June 2015
27
I
NTERNET
-O
F
-T
HINGS
– S
ECURITY
Security requirements of
the Internet-of-Things
By Christian Eder,
congatec
This article explains the security re-
quirements of the IoT, and introduces
a starter kit comprising all necessary
components to rapidly develop a pro-
totype to test IoT technology as simply
as possible.
n
e fourth industrial revolution (Indus-
try 4.0) is becoming a reality. Driven by the
immense possibilities of the Internet, real and
virtual worlds are growing closer together,
merging in the Internet of ings. e biggest
opportunities of Industry 4.0 lie in greater
customization enabled by highly exible
production, closer integration of clients into
value-added processes and the coupling of
production and services. However, tighter
connectivity and the associated exchange of
large amounts of data also lead to increased
security demands. Next to operational safety,
which ensures that manufacturing systems
and products pose no risk to humans and the
environment, a second aspect, namely secu-
rity, is gaining hugely in signi cance. Facilities
and products, as well as data and know-how,
must be reliably protected against unautho-
rized access and misuse.
Since 2010 – the year the Stuxnet computer
worm was discovered – the number of con-
nected automation systems has grown dra-
matically. Measures to increase the security
of such systems have been implemented, but
not at the same rate. It is a likely assump-
tion that potential attackers were able to
copy from the Stuxnet worm to optimize
any future attacks. In 2012, the Carna botnet
infected around 420,000 devices that them-
selves collected information on global IP
addresses - even behind rewalls. In 2013, the
TRENDnet web camera attack gave unautho-
rized access to numerous surveillance cam-
eras, including many in the private sector. In
2014, the Linux Darlloz worm infected more
than 40,000 routers and set-top boxes based
on the Intel x86, ARM, MIPS and PowerPC
architectures to steal digital currencies. A
greater hacking success of 2014 was ing-
bots which infected more than 100,000 smart
devices – from routers to TV sets and fridges
– and used them as a platform from which to
send spam emails. With the increasing num-
ber of connected devices, their attraction as
a target for attacks is growing. It is therefore
high time to give more attention to the issue
of security, especially since several billion
IoT systems are expected to be in operation
by 2020 worldwide. e gures di er widely
from one analyst to the next, but are consis-
tently quoted to lie in an impressive single to
double-digit billion range.
While most companies have already put in
place good security measures for their serv-
ers and workstations, IoT devices tend to get
forgotten. But even a connected thermostat
can become a danger if it is not adequately
protected. In the hands of a cyber-criminal,
the device can become one of many soldiers
for a big attack, or is turned into a silent spy
who collects sensitive data in the background
and passes it on. For most application devel-
opers, device functionality is their rst and
foremost concern; few will have specialized
in data security. Under those circumstances, a
platform that has been optimized and tested
by security experts is required. But what
should such a platform look like if it is to
bene t a wide variety of applications? ere
are four fundamental aspects that need to
be considered: reliability, connectivity, man-
ageability and security. Reliability is strongly
determined by the hardware. A design must
be durable because - unlike classic o ce PCs -
IoT devices don’t have an 8-hour day. Any IoT
Map of unprotected IP cameras.
is map was published in 2013
to highlight the security gaps in
surveillance cameras. Source:
/
Complete set for rapid prototyping of
embedded IoT applications
