Harbor Research - Designing Security for the Internet of Things & Smart Devices
-
Upload
harborresearch -
Category
Documents
-
view
218 -
download
0
Transcript of Harbor Research - Designing Security for the Internet of Things & Smart Devices
-
8/9/2019 Harbor Research - Designing Security for the Internet of Things & Smart Devices
1/25
SECURING THE FUTUREWhite Paper
Harbor Research, Inc.S A N F R A N C I S C O | Z U R I C H
After a decade of rampant
growth, we see that the
Internets architecture has
been both a blessing and
a curse. It has evolved to
become the fundamental
platform for all intelligentdevices to share information.
The dliemma lies in the fact
that the network of networks
is still quite vulnerable to
security issues and the IT
community who we trust
are working to resolve these
challenges are still operating
with outdated models that
cannot serve the needs ofa truly connected world.
One company, Mocana
has developed a unique
approach to networked
device security that offers
a proven foundation for
the complexity of a global
information economy.
Designing Security ForThe Internet of Things
-
8/9/2019 Harbor Research - Designing Security for the Internet of Things & Smart Devices
2/25
When it comes to preparing for the global
information economy of the 21st century, mostpeople assume that the existing IT community
and its army of technologists are taking care of
all the details particularly securing the devices
and data that will continue to grow exponentially. They take it on faith
that the best possible tools and designs for securing transactions
and managing information are already in place. That is potentially a
huge unfounded assumption. This paper examines a new and unique
approach to securely enabling the growing number and diversity ofdevices connecting to the Internet. Mocana demonstrates that it is
possible to migrate gracefully and securely to the Internet of billions
upon billions of things if we first accept that the tools available today
were not designed for the tasks they are now routinely performing.
IS OUR NETWORK GETTING TOO CROWDED
ur society is at the cusp of a perfect storm of network connectivity e concept of
network effects states that the value of a network grows exponentially with the number
of nodes connected to itlong with the value however so too grows the complexity of
managing the network the difficulty of securing it and the reliance of people and orga
nizations on these networks functioning properly
e nternet was designed in the s to allow the incompatible data networks and
computing systems of the time to share informationto talk to each othere n
ternet is literally a network of networkss we know it today the public nternet is a
worldwide embodiment of those original data communications protocolswhich are
by design extremely simplee original designers made very few assumptions about
the data being sent and about the devices connecting to the network to send and receive
data
t is this extensible technologyneutral basis of the nternet that has allowed it to scale so
dramatically and gracefully since its inceptionwith minimal central administratione
massive volume of datapoints coming from the growing number and diversity of smart
2
Securing The Future - White Paper
Designing Security For The Internet of Things
2007-2008 Harbor Research, Inc. All rights reserved. http://harborresearch.com/
-
8/9/2019 Harbor Research - Designing Security for the Internet of Things & Smart Devices
3/25
devices presents an unprecedented information management challengeo too does the
evolution of devices to network platforms capable of delivering and consuming
applications and services at data will require scrubbing filtering compression warehousing analysis reporting and perhaps more importantly securinge astronomical
growth of connected devices that continues today and is predicted well into the future
pushes the bounds of what the designers of the nternet had in mind
e growth of devices on the nternet today is chiefly occurring in two distinct ways
e first is that previously separate networks such as video voice cellular etc are all
migrating toward shared s opposed to organic growth of devices on the periphery
this trend requires the nternet to absorb wholesale transi
tions of fullscale networks into its existing framework
t the same time new classes of devices are becoming net
work enabled e types of devices being connected today
extend far beyond the laptops and cell phones we have be
come so accustomed to ny manufactured object has the
potential to be networked oday virtually all products
that use electricity from toys and coffee makers to cars
and medical diagnostic machines possess inherent data
processing capability
t thus follows that virtually all electronic and electrome
chanical products are being designed with more and more
capabilities e fact that many common devices have the
capability to automatically transmit information about sta
tus performance and usage and can interact with people
and other devices anywhere in real time points to the in
creasing complexity of these devices or example today
the average mobile phone contains just over million lines
of code this is expected to rise to million by n
automobile on average has million lines of code this is
predicted to grow to over million by
bjects that operate completely independent of human interaction are being networked
as part of the growing trend in machinetomachine communication ecurity
cameras transmitting digital video electric meters sending regular usage readings even
Device Growth Statistics
There are approximately 2.8 billion
million new ones added daily - Projected
the global network will need to
accommodate one trillion devices, most
of which will be wireless devices.
