Protect your IoT system with a few lines of code

Category

Blog IoT
20 September, 2017 0

In the last two years, Internet of Things (IoT) has grown exponentially, increasing its presence in our lives. Nowadays, we have TVs connected to the internet, cars connected to the internet, cameras in our garage that send us images through the internet, and everything you can imagine will be on the internet in the short term. 

However, there are several reasons to be cautious regarding IoT security: these devices can be easily hacked due to their (poor-security) design, they can be used to violate our privacy, or they can be used to attack other targets, as it happened with Dyn Attack last year.

One of the main reasons why IoT devices are vulnerable is different vendors use different communication protocols, which increases the complexity of establishing security standards. Moreover, some security protocols are not compatible with energy-saving policies. Besides, the time-to-market challenge vs. security is also another dilemma.

Our review from experts’ publications allowed us to identify some solutions like the use of a standard protocol for encryption, authentication, and authorization for IoT communications. Besides, analytics technologies that evaluate the device’s behavior of the devices seem to be a promising path.

Simple security solution approach for HTTP-running IoT devices

The following Node.js code proposes a monitor server that records information from usage indicators on the device (we assume in the example that the device runs an HTTP server). It also registers the failures to detect possible Denial of Service (DoS) attacks. Logged information can be analyzed to detect functional faults and to trigger alerts. Machine learning and other big data techniques can be used for processing the information.

var Client = require(‘node-rest-client’).Client;
require(“./model/LogSecurity”);
var mongoose = require(‘mongoose’);
mongoose.connect(‘mongodb://db_ip:db_port/security_database’);
LogSecurity = mongoose.model(‘LogSecurity’);
const period = 10000;
function SecPol() {
  var logSec= new LogSecurity();
  var client = new Client();
  client.get(“http://device_ip:device_port/monitor“, function (data, response) {
    logSec.data = (new Date() +”,”+ data)
    logSec.save(function(err) {
    if (err){
      console.log(‘[‘ + err + ‘]’);
    }})
  }).on(‘error’, function(err){
    logSec.log = (new Date() +”,”+”no connection!”)
    logSec.save(function(err) {
      if (err){
        console.log(‘[‘ + err + ‘]’);
      }
    });
  });
}
setInterval(SecPol, period);

IoT Security represents a big challenge for the IT community. We must face it responsibly. Take some time to evaluate your security threats while developing an IoT system; you’ll save a lot of time and money. ? 

COMMENTS

Leave a Reply

Your email address will not be published. Required fields are marked *

bkadmin
Wednesday September 20, 2017 - 22:09 Blog, IoT
Recent posts
Managing React server state: a simpler approach

The role of the state The state is a property of each component that holds its data, it gives personality […]

Read More…

Continue reading
17 May, 2021
The Importance Of Retrospectives Meetings

What are retrospectives and why are they important? If you know SCRUM you will be familiar with the retrospective meeting […]

Read More…

Continue reading
10 May, 2021
Using Mockito to create Java Unit Test

Let’s start with the definition given by the official page. “Mockito is a mocking framework that tastes really good. It […]

Read More…

Continue reading
1 December, 2020
From idea to deploy

When the great idea and background just isn’t enough […]

Read More…

Continue reading
11 August, 2020