Securing the "Internet of Things"

Reprinted courtesy of MuniWireless.

If we are going to live in a wireless Internet-connected world, we need to secure it first. Intel's recent $7.68 billion acquisition of McAfee highlights just how important this will be to the future of Internet-connected mobile devices.

Current research estimates 5 billion Internet-connected devices later this month growing to 22 billion devices by 2020.

By adding an Intel/McAfee chip/software security combo, an additional layer of security could be offered in a more robust and manageable solution, that can react quickly to new security threats while maintaining interoperability. As an example, a multitude of network wireless access points have followed 802.x standards for several decades.  These standards have not only offered vendor-agnostic backwards capability but leveraged these standards when upgrading security platforms. Just like wireless network access points, security needs to be interoperable and standards-based.

With billions of devices out there, the typical computer OS stack doesn't exist in the same way, and security will be a big problem. In fact these Internet-connected devices are not computers but small processors doing low-power functions. Your security overhead may be too big to fit in the processor.  This was a terrible security lesson that was learned when deploying smart meters for the power grid.

The list of players pursing the smart-grid market is like a "Who's Who" of the biggest companies in the world and Intel is no exception.  In fact they are a major contributor to GridNet an industry consortium focusing on the smart grid.  This smart grid target market not only offers billions of dollars in chip and security solutions but also is a good opportunity to learn from smart meters.  Frankly if security issues with smart meters are not fixed first, it may stop Intel from securely connecting billions of Internet-connected home area network devices to the smart grid.

A recent report from Pike Research offered some sobering comments on just how important this is.  "It would be naïve to think that smart meters will not be successfully attacked. They will be," the report states. "In fact, smart meters represent a worst-case scenario in terms of security: the devices lack sufficient power to execute strong security software; they are placed in physically non-secure locations; and they are installed in volumes large enough that one or two may not be missed."

"Smart meters are one of the weakest links in the smart-grid security chain," says industry analyst Bob Lockhart.  "Home area networks, commercial building networks, and utility networks all perform well in terms of keeping data encrypted within their domains.  However, these domains terminate at the smart meter, and the only way for data to pass from one network to the other is for the smart meter to decrypt the data from one side and re-encrypt it on the other. Consequently, the data are, for a short while, unencrypted on the meter and could be successfully eavesdropped."

Without adding needed security, Internet-connected devices could offer entry into the smart grid potentially turning remote power on or off through the network connection or by way of a worm that could affect the millions of smart meters and billions of wireless Internet-connected devices. This may seem like a showstopper but there are actually ways to offer high-end security with low overhead through layer 2 security techniques.

A good understanding of layer 2 security is offered by