M2M communications are projectedto surpass human-to-human
3
Securing The Future - White Paper
Designing Security For The Internet of Things
2007-2008 Harbor Research, Inc. All rights reserved. http://harborresearch.com/
[email protected] 800.595.9368 415.615.9400 +41 435 000 153
-
8/9/2019 Harbor Research - Designing Security for the Internet of Things & Smart Devices
4/25
simple sensors and circuit breakers are being enabled so they can talk to us and to
each other
is phenomenon is not just about the dichotomy between people communicating with
people or machines communicating with machines it also includes people communicat
ing with machines eg a networked and machines communicating with people
eg automated stock ticker alerts on your e nternets most profound potential
lies in its ability to connect billions upon billions of smart sensors devices and ordinary
products into a global digital nervous system that will allow every business the ability
to achieve undreamedof efficiency optimization and profitabilityowever the nature
and behavior of a truly distributed global information system are concerns that have yet
to take center stage not only in business communities but in most technology com
munities too
WHY WE NEED TECHNOLOGY TO SAVE US FROM TECHNOLOGY
fter more than a decade of rampant growth we see that the nternets inherent archi
tecture has been both a blessing and a curseith the rapid growth of wireless networks
from cellular to ii to igee connecting these devices to the nternet has never
been easier hat we need is a remarkably agile global network that can comfortably
scale to trillions of nodessome of them hardware some software some purely data
many of them coming into and out of existence or changing location constantlybvi
ously
such a network cannot bedesigned
in any ordinary sense
ertainly
it cannotbe designed topdown
ome basic design principles must be put in place to guide the growth of this vast distrib
uted technological organism t demands that we design not only devices and networks
but also information interaction in ways not addressed by current e reader may
ask dont we already have a vast public information space called the orld ideeb
idnt the eb completely revolutionize human communicationnd isnt the eb
working and scaling quite handsomely
lmost everyone will answer with a resounding esut consider this analogy from
uckminster ulleruppose you are traveling on an ocean liner that suddenly begins tosinkf you rip the lid offthe grand piano in the ballroom throw it overboard and jump
on it the floating piano lid may well save your lifeut if under normal circumstances
you set about to design the best possible life preserver are you going to come up with the
lid of a grand piano
4
Securing The Future - White Paper
Designing Security For The Internet of Things
2007-2008 Harbor Research, Inc. All rights reserved. http://harborresearch.com/
-
8/9/2019 Harbor Research - Designing Security for the Internet of Things & Smart Devices
5/25
e growing scale of interactions between devices with more and more features and the
antiquated clientserver architecture of the web is like that piano lidn a period of great
change and tumult it workedin the sense that it kept us afloatut that does not make
it the best possible design or qualify it to be something that we should plan to live with
forever
et in the course of one mere decade the world has become so dependent upon the eb
that most people inside and out cannot bring themselves to think about it with any
critical detachmentven hightech business people use the terms theeb and the nter
net interchangeably without giving it a thought
ut the eb is not the nternete nternet itself is a simple elegant extensible scalable
technologyneutral networking system that will do exactly what it was designed to do forthe indefinite futuree same cannot be said of the eb which is essentially an applica
tion running on top of the nternett is hardly the only possible nternet application nor is
it the most profound one conceivable
Moores Law - Transistors Per Intel Chip Drive Growing Complexity
5
Securing The Future - White Paper
Designing Security For The Internet of Things
2007-2008 Harbor Research, Inc. All rights reserved. http://harborresearch.com/
[email protected] 800.595.9368 415.615.9400 +41 435 000 153
-
8/9/2019 Harbor Research - Designing Security for the Internet of Things & Smart Devices
6/25
e chilles heel in this story does not originate in browser software or markup lan
guages or other superficial aspects that most users touch directly ose inventions are
not necessarily ideal but they are useful enough for today and they can be replaced overtime with better alternatives
ather the growing bottleneck lies in the relationship and interactions between ever
more complex devices and the antiquated clientserver architecture of the web ith
memory and processor capabilities getting cheaper by the day product designers are em
