A key strategy for improving IoT cybersecurity is for device manufacturers to build more robust security into the design of their devices, so they come to market without security gaps that hackers can easily exploit.
A new cybersecurity project between CENSIS, Keysight Technologies and Edinburgh Napier University aims to create a breakthrough, making it easier to test if interconnected devices and networks are secure against hacking attacks – not just consumer goods, but the embedded devices used in smart infrastructure and smart cities. This in turn could be translated into identifiable security standards for IoT devices.
Security concerns around smart devices
The project uses data analytics to identify vulnerabilities that could put IoT devices at risk. The project will focus on ‘side channels’ – the tell-tale electromagnetic, power and acoustic signals that hackers can eavesdrop on, and use to crack encryption codes on the device.
The project team will use the data they gather to put together a test framework that manufacturers and designers could use to evaluate the vulnerabilities of different devices. The development of automated vulnerability testing using Keysight’s PathWave platform will make it more feasible for manufacturers to rigorously test connected devices at every point in the design workflow from concept through production prototypes.
These tests could in turn be used to develop a formal industry framework for testing IoT devices for a range of risks and vulnerabilities, and even to develop minimum standards for different types of IoT devices and hardware.
It means that rather than vulnerabilities being exposed once devices are already on the market or in use, manufacturers would identify and deal with security issues at, for example, prototype stage.
Professor Bill Buchanan, Napier University said “The biggest thing holding back the development of the Internet of Things is security – specifically, concerns about the vulnerabilities of devices, the ease of hacking them, and the consequences of such hacks. Security concerns are holding back wider adoption of smart devices. Only if we can improve confidence in IoT security can we realise the potential of smart technology.”
Dr Stephen Milne, Business Development Manager, CENSIS commented “Strong cybersecurity is a prerequisite for the successful integration of sensor and imaging systems and IoT technology. So CENSIS is supporting IoT security by design – whereby engineers and manufacturers build gold-standard IoT security into devices from the outset. By developing a reference model for IoT cybersecurity testing, this project could help to strengthen the security armoury of every connected device, whether it’s a consumer or business device, or part of the national infrastructure. It could also help to put Scotland at the forefront of IoT cybersecurity testing.”