In the Product Design & Development Brainstorm we talk with industry leaders to get their perspective on
issues critical to the design engineering marketplace. In this issue, we ask:
What are some of the security risk involved with the implementation of M2M
communication in industrial applications? What are some of the tools currently in
the market that help protect against, or alleviate some of these security risks?
As we’re reminded almost daily, there’s no
absolute security on the Internet. On the Internet
of Things (Io T), however, security can be even
more challenging. An Io T application adds doz-
ens or even hundreds of nodes to a network, and those nodes (being
relatively small, low-powered, and inexpensive) are rarely equipped
with heavy-duty security capability. In applications that run entirely
over the well-secured cellular network that isn’t such a problem. For
applications that run over the Internet, the challenge is greater, and
a system is vulnerable in several distinct ways. On one hand, the
data transmitted could be visible to unauthorized individuals. On the
other, unauthorized data, or even instructions, could be inserted into
the information flow and carried into the receiving system.
There are several ways to protect data crossing the web. One is to
encrypt the message before sending it via HTTP. This leaves it visible
to eavesdroppers, but hides the contents. Another approach is to
send data through an opaque pipe using HTTPS to provide temporary encryption based on a handshake between sending and receiving nodes. This kind of security is relatively easy to provide with a
Linux -based operating system running on high-functioning processors like the TI AM335x. It can, however, be tricky with simpler, less
expensive microprocessors like the STM32 F4 series Plug-in Cellular
Shield. Even simple processors can be protected with the Plug-in
Cellular Cape for the Nucleo-F401RE, which lets users take advantage
of the mbed development platform and libraries. Whatever approach
is taken, it is critical to protect data. As experience on the Internet
has shown, hackers, vandals, and thieves are relentless and, like ants
at a picnic, will eat your lunch if you don’t take precautions.
Lead Software Engineer,
Embedded Wireless Systems Group,
California Eastern Laboratories
Although M2M communication affords
countless opportunities for improvements in
industrial applications like automation, cloud control, data logging
and analytics, energy monitoring, and usage optimization, it does
not come without its share of security risks. If an individual were to
gain access to an M2M network, they could obtain sensitive data
or intellectual property. With access to the network they would
assume control of the system, would have the ability to lock out the
rightful owners, or have the ability to cause damage to the devices
in the network and their environments. Therefore, it is paramount
that M2M communication be implemented with a focus on security.
Several tools are available to secure an M2M network without
impacting functionality or performance, and a three layer approach
would provide optimal security – the simplest being obfuscation.
Making the data in the devices and on the network difficult to read or
interpret will make it harder for someone who gains access to the net-
work or sniffs the traffic to gain sensitive data, but that is not enough.
A second layer, in the form of communication encryption, helps
protect M2M communications from prying eyes. For example, SSL/
TLS for internet traffic and AES encryption for over-the-air messages
will help keep M2M communications private. Last, but certainly not
least, is simple login and password authentication. This will help
prevent point-of-access intrusions by unauthorized users. Using a
three-layer approach to M2M communication security (access secu-
rity, transport security, and data security) is a simple and effective
way to safeguard the data and devices on the network.
Product Manager, RF & Wireless,
As we look to scale the network across
more devices we start to see many of the same
problems as enterprise IT and PCs: securing
device communication, securing the physical device, and updating
any security holes in software. The risks are complex.
Unfortunately, the devices may not have the horsepower to run
a full security suite. To help with this, a simple device authentication and secure cloud communications can be used. Today, there
are many cloud services and semiconductor providers who are
looking to solve this via end-to-end authentication and multi-lay-ered security. This helps restrict access to devices on the network,
and will continue even if the device is physically accessed, the
accessible info would be limited to that one device.