bedding feature upon feature into their designshat may finally bring oores law to
its knees is the sheer complexity of software driving infinite interactions
e growing disparity of devices on networks is diluting the ability of technicians to ef
fectively manage them t is extremely difficult to keep up with the unique requirements
of each new device and all its advanced features ncreasingly what is needed is a means
of creating an abstraction layer that unifies common tasks and manages the complex
ity of implementation down to the device ustomers expect networked devices to be
functional ubiquitous and easytouse ithin this construct however the first two
expectations run counter to the third n order to achieve all three the network must be
loaded with intelligence
hen telephones first came into existence all calls were routed through switchboards
and had to be connected by a live operator t was long ago forecast that if telephone
traffic continued to grow in this way soon everybody in the world would have to be a
switchboard operator f course that has not happened because automation was built
into the network to handle common tasks like connecting calls
e are quickly approaching analogous circumstances with the proliferation of connected
devices or device networking ach new device that comes online now requires custom
ization and maintenance just to exist safely on the network and perform the same basic
tasks securing provisioning reporting etc as most otherse must develop methods
to automate and facilitate these common functions otherwise the lack of technical ex
pertise will only get worse and will continue to hold back device networking from the
truly astronomical growth that many have forecast
6
Securing The Future - White Paper
Designing Security For The Internet of Things
2007-2008 Harbor Research, Inc. All rights reserved. http://harborresearch.com/
-
8/9/2019 Harbor Research - Designing Security for the Internet of Things & Smart Devices
7/25
THE INTERNET OF THINGS: HOW MANY THINGS & WHERE ARE THE THINGS?
ntelligent device networking is a global and economic phenomenon of unprecedented
proportions t will radically transform customer service resource allocation and pro
ductivity
arbor esearch expects that by there could be anywhere from million to
over one billion devices communicating continuously ese devices will drive new net
worked applications and services such as status monitoring usage tracking consum
able replenishing automated repairing and new modes of entertainment whose value
together could reach beyond billion in valueadded revenues from servicesese
new services are based upon the convergence of networks embedded computing control
and content
casual but informed observer may say that is preposterous particularly considering
some of the fluffy prognostications from the e era ell consider that depending on
your definition of a sensor there are already more sensors on earth than people o the
Global Device Networking Market Growth is Exponential
7
Securing The Future - White Paper
Designing Security For The Internet of Things
2007-2008 Harbor Research, Inc. All rights reserved. http://harborresearch.com/
[email protected] 800.595.9368 415.615.9400 +41 435 000 153
-
8/9/2019 Harbor Research - Designing Security for the Internet of Things & Smart Devices
8/25
well informed the potential scale of device connectivity and value added network services
is less a question about whether it will happen and more often a question about when
oon any device that is not networked will rapidly decrease in value creating even great
er pressure to be onlineevices will blend into every venue and vast opportunities will
arise for companies delivering managing and responding to the rich media and data
being generated
is is not an isolated phenomenon by any means o matter what means are used to
segment markets growing device networks have applications in every venue across the
global economy
nything that operates over cell phones computerso phones car navigationsystems is capable of intercommunicating with other devices is is relatively easy
to conceive of in the familiar contexts of consumer and business devices like these but
the chart helps illustrate some of the devices being connected in other less familiar areas
ophisticated expensive devices are among the first to get connected so that they may
be closely monitored and report information about their status indmills pipelines
Any Thing On A Network Can Communicate With Other Things Across Global Venues
8
Securing The Future - White Paper
Designing Security For The Internet of Things
2007-2008 Harbor Research, Inc. All rights reserved. http://harborresearch.com/
-
8/9/2019 Harbor Research - Designing Security for the Internet of Things & Smart Devices
9/25
construction equipment oil rigs harvesters mass spectrometers and mass production
