GUEST BLOG - Is your IoT device management system secure?

18 May 2017 by admin

By Rob Dobson, Pre-Sales Director, Device Authority (www.deviceauthority.com)

Unplanned downtime is frustrating, costly and can have surprising business consequences. Monitoring remote connected assets allow businesses to be warned that attention is needed as a problem is appearing. Thus they can plan for effective and remedial action before it becomes business or operationally critical. This is driving new business value for manufacturing and utility operations as there are a range of benefits depending on the type of application or vertical your business addresses.

Ultimately, using a remote asset monitoring solution allows organizations to manage & service their equipment. There are several benefits from monitoring these assets including:

  • Monitoring of Industrial machinery – Reducing emergency repairs, minimizing down time, store and analyse process data, monitor equipment health, notify service engineers in the event of a problem, streamline logistics and inventory processes
  • Building automation – Optimize the energy consumption of facilities, monitor ventilation, heating, cooling and security systems, improve facility efficiency
  • Power generators – Monitor health and readiness, instant access to fuel level, oil-pressure, battery voltage, etc.
  • Tank management – Content levels under control, monitor tank level, pressure and temperature, schedule stock-up refills, optimize logistics
  • Pump and pump stations – Notify service engineers on operation interrupts, minimize on-site service, instant access to equipment status, improve equipment efficiency

These new business models are very attractive for companies but they don’t come without a severe health warning! Security must to be at the centre of any application and considered very carefully. Only recently we have seen large scale attacks on the UK’s NHS and Industrial manufacturing plants such as Nissan. These Ransomware attacks are initially orchestrated via a web link in an email which a user clicks on. This then starts a process where Ransomware is downloaded and installed on the end PC.

PCs and IoT Devices are very different. Instigating a Ransomware attack on an IoT device via email will not typically be applicable, but let’s not forget remote monitoring of manufacturing assets such as machinery will still require an internet connected device which needs to be secured. Let’s face it the internet is a very insecure place.

If you compound these challenges with the awareness that Enterprise security no longer applies on its own, then you need to think outside the box. The traditional enterprise security perimeter no longer applies for remotely connected devices, particularly if your machine or generator is miles away from your office. Since these traditional network security perimeter models do not apply, we need to treat each asset as its own network access point, build defence in depth at the asset itself by way of tamper proof authentication, integrity and provide an end-to-end data privacy model.

Addressing these challenges requires a holistic approach with an easy to deploy and secure Asset management solution such as InVMA’s AssetMinder platform and Device Authority’s KeyScaler. Any asset monitoring solution must address several security problems to make a truly credible product, including:

  • Register/Enrol Asset monitoring devices into IoT IAM platform and Applications
  • Asset Authentication
  • Provision owner controlled security
  • “Things” (Device) Integrity
  • Data Privacy, Integrity
  • Secure Upgrades

One of our previous blogs goes into more detail on IoT security and “Trust the Device, Trust the data” as the IoT device is the weakest link in the chain.

There are several solutions in the market today. KeyScaler™ has unique breakthrough technology which can deliver Device Identity, Integrity and Data Privacy for a true remote asset management solution. KeyScaler™ provides active device authentication, integrity and policy enforcement for data privacy based on patented Dynamic Device Key Generation (DDKG) technology.

1. Device authentication keys are dynamically generated and unique to each device for each authentication session – No more credential stealing and spoofing issues
2. Device-derived crypto keys are generated from the dynamic device authentication process – No more stolen credential or keys
3. Secure Software/Firmware upgrades, detect any critical changes in the device – which maintains device integrity
4. End-to-end policy based data encryption till application layer – which maintains data privacy
5. Seamless integration into PTC ThingWorx IoT Platform and “Things”

Takeaway

Businesses need to ensure their IoT devices have strong device centric identity, authentication, integrity and access controls for end-to-end data transfers. Combining InVMA’s AssetMinder and Device Authority’s KeyScaler brings together a secure end to end asset monitoring solution that customers can host in the cloud securely, quickly and with minimal hassle. Figure 1 below details the top-level system architecture for Asset Minder and KeyScaler:

Secure InVMA Asset Minder platform with Device Authorities KeyScaler

Back to the Blog