANAGEMENT AND SECURITY CHALLENGES
THE INTERNET OF THINGS: NEW INTEROPERABILITY, MANAGEMENT AND SECURITY CHALLENGESTHE INTERNET OF THINGS: NEW INTEROPERABILITY, MANAGEMENT AND SECURITY CHALLENGES
THE INTERNET OF THINGS: NEW INTEROPERABILITY, MANAGEMENT AND SECURITY CHALLENGESIJNSA Journal
 
Trust in the mobile internet of things
Trust in the mobile internet of thingsTrust in the mobile internet of things
Trust in the mobile internet of thingsAntonio Gonzalo
 
BLOCKCHAIN TECHNOLOGY IN AGRICULTURE: A CASE STUDY OF BLOCKCHAIN START-UP...
BLOCKCHAIN TECHNOLOGY IN AGRICULTURE: A CASE STUDY OF BLOCKCHAIN START-UP...BLOCKCHAIN TECHNOLOGY IN AGRICULTURE: A CASE STUDY OF BLOCKCHAIN START-UP...
BLOCKCHAIN TECHNOLOGY IN AGRICULTURE: A CASE STUDY OF BLOCKCHAIN START-UP...AIRCC Publishing Corporation
 
Xylos Clients Day - Public cloud and security go hand in hand, if you approac...
Xylos Clients Day - Public cloud and security go hand in hand, if you approac...Xylos Clients Day - Public cloud and security go hand in hand, if you approac...
Xylos Clients Day - Public cloud and security go hand in hand, if you approac...Karim Vaes
 
9 IoT predictions for 2019
9 IoT predictions for 20199 IoT predictions for 2019
9 IoT predictions for 2019Ahmed Banafa
 
IoT, AI and Blockchain: Catalysts for Digital Transformation
IoT, AI and Blockchain: Catalysts for Digital TransformationIoT, AI and Blockchain: Catalysts for Digital Transformation
IoT, AI and Blockchain: Catalysts for Digital TransformationAhmed Banafa
 
A Secure Model of IoT Using Blockchain
A Secure Model of IoT Using BlockchainA Secure Model of IoT Using Blockchain
A Secure Model of IoT Using BlockchainAltoros
 
Global Digital Sukuk (GDS) - A basic framework
Global Digital Sukuk (GDS) - A basic frameworkGlobal Digital Sukuk (GDS) - A basic framework
Global Digital Sukuk (GDS) - A basic frameworkTariqullah Khan
 
Cloud Information Accountability Frameworks for Data Sharing in Cloud
Cloud Information Accountability Frameworks for Data Sharing in CloudCloud Information Accountability Frameworks for Data Sharing in Cloud
Cloud Information Accountability Frameworks for Data Sharing in CloudIOSR Journals
 
12 Myths about Blockchain Technology
12 Myths about Blockchain Technology12 Myths about Blockchain Technology
12 Myths about Blockchain TechnologyAhmed Banafa
 

Was ist angesagt? (20)

Global Security Certification for Governments
Global Security Certification for GovernmentsGlobal Security Certification for Governments
Global Security Certification for Governments
 
Second line of defense for cybersecurity : Blockchain
Second line of defense for cybersecurity : BlockchainSecond line of defense for cybersecurity : Blockchain
Second line of defense for cybersecurity : Blockchain
 
The Blockchain Wave in 2019 and Beyond
The Blockchain Wave in 2019 and BeyondThe Blockchain Wave in 2019 and Beyond
The Blockchain Wave in 2019 and Beyond
 
Trust management techniques_for_the_internet_of_things_a_survey-converted
Trust management techniques_for_the_internet_of_things_a_survey-convertedTrust management techniques_for_the_internet_of_things_a_survey-converted
Trust management techniques_for_the_internet_of_things_a_survey-converted
 
Does the Convergence of the Blockchain, the Internet of Things and Artificial...
Does the Convergence of the Blockchain, the Internet of Things and Artificial...Does the Convergence of the Blockchain, the Internet of Things and Artificial...
Does the Convergence of the Blockchain, the Internet of Things and Artificial...
 
MIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the CloudMIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the Cloud
 
Secure and Smart IoT
Secure and Smart IoT Secure and Smart IoT
Secure and Smart IoT
 
IoT and Blockchain Convergence
IoT and Blockchain ConvergenceIoT and Blockchain Convergence
IoT and Blockchain Convergence
 
VET4SBO Level 2 module 6 - unit 4 - v0.9 en
VET4SBO Level 2 module 6 - unit 4 - v0.9 enVET4SBO Level 2 module 6 - unit 4 - v0.9 en
VET4SBO Level 2 module 6 - unit 4 - v0.9 en
 
Four essential truths of the IoT
Four essential truths of the IoTFour essential truths of the IoT
Four essential truths of the IoT
 
THE INTERNET OF THINGS: NEW INTEROPERABILITY, MANAGEMENT AND SECURITY CHALLENGES
THE INTERNET OF THINGS: NEW INTEROPERABILITY, MANAGEMENT AND SECURITY CHALLENGESTHE INTERNET OF THINGS: NEW INTEROPERABILITY, MANAGEMENT AND SECURITY CHALLENGES
THE INTERNET OF THINGS: NEW INTEROPERABILITY, MANAGEMENT AND SECURITY CHALLENGES
 
Trust in the mobile internet of things
Trust in the mobile internet of thingsTrust in the mobile internet of things
Trust in the mobile internet of things
 
BLOCKCHAIN TECHNOLOGY IN AGRICULTURE: A CASE STUDY OF BLOCKCHAIN START-UP...
BLOCKCHAIN TECHNOLOGY IN AGRICULTURE: A CASE STUDY OF BLOCKCHAIN START-UP...BLOCKCHAIN TECHNOLOGY IN AGRICULTURE: A CASE STUDY OF BLOCKCHAIN START-UP...
BLOCKCHAIN TECHNOLOGY IN AGRICULTURE: A CASE STUDY OF BLOCKCHAIN START-UP...
 
Xylos Clients Day - Public cloud and security go hand in hand, if you approac...
Xylos Clients Day - Public cloud and security go hand in hand, if you approac...Xylos Clients Day - Public cloud and security go hand in hand, if you approac...
Xylos Clients Day - Public cloud and security go hand in hand, if you approac...
 
9 IoT predictions for 2019
9 IoT predictions for 20199 IoT predictions for 2019
9 IoT predictions for 2019
 
IoT, AI and Blockchain: Catalysts for Digital Transformation
IoT, AI and Blockchain: Catalysts for Digital TransformationIoT, AI and Blockchain: Catalysts for Digital Transformation
IoT, AI and Blockchain: Catalysts for Digital Transformation
 
A Secure Model of IoT Using Blockchain
A Secure Model of IoT Using BlockchainA Secure Model of IoT Using Blockchain
A Secure Model of IoT Using Blockchain
 
Global Digital Sukuk (GDS) - A basic framework
Global Digital Sukuk (GDS) - A basic frameworkGlobal Digital Sukuk (GDS) - A basic framework
Global Digital Sukuk (GDS) - A basic framework
 
Cloud Information Accountability Frameworks for Data Sharing in Cloud
Cloud Information Accountability Frameworks for Data Sharing in CloudCloud Information Accountability Frameworks for Data Sharing in Cloud
Cloud Information Accountability Frameworks for Data Sharing in Cloud
 
12 Myths about Blockchain Technology
12 Myths about Blockchain Technology12 Myths about Blockchain Technology
12 Myths about Blockchain Technology
 

Ähnlich wie The Weakest Point of Security in IoT

I want you to Read intensively papers and give me a summary for ever.pdf
I want you to Read intensively papers and give me a summary for ever.pdfI want you to Read intensively papers and give me a summary for ever.pdf
I want you to Read intensively papers and give me a summary for ever.pdfamitkhanna2070
 
Blockchain IoT Security Why do we need it.pdf
Blockchain IoT Security Why do we need it.pdfBlockchain IoT Security Why do we need it.pdf
Blockchain IoT Security Why do we need it.pdfRosalie Lauren
 
