Establishing Digital Trust: Don't Sacrifice Security for Convenience
LOS ANGELES — The security perils inherent in Internet of Things (IoT) devices are painfully obvious at this point in 2017, but why are there so many security issues? At a session during the Open Source Summit here, Marti Bolivar, senior software engineer at Linaro, detailed what he described as "anti-patterns" that ultimately lead to negative security outcomes.
Bolivar started his session by defining what IoT security is really all about with a quote from security engineer Ross Anderson: "By securing, I mean: 'building systems to remain dependable in the face of malice, error, or mischance,'" Bolivar said.
The anti-patterns are things that are done by engineering teams for different reasons, including timing, cost and lack of knowledge. The first anti-pattern in IoT security detailed by Bolivar is to do nothing.
"This approach just accepts every risk, so it’s not very good at mitigating them" he said.
Another anti-pattern is the so-called security by obscurity approach, which is what do it yourself models of security engineering often employ. In that model, developers hope that their insecurity is hidden and will not be discovered.
The Simon Says approach to security is a truism such that because someone important says the system is secure, it must be so.
A popular anti-pattern is for developers to use cryptography and encryption to secure data or communications. Simply by having crypto, the system is assumed to be more secure. Bolivar said that crypto may be duct tape, but it isn’t magic and can often be misconfigured. Additionally, there are lots of worrisome vulnerabilities in crypto itself as well.
Simply using multiple security technologies doesn't make a system more secure; often it does the opposite.
When you try to build the perfect system. Bolivar said this model doesn't work because the perfect system never ships.
With release and forget, all vulnerabilities become unfixable, Bolivar said This can happen because your company is in a commodity market and faces tight margins, because it’s a new startup or otherwise doesn’t know any better.
Another anti-pattern is thinking the system is secure because you’ll sue anyone who says otherwise. Instead of being open to security researchers, this model aims to shut them down through legal threats.
What makes for good IoT security?
So what are the positive patterns for IoT security? Bolivar offers a few somewhat obvious steps:
- Don’t connect or collect unless you need to
- Iteratively build and use threat models
- Use your existing workflows to threat model
- Manage customer and community relationships
- Be ready for when problems arise
Overall, Bolivar emphasized the developers should keep the anti-patterns in mind a be sure to avoid them.
"Keep researching vulnerabilities, both in your market segment and elsewhere and apply what you learn," he said.
Sean Michael Kerner is a senior editor at eSecurityPlanet and InternetNews.com. Follow him on Twitter @TechJournalist.