How to ensure safety of IoT devices with arrival of a 5G and the Industry 4.0

Factors of development of a segment of Internet of Things

Gartner at the beginning of 2020 already noted the increasing interest of the companies in experiments with the combined Internet of Things for the purpose of optimization of own costs. As implementation of Internet of Things extends, to the forefront there are requirements for ensuring safe operation of devices and the raised maturity in IT.

In total, the Gartner company predicts in a corporate segment by 2024 75% of the executed projects in the field of Internet of Things and a blockchain and an output to the market more than 100,000 models of digital twins. Thus, by 2023 70% of providers will have to review the solutions for protection of an IoT-segment.

Бизнес проявляет активный интерес к решениям IoT

"The digital twin" (Digital Twin) is the term which first publication is ranked to David Gelernter in the book "Mirror Worlds" (1991), and determination in scientific and industry publications – to Michael Grivs (2002). It is the virtual digital copy of a real asset which can be used for modeling of what happens to a physical asset in the conditions of external influence. Frequent it is the hybrid model combining in itself digital and physical components. The property of modeling for digital twins and, as a result, opportunity for prediction and reduction of risk of breakdowns and accidents for their physical copies already displaid this technology in strategic IT trends, especially among large and industrial enterprises. On a threshold of the Fourth Industrial Revolution (Industry 4.0) involvement of digital technologies in all production processes is inevitable. What, in turn, is connected with certain risks, in the majority of drones, robots and other IoT devices for accomplishment of point function own mechanisms of information security support are, as a rule, not developed. Risks are complemented with the frequent need for remote control the digitized industrial and other facilities of IoT.

What impact will be had by 5G networks in the field of Internet of Things? The main features of this generation of mobile communication are:

• uniformity of a covering and mass intercomputer communication,
• superwide bandwidth,
• highly reliable connection with very low data deference, and that is important, opportunities for connection of a large number of devices to network in one geoposition,
• low power consumption and high energy efficiency,
• direct connection of devices of Internet of Things in a global network on the mobile Internet.

These factors do possible to connect to a mobile network with a good communication channel practically everything that only comes to mind: from sneakers and a teapot, to any sensor of the environment. And all devices can be managed far off, to remove from them telemetry and to make necessary analytics. It is the strong driver to distribution of IoT-technologies and spheres of economy, and in ordinary life.

With the coming conveniences risks of leak of personal and confidential information appear, such as:

• given to telemetry (how often the owner of sneakers leaves to walk what favourite shop at it, how many steps in day it passes on foot, etc.),
• multimedia and data (the image from the built-in cameras),
• internal parameters of the environment (data from devices of the smart home), etc.

Also main risk for IoT-devices in the world of a 5G networks is a direct connection of devices to the Internet through a mobile network, but not Wi-fi network as generally occurs in the current realities.

In turn, the IoT-systems on computing power become more and more comparable with the full-fledged IT equipment. Simply, if 15 years ago the TV was equipped with the chip of the Arduino level which was able to remember frequencies and to change channels, then now it is the full-fledged processor of level of the best smartphone of five-year prescription.

Besides, the producer understands that the user will always give preference to convenience and ease of use, than existence of composite functions of security. For example, selecting the same TV, the quality of images and availability of different functions will be the main and often the only criteria media content. As practice shows, even incidents with the equipment have no long-term impact neither on the sales demand, nor on actions and reputation of the producer. In this regard information security it is not profitable to invest money in expensive works on development of devices to the producer. And therefore already now often similar equipment becomes botnet agents. Let's give an indicative example – in May, 2020 researchers of the company Microsoft detected large DDoS-attack using LED consoles.

Researchers detected promptly growing (by 100 times in a month) a botnet network, the generating DDoS attack up to 1 TB a week. A botnet agents took place on LED panels – some of the simplest IoT-devices. And more others the corporate sector of devices, in particular, the largest Taiwan business center was infected.

The average cost of the Arduino chip in mass production – literally couple of dollars therefore its implementation in a use subject, even taking into account works, will not increase considerably cost value of goods. With respect thereto, emergence of such ordinary IoT-things in the market – only a question of readiness of the sales demand.

More powerful devices (multimedia, etc.) use more powerful processors, for example, of Raspberry Pi or even ARM. But for accomplishment of scheduled tasks smaller capacities are necessary, as a rule, that generates surplus of a resource. At the same time implementation of safety features for the reasons described above is economically inexpedient for producers, but is favorable for malefactors: "excess" computing powers can be applied in the purposes. Mass character and physical prevalence of devices – an additional factor of interest of hackers in IoT-systems.

Even used in an industrial IoT-segment (Industrial IoT, IIoT) proprietary languages can be applied to input of a malicious code, theft of confidential information, etc. Taking into account a trend on remote monitoring and management of the industrial systems, their interaction about the Intranet and the Internet grows, and risks of interception of control over them by malefactors or interventions in production process respectively increase, up to provocation of accidents.