Securing Data with Block chain and AI ppt
Securing Data with Block chain and AI pptSecuring Data with Block chain and AI ppt
Securing Data with Block chain and AI pptsumayyakousar194
 
AWhile there are several ways of gathering information on a
AWhile there are several ways of gathering information on a AWhile there are several ways of gathering information on a
AWhile there are several ways of gathering information on a kacie8xcheco
 
Insecure magazine - 51
Insecure magazine - 51Insecure magazine - 51
Insecure magazine - 51Felipe Prado
 
Smart city landscape
Smart city landscapeSmart city landscape
Smart city landscapeSamir SEHIL
 
How blockchain will defend iot
How blockchain will defend iotHow blockchain will defend iot
How blockchain will defend iotHitesh Malviya
 
Reinventing Cybersecurity in the Internet of Things
Reinventing Cybersecurity in the Internet of ThingsReinventing Cybersecurity in the Internet of Things
Reinventing Cybersecurity in the Internet of ThingsNirmal Misra
 
151022_oml_reinventing_cybersecurity_IoT_v1p
151022_oml_reinventing_cybersecurity_IoT_v1p151022_oml_reinventing_cybersecurity_IoT_v1p
151022_oml_reinventing_cybersecurity_IoT_v1pStéphane Roule
 
Target Unncryption Case Study
Target Unncryption Case StudyTarget Unncryption Case Study
Target Unncryption Case StudyEvelyn Donaldson
 
Mi health care - multi-tenant health care system
Mi health care - multi-tenant health care systemMi health care - multi-tenant health care system
Mi health care - multi-tenant health care systemConference Papers
 
SECURITY AND PRIVACY AWARE PROGRAMMING MODEL FOR IOT APPLICATIONS IN CLOUD EN...
SECURITY AND PRIVACY AWARE PROGRAMMING MODEL FOR IOT APPLICATIONS IN CLOUD EN...SECURITY AND PRIVACY AWARE PROGRAMMING MODEL FOR IOT APPLICATIONS IN CLOUD EN...
SECURITY AND PRIVACY AWARE PROGRAMMING MODEL FOR IOT APPLICATIONS IN CLOUD EN...ijccsa
 
5 Infrastructure Trends That Will Reshape IT By 2023.docx
5 Infrastructure Trends That Will Reshape IT By 2023.docx5 Infrastructure Trends That Will Reshape IT By 2023.docx
5 Infrastructure Trends That Will Reshape IT By 2023.docxjustspamxox
 
Machine learning presentation in using pyhton
Machine learning presentation in using pyhtonMachine learning presentation in using pyhton
Machine learning presentation in using pyhtonmasukmia.com
 
The Identity of Things: Privacy & Security Concerns
The Identity of Things: Privacy & Security ConcernsThe Identity of Things: Privacy & Security Concerns
The Identity of Things: Privacy & Security ConcernsSimon Moffatt
 
br-security-connected-top-5-trends
br-security-connected-top-5-trendsbr-security-connected-top-5-trends
br-security-connected-top-5-trendsChristopher Bennett
 
10 technology trends that will shape security industry 2018
10 technology trends that will shape security industry 201810 technology trends that will shape security industry 2018
10 technology trends that will shape security industry 2018Axis Communications
 
PulseSecure_Report_HybridIT_120715
PulseSecure_Report_HybridIT_120715PulseSecure_Report_HybridIT_120715
PulseSecure_Report_HybridIT_120715Jim Romeo
 

Ähnlich wie The Weakest Point of Security in IoT (20)

I want you to Read intensively papers and give me a summary for ever.pdf
I want you to Read intensively papers and give me a summary for ever.pdfI want you to Read intensively papers and give me a summary for ever.pdf
I want you to Read intensively papers and give me a summary for ever.pdf
 
Blockchain IoT Security Why do we need it.pdf
Blockchain IoT Security Why do we need it.pdfBlockchain IoT Security Why do we need it.pdf
Blockchain IoT Security Why do we need it.pdf
 
Securing Data with Block chain and AI ppt
Securing Data with Block chain and AI pptSecuring Data with Block chain and AI ppt
Securing Data with Block chain and AI ppt
 
