Protect your IoT system with a few lines of code

Category

Blog IoT
20 September, 2017 0

In the last two years, Internet of Things (IoT) has grown exponentially, increasing its presence in our lives. Nowadays, we have TVs connected to the internet, cars connected to the internet, cameras in our garage that send us images through the internet, and everything you can imagine will be on the internet in the short term. 

However, there are several reasons to be cautious regarding IoT security: these devices can be easily hacked due to their (poor-security) design, they can be used to violate our privacy, or they can be used to attack other targets, as it happened with Dyn Attack last year.

One of the main reasons why IoT devices are vulnerable is different vendors use different communication protocols, which increases the complexity of establishing security standards. Moreover, some security protocols are not compatible with energy-saving policies. Besides, the time-to-market challenge vs. security is also another dilemma.

Our review from experts’ publications allowed us to identify some solutions like the use of a standard protocol for encryption, authentication, and authorization for IoT communications. Besides, analytics technologies that evaluate the device’s behavior of the devices seem to be a promising path.

Simple security solution approach for HTTP-running IoT devices

The following Node.js code proposes a monitor server that records information from usage indicators on the device (we assume in the example that the device runs an HTTP server). It also registers the failures to detect possible Denial of Service (DoS) attacks. Logged information can be analyzed to detect functional faults and to trigger alerts. Machine learning and other big data techniques can be used for processing the information.

var Client = require(‘node-rest-client’).Client;
require(“./model/LogSecurity”);
var mongoose = require(‘mongoose’);
mongoose.connect(‘mongodb://db_ip:db_port/security_database’);
LogSecurity = mongoose.model(‘LogSecurity’);
const period = 10000;
function SecPol() {
  var logSec= new LogSecurity();
  var client = new Client();
  client.get(“http://device_ip:device_port/monitor“, function (data, response) {
    logSec.data = (new Date() +”,”+ data)
    logSec.save(function(err) {
    if (err){
      console.log(‘[‘ + err + ‘]’);
    }})
  }).on(‘error’, function(err){
    logSec.log = (new Date() +”,”+”no connection!”)
    logSec.save(function(err) {
      if (err){
        console.log(‘[‘ + err + ‘]’);
      }
    });
  });
}
setInterval(SecPol, period);

IoT Security represents a big challenge for the IT community. We must face it responsibly. Take some time to evaluate your security threats while developing an IoT system; you’ll save a lot of time and money. ? 

bkadmin
Wednesday September 20, 2017 - 22:09 Blog, IoT
Recent posts
Reclaim your disk space from Xcode

Do you have problems with the space on your disk? You are in the right place! This post is for […]

Read More…

Continue reading
25 June, 2020
RoR – Get your exceptions notified via Slack

Have you ever wanted to be one step ahead, and be notified of any unwanted exception before your users have […]

Read More…

Continue reading
18 October, 2018
Easy creation of a new Node + React project

Starting a new project is something everybody loves to do. However, some steps are always the same for every project. […]

Read More…

Continue reading
3 October, 2018
Learning SCRUM with LEGOS

In Kreitech, we know about Scrum, and we apply it in many of our projects, which gives us very positive […]

Read More…

Continue reading
19 September, 2018