Security of Internet of Things and approaches to their solution

The main problems of information security and risks for IoT devices in broad understanding can be described several points:

• Lack of mechanisms of updates (especially concerns simpler devices).
• Lack of means of protecting and the protected protocols in a firmware of devices, lack of universal standards in this subject.
• Lack of control of safety of the supplier and a supply chain (it is especially relevant for digital twins in the industry).
• The inattentive relation of users to settings – most of users do not change passwords by default, available security settings, etc. do not include.
• Direct connection of slabozashchishchenny devices in open network (it is especially relevant with commissioning of 5G networks).

For safe functioning of the device it is necessary to guarantee the following:

• controllability, observability,
• regularity of updating as main engine of elimination of vulnerabilities,
• lack of date leak.

Some mechanisms, for example, updating "on the fly" (over-the-air, OTA), for enough "smart" devices producers are already implemented. The same TVs will remind the user of need of updating of a firmware or software of the multimedia device. Case of the user to agree with the offer in time. As a rule, the service pack is already downloaded, and process will not take more than 1-2 minutes. Rollback mechanisms at failure of updating are also implemented.

For commercial IoT-infrastructures there is a class of solutions on information security support. The overview and a quadrant of solutions, as a matter of experience use and a feedback from users for 2019 and 2020, provided several companies, in particular: Teknowlogy Group – Fig. 1 and 2, MachNation – Fig. 3 and 4.

Each decision maker for commercial IoT-infrastructures offers a concept as for use in industrial enterprises and commercial infrastructures, and for the smart home. The basic functions executed by solutions:

• Orchestration, search and monitoring of IoT-devices in visible networks.
• Analytics of "dirty" these IoT-devices, analytics of Big Data for stay in them valuable information.
• Mechanisms of information security support: enciphering and access control to data of devices, continuous monitoring, management and audit of configurations.
• Some producers (for example, AWS) in a packet of services are offered by OS for microcontrollers (FreeRTOS) with the built-in functions of security and also tools for IoT creating applications.

Fig. 1 – Comparison from Teknowlogy Group on the general User Experience

Fig. 2 – Comparison from Teknowlogy Group on convenience of device management

Fig. 3 – Comparison from MachNation on convenience of management of solutions

Fig. 4 - Comparison from MachNation on technologies and business strategy

Gartner predicts that the companies will purchase even more often the safety features connected with IoT, such as expansion of products of security of general purpose or IoT-platform. The choice of the companies is directed to a thicket towards the universal IoT-security platforms, than separate solutions. Available reviews of users of the systems intended for protection of IoT-devices on the Gartner Peer Review resource and their estimates:

• AWS IoT from Amazon Web Service: product capabilities – 4.7, ease of deployment – 4.7, quality of service support – 4.3.
• Bosch IoT Suite from Bosch Software Innovations: product capabilities – 4.0, ease of deployment – 3.0, quality of service support – 4.0.
• Mosaic from LTI: product capabilities – 4.5, ease of deployment – 4.5, quality of service support – 5.0.
• Azure IoT from Microsoft: product capabilities – 4.4, ease of deployment – 4.5, quality of service support – 4.5.
• PI System from OSIsoft: product capabilities – 4.0, ease of deployment – 4.3, quality of service support – 4.5.
• ThingWorx from PTC: product capabilities – 4.6, ease of deployment – 4.2, quality of service support – 4.3.

Conclusions and recommendations to end users

Large production companies, small and medium business show active interest in the solutions IoT and solutions on information security support of IoT-infrastructure. It is an indicator of active market development and preparation of the enterprises for high-quality breakthrough in the digital sphere of the IoT-market with already paved way of information security.

If commercial implementations of IoT have resources for search and implementation of mature approaches to information security, then such resources are often unavailable to the home user. What procedures it is possible to secure itself independently when using IoT devices of new generations:

• Provide regularity of updating of a firmware and software on the device – in any kind: automatically or manually.
• Change default settings, first of all, passwords, including internal authentication,
• If there is a choice – to use Wi-Fi or Bluetooth instead of mobile connection, not to connect the device in the general network, to select for them a separate segment on the router, to use shielding in the form of the firewall.
• Have the backup copy of settings or an image (it is depending on what available on the device) for fast recovery in case of loss of control or functionality of the device.
• If the device works in mode 5G and has mechanisms of contactless payment, for example, the smartwatch with integration with AliPay, then it is necessary to understand the risks integrated to it and, for example, to use the selected card or the account with limited means, a removal limit, operational tracking of payment transactions and, perhaps, an insurance from illegitimate transactions.

Author of article: Mikhaylova Anna Yurevna.

You See Also

• Information security of Internet of Things (Internet of Things)
• Industrial Internet of Things - IIoT Industrial Internet of Things