IoT Security Technologies Protect Smart Building Control

As IoT technologies evolve, the smartness of building control is no longer local only, but is relying more on cloud-based services. Since each IoT device has a Web server, it has the potential for being hacked on the Internet. We have come to the point where security should be the number one priority when integrating IoT in a building, a home, or anywhere else.

With the demand for more data and the integration of user credentials and information pertaining to the various users among the different systems, data privacy concerns have also become an issue.

Major security threats come from using weak passwords, or from security flaws that allow hackers to take over, even if passwords are set properly. Moreover, one of the most common security threats is the use of clear text communication. Data sent as clear text can be easily recorded and analyzed by attackers, helping to reveal passwords or record sensitive operational data. Assume there is an IoT device that accepts a Web service command to manipulate access control in a building. If the hackers take over the system and the command is intended to open a door, a physical security breach is evident.

To combat the inherent security threats that come with IoT devices, the following measures should be implemented to harden a system:
a) Data integrity and confidentiality
b) Authenticity
c) Device protection (system hardening, security updates)
d) Secure communication (firewall, use secure protocols)
e) Network isolation

Message integrity and data confidentiality are the foundation of IoT security. Message integrity refers to the fact that any modification of the transmitted data will be detected by the receiver. Data confidentiality makes sure that only the designated receiver is able to read the message data. Any passwords or sensitive control data must not be transmitted as clear text. Encryption using a stream cipher algorithm is used to accomplish this.

Authenticity is required to securely authenticate the communication partner. This is required to prevent a man-in-the-middle attack, which could circumvent data encryption by spoofing fake keys. Authentication is typically done by using certificates, which are based on digital signatures.

To continue to provide an open interoperable networking standard that the BA industry can widely adopt, it is imperative to gain IT acceptance in the deployment of the BA systems. Securing communication means that IoT devices need to use protocols that support security at some level. There are several options that can be adopted, but best practice is to implement transport-level security such as TLS (for example used by HTTPS). Establishing a VPN channel between the IoT device and a cloud server is another option.

It's important that the architecture support these IT standards:
• TLS with 128 and 256 bit encryption
• Dynamic IP addressing instead of static
• Reduction of network broadcasts
• Support for IPv4, IPv6, Wi-Fi and Cell connection configurations
• Secure message transport using Secure Web sockets

An effective way to ensure security is to isolate IoT devices into a separate IP network that is entirely shut off from public access. The separate network may be coupled through a gateway device or proxy to relay IoT-related traffic or establish a secure link to cloud services. This is a security-in-depth approach, which reduces maintenance and configuration tasks by limiting them to designated gateway or proxy systems, for which they can be planned in a much better way.

Cybersecurity is a constantly evolving industry that requires any manufacturer of IoT devices that share data with more critical infrastructure or private data sources to follow best practices for securing their networks and data.