Why does the coffee machine have an account?
Last year's loud news about a coffee machine that infected computers of one of the European petrochemical plants with an extortion virus, as well as other frequent cases involving home appliances, robotic devices, drones and other smart devices and systems used in the city, office, enterprises, production and other areas about which we hear more and more often from the media, for example:
- home cleaner robot, independently turned on, climbed on the included electric stove, pushed the pan on the burner and burned itself, almost burning the apartment of their masters;
- a robot security guard drowned in the fountain of a business center;
- Robot-lawnmower, who escaped from the workplace and cut a hose with fuel along the way;
- a robot surgeon who beats up patients during operations and holds tissue of internal organs with his hand;
- interception control unmanned aerial vehicles;
- cases of disconnection of industrial devices responsible for control, heating and cooling systems;
- hacking smart children's toys, watches, fitness bracelets and other wearable personal and office devices,
All this makes us have long to think about the security level of smart systems and devices that we face in everyday life ...
Some of these cases can be a simple failure of smart devices, but most are still planned malicious actions aimed at obtaining various benefits for score of committed actions.
In the era of a huge number of hacker attacks and other cyber threats, you need to increase the security of your own and corporate devices. And companies should think about the security of using smart systems in their business processes, in industry, manufacturing, medicine, etc., primarily to reduce the risks of simple equipment failure due to third-party interventions and of course protecting transferred, stored corporate and personal data.
Smart things are already accompanying us everywhere: in the city, at home, in the office, as well as in medicine, transport, manufacturing, industry, agriculture, logistics, power engineering and other areas, and every year this list is growing, and we are getting closer and closer We are approaching a “smart”, but not yet safe environment.
In the fast-growing market of the Internet of Things, as one of the most promising technologies of the next years, developers devote little time and not very important safety of devices, focus on developing the systems themselves, so as not to lose their niche in the market and be one of the innovators in this area of products and services.
Such a race in the development and release of new and new smart devices gives attackers how to turn around in their guises.
will need to identify attributes that may constitute, so to say, the identity of the device. It will be necessary to create a general scheme or data model that IoT manufacturers could use to make the registration, verification and authentication process simple and repeatable. When a set of attributes is defined and assembled from a device, they must be used during the device registration process. For some devices, registration may require some additional unique verification, for example, to confirm that the device itself is legal.
Interaction between people (person-person) will no longer be enough, it will be necessary to establish other relationships between devices, things, people, services and data), it will be necessary to use the principle of many-to-many interaction.
Some of the relationships will be used for temporary access to data, while others will be permanent / long-lasting, such as "man-smart device" or "smart device-smart production." These interactions should be recorded, verified, and then canceled, if necessary.
The authentication and authorization components will have to be applied at every stage of the IoT data flow. The following protocols are currently supported: OAuth2, OpenID Connect, UMA, ACE and FIDO.
Creation and / or management of attributes: user and device - will have to occur, both at the stage of loading, initialization of the device, and at the stage of user registration. Standards developed in this area: LWM2M, OpenICF and SCIM.