AWhile there are several ways of gathering information on a
AWhile there are several ways of gathering information on a AWhile there are several ways of gathering information on a
AWhile there are several ways of gathering information on a
 
Lecture 14
Lecture 14Lecture 14
Lecture 14
 
Insecure magazine - 51
Insecure magazine - 51Insecure magazine - 51
Insecure magazine - 51
 
Smart city landscape
Smart city landscapeSmart city landscape
Smart city landscape
 
How blockchain will defend iot
How blockchain will defend iotHow blockchain will defend iot
How blockchain will defend iot
 
Reinventing Cybersecurity in the Internet of Things
Reinventing Cybersecurity in the Internet of ThingsReinventing Cybersecurity in the Internet of Things
Reinventing Cybersecurity in the Internet of Things
 
151022_oml_reinventing_cybersecurity_IoT_v1p
151022_oml_reinventing_cybersecurity_IoT_v1p151022_oml_reinventing_cybersecurity_IoT_v1p
151022_oml_reinventing_cybersecurity_IoT_v1p
 
Wireless Security on Context (disponible en español)
Wireless Security on Context (disponible en español)Wireless Security on Context (disponible en español)
Wireless Security on Context (disponible en español)
 
Target Unncryption Case Study
Target Unncryption Case StudyTarget Unncryption Case Study
Target Unncryption Case Study
 
Mi health care - multi-tenant health care system
Mi health care - multi-tenant health care systemMi health care - multi-tenant health care system
Mi health care - multi-tenant health care system
 
SECURITY AND PRIVACY AWARE PROGRAMMING MODEL FOR IOT APPLICATIONS IN CLOUD EN...
SECURITY AND PRIVACY AWARE PROGRAMMING MODEL FOR IOT APPLICATIONS IN CLOUD EN...SECURITY AND PRIVACY AWARE PROGRAMMING MODEL FOR IOT APPLICATIONS IN CLOUD EN...
SECURITY AND PRIVACY AWARE PROGRAMMING MODEL FOR IOT APPLICATIONS IN CLOUD EN...
 
5 Infrastructure Trends That Will Reshape IT By 2023.docx
5 Infrastructure Trends That Will Reshape IT By 2023.docx5 Infrastructure Trends That Will Reshape IT By 2023.docx
5 Infrastructure Trends That Will Reshape IT By 2023.docx
 
Machine learning presentation in using pyhton
Machine learning presentation in using pyhtonMachine learning presentation in using pyhton
Machine learning presentation in using pyhton
 
The Identity of Things: Privacy & Security Concerns
The Identity of Things: Privacy & Security ConcernsThe Identity of Things: Privacy & Security Concerns
The Identity of Things: Privacy & Security Concerns
 
br-security-connected-top-5-trends
br-security-connected-top-5-trendsbr-security-connected-top-5-trends
br-security-connected-top-5-trends
 
10 technology trends that will shape security industry 2018
10 technology trends that will shape security industry 201810 technology trends that will shape security industry 2018
10 technology trends that will shape security industry 2018
 
PulseSecure_Report_HybridIT_120715
PulseSecure_Report_HybridIT_120715PulseSecure_Report_HybridIT_120715
PulseSecure_Report_HybridIT_120715
 

