advertisement
Compromise data at your own risk
Data Integrity and Cyber-Security is critical in the Internet of Things ecosystem as any step that would compromise its integrity…
Data Integrity and Cyber-Security is critical in the Internet of Things ecosystem as any step that would compromise its integrity often lead to severe consequences, especially for control data between transmitting and receiving assets.
The real dangers of a data breach as well as the changing threat landscape posed by cyber-criminals, impacts negatively on companies noted Moses Maundu, Director – Paramount Computer Systems while making his presentation at the just concluded first Africa IoT Summit organised by CIO East Africa.
He pointed four key areas around data compromise which were: Interruption—The interruption affects data availability, Interception —The interception affects data confidentiality, Modification —The modification affects data integrity and Fabrication—The fabrication thus affects data authenticity.
advertisement
Maundu also brought out six key IoT attacks which include; physical, side channel, environmental, crypt analysis, software and network attacks.
On security requirements for IoT, he asserted the need of organisations deploying six key areas which include but not limited to the following fundamentals:-
User identification: Validating users before allowing them to use the system.
advertisement
Tamper resistance: It refers to the desire to maintain these security requirements even when the device falls into the hands of malicious parties, and can be physically or logically probed.
Secure execution environment: It refers to a secure, managed-code, runtime environment designed to protect against deviant applications.
Secure network access: This provides a network connection or service access only if the device is authorized.
advertisement
Identity Management: It is broad administrative area that deals with identifying individuals / things in a system and controlling their access to resources within that system by associating user rights and restrictions with the established identity.
Secure storage: This involves confidentiality and integrity of sensitive information stored in the system.
In his closing remarks Mr. Maundu said that in IoT, Security can be resource consuming and if you are using low power embedded device, this can be a big challenge.
“The computation power available in IoT is limited and may be insufficient for the processing of security algorithms. Cryptography is notoriously expensive and it makes security impossible for resource constrained devices. The complexity and size of some protocols and algorithms makes security expensive,” he concluded.