IIoT Security: Access the Data, Not the Device

Front and center to data communication for the IIoT is the idea that IoT devices never stop talking.  They are always connected to the Internet, and always accessible.  The accepted wisdom is that for IoT devices to be accessible they must be data “servers”—always listening for somebody to contact them to request information or perform an action.  If we cannot reach the device remotely, how can we access the data it contains?  However, this presents a security problem. If the device is always listening and reachable from the Internet, it is exposing an “attack surface”—a point of contact that a hacker can try to use to compromise the device.

Client-server architecture

This thinking comes from an entrenched understanding that a client-server architecture is the right model for information sharing.  It’s the basis of the World-Wide Web, after all, and we have all seen how successful that is.  Web browsers (clients) talk to web servers.  The web servers contain the information and the clients consume it.  The analogy with IoT devices is perfect.  IoT devices contain information, and smart phones, web browsers and other IoT devices consume it.  The device is the server, right?  But, if the device is always listening for client connections then it is therefore exposing an entry point for attacks from the Internet.  The big issue, in this world view, is that device makers must do a really good job of network security.  Every device manufacturer, whether making a car or a toaster, must employ highly-specialized and rare experts in network security to ensure that hackers don’t imprint images of Elvis in your breakfast or shut off your car engine on the highway.  Alright, hackers didn’t do the toast.  But they did hack the car.

A Fundamental Misunderstanding of the Problem

Frankly, the device-as-server world view is insane.  Why would you ever need to put a web server in a car and then expose it to the cellular network?  Why must the car be listening for any connection at all, ever?   Why must IoT devices be listeners?  Why must they expose an attack surface to the Internet?  The answer lies in a fundamental misunderstanding of the problem.  You want to access the data that the device contains.  You don’t want the world to have access to it.  Just you.  So, you don’t need the device to listen for you (and the world) to contact it.  You can tell the device where to send the information and pick it up from there, so you never need to talk to the device directly.  Effectively, the device transmits its information to a middleman, and when you want to know what your device is up to, visit the middleman to find out.

Then the question becomes – who is this middleman?  That is the role of a cloud service.  It’s a secure point of contact between you and your device.  Yes, it listens for communication from both you and the device.  Yes, it exposes an attack surface to the Internet.  But it relieves that responsibility from both you and the device.  There are far fewer IoT cloud services (tens or hundreds of them) than there are devices (billions of them), thus reducing the number of rare experts we need to achieve decent security.

Using a middleman like this does not mean that you will have to put up with slow communication, or that you will be unable to control your device.  It just means that there is an extra hop in the communication chain between you and your device, eliminating the need for the device to be directly visible on the Internet.  Questions of speed and bi-directionality are answered by the design of the cloud service.

 

– Andrew Thomas, Skkynet