equipment any piece of highvalue capital built within the past twenty years has somekind of embedded electronics and the newer it is the greater the intelligence
ven in developing areas new networking technologies are keeping up with and even
outpacing growth here in orth merica ey have latemover advantage which
allows them to design infrastructures with new requirements and capabilities in mind
eveloping regions tend to skip steps that seem standard in firstworld countries
or examplemany developing countries use cell phones as their dominant means of com
munication as the wireless infrastructure is easier to set up than running telephone lines
to every house onsequently data communications must also operate predominantly
wirelessly raising the importance of developing technologies like iax and cellularbroadband acking many preconceived notions for how certain products and devices
have functioned in the past these markets may well be among the most receptive to new
servicecentric offerings from networked product manufacturers and their partners
soores law persists and the price of embedding intelligence and connectivity into de
vices continues to fall networked devices push further and further into the mainstream
is process is somewhat selfreinforcing as low prices are driven by high quantities and
vice versamaking these devices increasingly prevalent in our lives and businesseshile
the growth is spread through all areas of our lives it is concentrated on the same global
network e immense growth that is just now beginning will continue to acceleratecreating new strains on existing infrastructure and skill sets
A DAY IN THE NEW NETWORKED LIFE
ust consider the number of devices that exist with the potential to be networkedalk
through a typical day and note the variety of electronic devices with which you interact
ach devices uses and functions have the potential to be expanded with networking
ach of these devices can benefit from connected services and this is just the tip of the
iceberg is phenomenon has farreaching effects the likes of which have never before
been seen in business or our everyday lives e nternet versions and had broad
implications on how people and businesses interact with computers and other new in
formation devices but did not necessarily change every aspect of our lives evice et
working represents version of the nternet and it will be felt in everything that we
9
Securing The Future - White Paper
Designing Security For The Internet of Things
2007-2008 Harbor Research, Inc. All rights reserved. http://harborresearch.com/
[email protected] 800.595.9368 415.615.9400 +41 435 000 153
-
8/9/2019 Harbor Research - Designing Security for the Internet of Things & Smart Devices
10/25
touch and do o matter who you are what industry or what job function this tidal
wave of change will be inescapable
Network Devices In Everyday Life Will All Drive New Services
THE STAKES ARE HIGH FOR BOTH INDIVIDUALS AND THE ENTERPRISE
odays enterprises are evolving at a pace unseen before in human or business history
hile they grow they fall subject to an intriguing paradox as they become ever more
connected they also get more dispersed and visa versa lobalization and outsourcing
penetration of broadband networking and pressures to be financially lean have all con
tributed to the trend of distributing organizational resources hether it is managing
a workfromhome sales force or teleconferencing with clients on a different continentorganizations are relying on networks to keep them connected as they grow ever more
diffuse
s their prey evolves so do the predators so as enterprises improve and expand their
networks hackers are constantly developing new tools for breaking into themot only
10
Securing The Future - White Paper
Designing Security For The Internet of Things
2007-2008 Harbor Research, Inc. All rights reserved. http://harborresearch.com/
-
8/9/2019 Harbor Research - Designing Security for the Internet of Things & Smart Devices
11/25
does this growth mean more endpoints for organizations to secure but even devices
thought to be protected are increasingly susceptible to attackskilled hacker can easily circumvent security measures that are old weak or not properly configured
orporations invest millions of dollars on physical perimeter security for their offices
but what is the point if the information flowing constantly to and from the building is
not secureith the increasing use of streaming media over networks like elecon
ferencing andomore and more valuable and potentially sensitive information is be
ing transmitted often unprotected et with these realtime communication services
latency is misguidedly the main concern not security or fear that security measures
will slow down transmissionsmany are not secured properly if at allffectively secur
ing these devices requires a solution that is highly optimized and can operate effi
cientlywithout introducing latency and disruption to the communications process
