In the last two years, Internet of Things (IoT) has grown exponentially, increasing its presence in our lives. Nowadays we have TVs connected to internet, cars connected to internet, cameras in our garage that send us images through Internet, and everything you can imagine will be on Internet in the short term. However, there are several reasons to be cautious regarding IoT security: these devices can be easily hacked due to their (poor-security) design, they can be used to violate our privacy, or they can be used to attack other targets, as it happened with Dyn Attack last year.

One of the main reasons why IoT devices are vulnerable is: different vendors use different communication protocols, what increases the complexity in order to establish security standards. Moreover, some security protocols are not compatible with energy-saving policies. Besides, the time-to-market challenge vs security is also another dilemma.

Our review from experts’ publications allowed us to identify some solutions like the use of a standard protocol for encryption, authentication and authorization for IoT communications. In addition, analytics technologies that evaluate the device’s behavior of the devices seem to be a promising path.

Simple security solution approach for HTTP-running IoT devices

The following Node.js code proposes a monitor server that records information from usage indicators on the device (we assume in the example that the device runs an http server). It also registers the failures, in order to detect possible Denial of Service (DoS) attacks. Logged information can be analyzed to detect functional faults and to trigger alerts. Machine learning and other big data techniques can be used for processing the information.

var Client = require('node-rest-client').Client;
require("./model/LogSecurity");
var mongoose = require('mongoose');
mongoose.connect('mongodb://db_ip:db_port/security_database');
LogSecurity = mongoose.model('LogSecurity');
const period = 10000;
function SecPol() {
  var logSec= new LogSecurity();
  var client = new Client();
  client.get("http://device_ip:device_port/monitor", function (data, response) {
    logSec.data = (new Date() +","+ data)
    logSec.save(function(err) {
    if (err){
      console.log('[' + err + ']');
    }})
  }).on('error', function(err){
    logSec.log = (new Date() +","+"no connection!")
    logSec.save(function(err) {
      if (err){
        console.log('[' + err + ']');
      }
    });
  });
}
setInterval(SecPol, period);

IoT Security represents a big challenge for the IT community. We must face it responsibly. Take some time to evaluate your security threats while developing an IoT system, you’ll save a lot of time and money 😉