The Weakest Point of Security in IoT

  • 1. Title: The Weakest Point of Security in IoT Date: September, 11, 2015 Author: Dr. Nagula Sangary, CEO, BitCircle Inc. The risks to security and privacy of personal information is becoming a major issue in the Internet of Things (IoT) market as the hacking of databases is occurring with increasing frequency. As more people and organizations start to use or offer IoT-enabled services, the number of agents with malicious intent will also increase, given that the information found in the databases is a tempting target for those who would seek profit through identity theft or other criminal means. Although there are methods of addressing information security vulnerabilities, many players in the industry are not taking appropriate action to mitigate risks as they may be unaware of the specific flaws and attack points, or the solution to the problem may be at odds with their business model. If one were to investigate recent cybersecurity breaches you would readily determine that they occurred at the storage space of the data and not in the communication links or at the data’s point of origin. In general, most of the internet protocols, the wireless communication systems and the sensors used in the IoT have sufficient security features enabled to deter hackers. However, at the data storage point there are very few security safeguards implemented. The primary reason for this is that the authorized service providers need to view users’ personal data in order to provide the required services; having extraneous security measures in place would adversely impact their access to that data. In addition to the data being exposed at the point of storage, the number of authorized staff in a service provider company who have access to the data can be quite large and difficult to monitor, which is another risk. It would take only one employee with nefarious intentions to release clients’ personal data, or to give access to unauthorized staff, or convey knowledge of the weakest links in security protection to outside hackers. Neither corporate ethics policies nor laws are sufficient protection against acts of this nature. The security of IoT systems will continue to be an issue until gaps such as this are addressed. A solution to combat these threats lies in the following process: every piece of data that enters the specific IoT solution-space should be encrypted at the source and subsequently stored at a separate location rather than at a single repository, and for tight controls to be in place for authorized access to this data. One could draw an analogy between the early days of the computer age and the modern cloud-based services. Initially, computing services and applications provided to the users were based on a centralized client-server model, which was necessary due to the high cost of the main-frame computers. However, this changed over time with innovation in the Personal Computer (PC) industry. The lower cost of processors, memory, and associated components made it affordable for consumers to acquire their own computing power. A similar trend is taking shape in the world of IoT with sensors, devices and mobile computing getting cheaper every month. In addition to affordability, the exponential growth of PCs could also be attributed to the privacy and security it offered to the user. PC users wanted to regain control over the programs they used and the content they created, without the vulnerability of using computing resources over a shared system. Having their own personal computers afforded the users with a sense of comfort and this type of distributed system in essence created a new, better level of security. In the modern era of reliance on cloud services people are facing somewhat of an asymmetric problem. Due to the centralized model of the current cloud services, most cloud applications are offered to the users essentially at no cost. Cloud service providers offer “free” applications and service in exchange for the
  • 2. users’ personal information. However, the risk that users face is in the potential theft of their personal information. As a result of this, the central cloud-based solutions should implement information storage methods in a similar fashion as the PC-era method, where the users’ personal data is distributed rather than centralized. Unlike the current system where hackers can break into one system and steal the personal data of thousands of users, in a distributed system the hackers would need to break into thousands of individual systems to achieve the same level of success. In addition, these individual (distributed) systems can be further protected by encrypting every piece of data stored in them. The encryption of users’ personal data with individual keys would provide an added level of protection and peace of mind. However, the presence of this encryption would be in conflict with the business models used by many corporations today. In the current models, in exchange for an individual’s personal information many service providers give free applications for promoting fitness, asset tracking, games and more. This data is then used for profiling people and the information is shared for big data analytics. Even though most corporations obtain this information with permission, the idea of “uninformed consent” is being raised by legal scholars and governments alike and this could become a major issue for these corporations in the future. All of the stated concerns can be addressed with a system that combines distributed storage and individualized encryption schemes. The method for generating individualized encryption keys, managing and protecting them may be complex, however, it can be done with existing technologies. Undoubtedly, development and deployment of such systems would require some expertise. Visionary companies such as BitCircle have recognized this need and are developing solutions to address the issue of privacy and security in the IoT space, and at the same time enabling the current business models of the service providers to exist as the users can authorize access for the service providers. The successful adoption of IoT technologies and resulting business growth will depend on the number of individuals making productive use of IoT-enabled services. In order for people to feel comfortable with the system, the key players in the IoT space must continue to address the privacy issue and provide the most secure environment for the users. Contact information of the author: Nagula T. Sangary PhD, MBA Chief Executive Officer, BitCircle Inc., 22 King St. South, Waterloo, Ontario, N2J 1N8 www.bitcircle.com Office #: (5190 725-2247 Email: nagula@bitcircle.com Adjunct Professor Department of Electrical & Computer Engineering University of Waterloo, Waterloo, Ontario, Canada McMaster University, Hamilton, Ontario, Canada Central South University, Changsha, China Email: nsangary@uwaterloo.ca