Linux Foundation Aims to Secure Internet of Things
The key to securing the Internet of Things could be in making sure that everything isn't actually connected to the Internet.
The Internet of Things could herald a bold new era of pervasive connectivity and it could also be the harbinger of a coming zombie toaster apocalypse.
One of the ways the Internet of Things could be secured is by way of the new Linux Foundation AllSeen Alliance project, which was announced today.
The Qualcom Alljoyn framework is at its core of AllSeen, which enables a more seamless approach to device interoperability and connectivity. Rob Chandhok, president, Qualcomm Connected Experiences, explained to eSecurity Planet that the AllJoyn approach is also a more secure approach for the Internet of Things.
One of the primary challenges with having everything connected to the Internet is the simple fact that it broadens the available attack surface and every end-point is at risk. Just last week, researchers warned about an Internet of Things risk from embedded devices that were running old versions of PHP.
Chandhok explained that AllJoyn limits the risk by way of its network topology. "One of the fundamental design principles of AllJoyn is that it is about proximity based communications," he said.
In a typical non-AllJoyn approach to the Internet of Things, the communications path of a user trying to access an Internet-connected thermostat inside her own house would take the user outside the house to the cloud in order to connect to the device. The fundamental challenge is that every device is accessed via a public Internet address, which can also potentially be attacked.
"Architecturally what AllJoyn enables you to do is keep the communication local, so you communicate directly from your tablet to the thermostat," Chandok explained.
AllJoyn's fundamental design philosophy is that it is better to keep communications local. Then at the edge of a local network, devices can communicate into a gateway which connects back out to the public Internet. Chandok said the gateway that devices will connect into is likely to be more secured than individual devices.
In a non-Internet of Things approach, simply placing devices behind a NAT (Network Address Translation) gateway can potentially achieve a similar type of device isolation. However, the Internet of Things tends to rely on the IPv6 address space, in which every device gets its own unique address.
AllJoyn-enabled devices could have IPv6 addresses, Chandok said, though they do not need to be routed in a public way. The AllJoyn approach doesn't use DNS in order to find devices, as is the case on the public Internet.
"AllJoyn has its own discovery mechanism and namespace," Chandok said. "It lets things that were never put together before figure out what they can interoperate with."
The fundamental layers of AllJoyn only communicate locally across a multicast domain. "Architecturally the gateway instance will provide secure services to the cloud," Chandok said. "By default it's a secure architecture."
Chandok said he has heard concerns from vendors and consumers about Internet-connected refrigerators and other devices that up until now have never needed to be secured. For many such devices, it is difficult to update them even if a vulnerability was found.
"That's why we're trying to make it easier to have the architecture that drives you toward a more secure implementation even if you don't know what you're doing," Chandok said.
Sean Michael Kerner is a senior editor at eSecurityPlanet and InternetNews.com. Follow him on Twitter @TechJournalist.
By Jeff Goldman
November 05, 2013
And 90 percent say coordination of security policy across the entire network is essential, according to Tufin Technologies.