by Ken Lynch on November 8, 2018
Connected devices are a cause of cybersecurity concerns for small, medium, and large businesses across all sectors. Any attempt at securing data environments requires the establishment of impenetrable cyber security frameworks for IoT devices. The National Institute of Standards and Technology (NIST) recently asked experts to submit their proposals on the design of data security standards for IoT devices. This is an effort by NIST to lessen the burden related to data information security.
What is IoT?
Devices that can connect to Internet sources or even to other devices are considered IoT devices. Smart home devices including electric lights that can be controlled via your smartphone fall under this category. IoT devices have permeated all industries, since they enhance efficiency.
Nowadays, it is easy to monitor and protect your home even when travelling, thanks to IoT. Lots of businesses are making an effort to ease their data monitoring burden by incorporating IoT to enhance productivity. Likewise, manufacturers are increasingly restructuring their production processes by using IoT to support their Supervisory Control and Data Acquisition (SCADA) systems.
What Risks are Associated with IoT Devices?
Needless to say, we have the ability to control computers. We can always turn our computers on or off to protect our data whenever we are not around. Nevertheless, the IoT environment is there to enable us automate activities. This way, we stand to interact less with our devices and in the process, involve ourselves more with information.
In the medical industry, for instance, pacemakers that are IoT-capable can allow a doctor to monitor patients’ hearts better. In our homes, we can easily manage the security situation from our workplaces by connecting doorbells to our smartphones.
Nonetheless, sensors used to collect and relay data in IoT devices are at risk. Whenever you share data between devices that are connected across an internal network, you definitely have protective measures such as passwords, firewalls, and encryption to protect your data. Connections and sensors between Bluetooth-enabled devices do not have the level of protection that is in larger devices.
What is Bluetooth Connection?
A Bluetooth connection is a low-frequency and short-distance radio wave signal that uses little power. This connection links one device to another. Typically, Bluetooth connections have a 30-foot range. Regardless of the connectivity of anchored devices to the Internet, Bluetooth connections are not always fixed to a network-enabled device. For instance, headphones can be connected to a smartphone, which can connect to the Internet. Nevertheless, they require the primary anchored device so that they reach the Internet.
From a data security standpoint, Bluetooth connections are considered to be lightweight. This is due to the low radio frequency involved, and insignificant power consumption. Therefore, these connections have minimal “weight” in terms of their overall ability. They act as tethering devices, which cannot independently integrate.
What Risks Face IoT?
Owing to the fact that IoT and Bluetooth devices connect in several ways, several risk factors emerge. The five major security gaps that typify IoT are:
1. Authentication. When your computer is connected to a network, you require a username and password. Incorporating multi-level authentication involving the use of biometrics, such as fingerprints, will help you secure your data whenever you are connected a network-based service.
2. Confidentiality. Since connections between IoT devices aren’t secured by any authentication method, information passed across may not remain confidential. The problem of authentication is mostly experienced in public Wi-Fi networks, where anyone can access information passing through the network.
3. Authorization. Generally, Bluetooth connections are not complex enough to protect connected devices from unauthorized programs and users. Traditionally in networking, you can control access to data by individuals. Nonetheless, Bluetooth connections do not allow the creation of usernames and passwords. It is therefore difficult to define by user the data that they can access.
4. Integrity. You cannot set authorization, or even authenticate users, when IoT devices are connected. Therefore, data integrity isn’t guaranteed since you cannot be sure that only the right people have access to information that is being passed via the IoT connection.
5. Pairing. Pairing Bluetooth IoT devices with tablets, smartphones, or computers requires you to create a data-sharing connection between them. Once you leave primary devices open to Bluetooth connections for any of your IoT connections, the other devices will automatically start searching for Bluetooth connectivity. This way, they are likely to end up being paired with any open IoT Bluetooth device in the vicinity.
NIST’s “Lightweight Cryptography” Project in Brief
Basically, IoT devices differ in sophistication and price. Therefore, NIST recognizes the need to create standards that will protect all devices. This is what the NIST Lightweight Cryptography Standardization Project is all about. NIST is seeking to introduce minimum requirements, which will focus on coding to help prevent brute-force attacks against IoT devices.