July 24th, 2013

IoT: The Weighting Game

Written by
Category IoT, M2M, Security, Twitter
 

Data Weighting for IoTThis must have been a scary few moments. On March 23, the main Associated Press Twitter account tweeted about explosions at the White House and President Obama being hurt. Guess what happened next? The Dow went down by over 100 points within minutes of the tweet.

So why did this happen? Regardless of whether the trades were executed by an algorithm or a human, both where treating all tweets from that AP feed as equal. They traded  based on the content of a single tweet – and the resulting feedback loop caused the drop in the stock market.

Fast forward to IoT and imagine that each Twitter account is a sensor (for instance, a smart meter) and the tweets are the sensor readings. Further imagine that the stock market is the grid manager balancing electricity supply and demand. If we were to attach the same weight to each data point from each smart meter, a potential attack on the smart meters could easily be used to manipulate the electrical grid and – for instance – cause the local transformer to blow up or trigger a regional blackout via a feedback loop.

Yet strangely enough – when talking about the IoT – the trustworthiness of sensor data does not appear to be of concern.  All data are created equal or so the assumption seems to be. But data have an inherent quality or weight inferred by the characteristics of the endpoint and how much it is trusted. Any algorithm using sensor data would need to not only take into account the data points as such but also weight the data based on the actual capabilities of the sensor, its identity and its trust relationship with the sensor.

I tried to capture this relationship in picture below.

Endpoint Security in IoT

How can we account for the risk that not all data are created equal?

Credit card companies provide a good object lesson in the way they have embraced inherent insecurity. They decided to forgo stronger security at the endpoint (the credit card) in order to lower the bar for use and increase market adoption. But in order to limit the risk of fraudulent use, every credit card transaction is being evaluated in the context of most recent transactions.

A similar approach will be required for IoT. Instead of chasing impossible endpoint security, we should embrace the management of (data) risk in the decision-making process. An advanced, high-performing API Gateway like Layer 7’s can be used to perform data classification at the edge of the enterprise and attach labels to the data flowing through the Gateway and into the control processes.

I’d be curious to learn if and how you would deal with the data risk. Do you assume that all data are created equal? Or does the above picture resonate with your experiences?

5 Comments »

  1. [...] Layer 7 blog: IoT – The Weighting Game [...]

    Pingback by Layer 7 blog: IoT – The Weighting Game | Holger Reinhardt — July 24, 2013 @ 12:54 pm

  2. Nice post :) . If i may venture out of the technology-world for the sake of comparison, i compared evaluation of “source-credibility” with your relationship-diagram and found that all but one criteria fit into those three boxes — http://www.wikihow.com/Evaluate-the-Credibility-of-a-Source
    The first point from this link though (“Think about how reliable you need the information to be”) somehow does not fit. Translating it to your post, shouldn’t we also include a credibility-QOS qualifier to determine how credible we really require the endpoint to be with respect to the usecase at hand?

    Comment by Niranjan Shukla — July 26, 2013 @ 8:35 am

  3. @Niranjan – thanks for your comment. I have seen the problem being tackled either by evaluating QOS requirements as part of the subscription/query step or through data classification applied to the received sensor data.
    I think the latter can be more easily enforced than the former. Given that sensor metadata can be compromised too, applying classification on the actual data input will be more robust than relying on it during subscription only.

    Comment by Holger Reinhardt — July 30, 2013 @ 5:11 am

  4. Interesting post and idea of accepting end-point insecurity. The comparison with credit cards makes good sense. However, IoT is more than sensors, it is also actuators controlled by simple commands. Here it will not be possible to apply some pattern recognition scheme to analyse a data stream to identify breaches of security. So, for actuators, do you have any suggestions as to how to manage security at those end-points? Is it possible to check the validity of the command received at the actuator without difficult-to-achieve end-point security?

    Comment by Peter Dreyer — August 9, 2013 @ 4:53 am

  5. @Peter – Thanks for your comment. And yes, you are absolutely right that actuators currently get the short end of the deal. Everyone focusses on the sensor part and no one pays attention to the actuators. I am sure you have seen the following hack: http://arstechnica.com/security/2013/08/holy-sht-smart-toilet-hack-attack/.

    To tell you the truth – I honestly don’t know. beyond the obvious involving some sort of SSL handshake and private/public key verification. I migt not even need to manipulate the actuators – autonomous systems might be fooled by giving it wrong inputs: witness the Sentinel drone incident over Iran.

    We – as in CA – do have some assets like Control Minder which is used to provide much more fine grained control within application instances. It will be to seen if we can adapt such existing frameworks to relatively dumb actuators.

    If you have some ideas or would be interested in some informal brain storming, please reach out to me at hreinhardt (at) layer7tech.com

    Comment by Holger Reinhardt — August 14, 2013 @ 6:40 am

RSS feed for comments on this post. TrackBack URL

Leave a comment