End-to-end Sensor Architecture Addresses IoT Security Weak Points

Margie Agin Food Service & Safety, Healthcare, Industry 4.0, Real Estate, Retail

One of the most important questions you should ask about sensor-based IoT solutions is how they’ll keep your critical systems and data secure. If a cyber attack alters information or interrupts processes, your equipment could misfire, overheat or shut down entirely. Instead of a smart solution you’ll have an expensive and time consuming cyber catastrophe.

Security concerns shouldn’t keep you from adopting IoT to increase efficiency and grow your business. But it’s important to know how to assess the security controls of an IoT solution so you can feel confident that your data and systems are protected.

How Complex IoT Architecture Opens the Door to Cyber Attacks

In the Internet of Things many different technologies are linked together in an integrated ecosystem. Without the proper controls managing how these products connect to each other, a threat agent may be able to exploit security defects in any of one of them and circulate throughout your entire ecosystem without being detected.

Unfortunately, in the development of many first-generation IoT systems, security has been an afterthought. In the rush to launch products in an exploding IoT marketplace some early adopters of IoT technology built insecure architectures and didn’t take the time to test them from end to end.

The sheer diversity of machine-to-machine connections in an IoT solution adds to the variety of cyber security risks that must be managed. In complex, first-generation IoT solutions in place today, each product or system – including hardware, applications, firmware, networks, etc. – is typically developed and managed by a different company. It often isn’t clear who is responsible for managing security across the system as a whole. The more vendors involved in creating the IoT solution, the more difficult it is for you to maintain, test, manage and secure.

Particularly in Industrial IoT, legacy hardware and software is typically incorporated into an advanced, connected solution. Those older tools are used in new ways, performing functions well beyond their intended scope. They don’t have modern security controls built into their code to manage how data is exchanged; therefore, the IoT architecture must compensate to mitigate the risk. But what if it isn’t up to the task?

The Most Common Cyber Threats to Gateway-based IoT

First-generation IoT solutions typically rely on gateways as a node to connect sensors, devices, equipment and the cloud. Although gateways are an option to translate protocols and exchange information, they are single points of failure and notoriously weak.

Notably, poorly designed gateways open the door to man-in-the-middle cyber attacks. In a man-in-the-middle attack, threat agents intercept a communication between two systems and then pretend to be the original sender. They control output and trick the receiving system into providing continued access and information. Because attackers are masquerading as authorized users they can remain undetected for long periods of time while they continue to siphon data or disrupt operations.

Simple, Secure Architecture is Critical to the Success of IoT

We believe security can’t simply be “bolted on” to IoT solutions. It must be prioritized from the start of any IoT project and ruthlessly tested and confirmed.

When we designed the Disruptive sensing solution we addressed weak points in the IoT architecture and simplified the entire ecosystem to mitigate risk. Our security architecture – SecureDataShot™ – is one reason Gartner recently named Disruptive Technologies a Cool Vendor in IoT ‘Thingification.’

Next-generation Cloud Connectors Address Security Weak Points

Disruptive’s sensing solution uses Cloud Connectors to pair sensors directly with users. Think of the Cloud Connector as a device that routes packages without seeing what is inside, much like a cellular base station. Because the Cloud Connector forwards data that has been encrypted by the sensor and does not decrypt it, we reduce the potential for man-in-the-middle attacks and simplify the IoT ecosystem. With fewer layers and a single vendor managing end-to-end encryption across sensors, connectors and storage, management is simple and risk is decreased.

SecureDataShot™

With SecureDataShot™, we built security into every layer of our sensing solution to provide end-to-end protection all the way from each individual sensor to the applications processing the data. Measurement and sensor identity data is encrypted within the sensors themselves. The data stays encrypted through radio transmission, cellular or Ethernet forwarding over the Internet until it reaches Disruptive’s secure cloud. The data is then passed to customers’ applications via encrypted protocols. Access control mechanisms in the Disruptive cloud provide controlled delivery of sensor data to designated processing systems.

Learn More about Disruptive Technologies’ Secure Architecture

Download our white paper: Security and Privacy in Disruptive Technologies’ IoT Sensing Solution for more detail on how we build security into every step of our development and manufacturing process.