Achieving Security For Resource-Constrained SensorsMarch 17, 2017 By: David West, Icon Labs
The Internet of Tiny Things
Devices such as sensors and control units in industrial environments, military applications, utility meters, and remote telemetry devices make up a large portion of the Internet of Things, sometimes referred to as the Internet of Tiny Things. The smallest of these devices are cost sensitive, frequently designed with the lowest cost CPU and the minimum amount of memory required to support their functionality, and may even be battery-powered.
Many sensors are characterized by minimal computational, memory, and storage resources. Even so, they often include TCP/IP or other communication interfaces and utilize the Internet for reporting, configuration, and control functions. As their numbers skyrocket, so has the number of cyber-attacks targeting them. Despite the growing threat from hackers, few sensor devices include robust, multi-layered security to protect against attacks. This is particularly true in the most resource constrained devices.
How Much Does It Cost?
The materials cost requirements result in devices that are resource constrained, and engineers have often forgone security capabilities in cost-sensitive designs. Many of these sensors do not support any security beyond password authentication. While password authentication is easy to implement, it does not provide an adequate defense against attacks.
Because the sensor marketplace needs a low cost, resource-friendly security to protect against Internet-based attacks, embedded firewalls provide an ideal solution. A firewall is integrated directly into the sensor's communication stack at the link layer of the supported protocol and configured with a set of rules specifying what communications are allowed or disallowed. For TCP/IP, those rules block packets by IP address, port, and protocol.
The integrated firewall provides a basic, but critical level of security by controlling what packets or messages are processed. Because each packet or message is filtered before passing from the protocol stack to the application, attacks are blocked before a connection is even established. The result is an effective layer of protection for sensor devices with minimal impact on system resources.
Most Read Articles