More and more IoT devices are being deployed every day, making IoT systems more complex than ever. This leads to increased difficulty level in securing IoT systems. In the upcoming subsections, we will speak about the most common problems that are being faced today.

Security in endpoint devices – constrained devices

Most of our endpoint devices (constrained) that constitute the sensors, actuators, and controllers don’t have enough memory or processing power, and run on low and limited power. Due to these reasons, traditional security approaches cannot be applied to these constrained devices because they use heavy encryption and decryption algorithms that require high processing power, a lot of memory, and power to facilitate the computations in real time. The solution for this is we can make use of embedded encryption and decryption techniques that are an integral part of sensors and controllers itself. Also, we can put the devices on separate networks and use firewalls to overcome their limitations.

Authorization and authentication

With the large number of devices connected to the internet, it is important that only authentic devices should have authorization to participate in the network. Often, these basic requirements are largely unmet or have weak password policies that make these devices prone to attacks. The solution is to make sure that a device that participates in the network is authentic and has correct authorization is that we should make use of SSL certificates at both the device and application level, dual authentication, such as password and SMS (or in-app passcodes), biometric signatures, and such others.

Device firmware upgrade

Updating the firmware and software of IoT devices and gateways for adding or upgrading security features is quite challenging in itself. This process is sometimes called Firmware Over The Air (FOTA). Since the number of devices can be huge, it becomes difficult to keep track of current software/firmware versions of all the devices and what updates are available for all of them. There can be different types of devices present in the same network that runs completely different software and firmware, which can increase the complexity of the upgrade process. In some cases, the devices are in a completely different network that supports different protocols, which is an added challenge to the existing ones. Many of the devices may not have a FOTA facility, so the device needs to be upgraded by a technician at the device location itself or by getting the device to the service station. This causes the device to be absent from the network completely, which might impact the business and is not favorable. In the case of consumer devices, the right to update the device software is left with the owner and if the owner opts out of upgrading, the device might be left prone to attacks. Another case is when the device is manufactured by some third-party vendor and they stop producing that particular model, even in this case it throws a challenge to upgrade. The solution for most of these issues is to have a device manager application that keeps a record of all the devices, along with their software and firmware versions. For devices that have a FOTA facility, the device manager application automatically upgrades the device whenever there is a newer version available and in case the upgrade fails, it rolls back to a previous stable version of the software. For the devices that don’t have FOTA, keep the software simple and minimal, to perform the basic actions required, and the rest of the complex computation can be done using gateway devices to which it connects, and a gateway device enables connectivity to the internet. The gateway devices are more sophisticated and have FOTA as well.