hile corporations face security concerns over evergrowing corporate networks simi
larly individuals must deal with concerns over their increasing vulnerabilities onve
niences like wireless credit cards cellphone payments online banking and more leave
us increasingly exposed to information interception and identity thefthether for
home or for enterprise no matter what type of business security is a common concern
and one that will be discussed in detail later in this paper
STRANGE BEDFELLOWS THE RISKS OF CONNECTEDNESS AND OPENNESS
etworked devices providing and consuming realtime data and services will be the
hallmark of our newetworked ocietyese new devices will become portals into
other network resources in which device users will gain utility not only from the devices
themselves but from a variety of adjacent value added service providers s it evolves
this infrastructure will amount to nothing less than a global digital nervous system
for commerceindeed for society itself
onsider the implications of pervasive networked devices not just on the user experi
ence but on the organization of businesses aligned to deliver value to these users e
value chain for a nonnetworked device has remained relatively consistent for hundreds of yearsrom raw materials to components to finished products the obligations
of the manufacturer and their relationship with their customer essentially began and
ended at the point of sale
ost businesses have been built around this productcentric paradigm it is ingrained
in their culture and organizational structure to focus all of their efforts on selling a
11
Securing The Future - White Paper
Designing Security For The Internet of Things
2007-2008 Harbor Research, Inc. All rights reserved. http://harborresearch.com/
[email protected] 800.595.9368 415.615.9400 +41 435 000 153
-
8/9/2019 Harbor Research - Designing Security for the Internet of Things & Smart Devices
12/25
physical product ut now device connectivity is changing the entire structure of value
delivery threatening longstanding business models and forcing all companies to con
sider how to participate in service delivery and building ongoing relationships with their
customers
ather than owning decliningprofit commodities companies will aggressively need to
seek innovation in value added services and ensure that they maintain some control over
access to their devices in the field and the stream of device data coming in through them
ost importantly thanks to that device data companies will own their relationships to
customers in ways never before imaginedhat happens after that point depends upon
the strategy adoptedcompany could for example lease part of its stream of customer
informationand thus part of the customer relationshipto another company wishing
to provide value that is not part of the first companys businessther relationship own
ers could lease relevant parts of their own customer information back or share informa
tion in a joint venture or some other contractual arrangement
ew capabilities will bend the traditional linear value chain into a loop of complex in
terdependencies that will demand new thinking and will require new alliances with the
many new participants in the chain
usinesses that create the best ecosystem of alliance partners from complementary de
vice manufacturers to third party application software providers will be the most suc
cessfulevice manufacturers network service providers new software and value addedservices players will all combine to create significant business and customer service value
or devolve into an environment of strange bedfellows
ven if a device manufacturer decided that it did not want to build an ecosystem and
instead wanted to vertically integrate and own all aspects of device networking for a
particular class of devices it must still embrace the concept of value added services and
recognize that it is the combination of hardware software and value added online ser
vices that define the ultimate value to end customersou need look no further than
pples iod device and iunes service for a present day examplen a very short period
of timepple has rocketed to become the third largest music retailer in the world whilealso creating a billion dollar revenue device business all with a device that connects to
a networked service
12
Securing The Future - White Paper
Designing Security For The Internet of Things
2007-2008 Harbor Research, Inc. All rights reserved. http://harborresearch.com/
-
8/9/2019 Harbor Research - Designing Security for the Internet of Things & Smart Devices
13/25
ow with the introduction of the ihonepple is entering a market that many would
consider saturated the cell phone market whose structure is the definition of linking de
vices and services ot only must a cell phone plan match the capabilities of the device
often the ongoing service fee is used to offset the upfront cost of the device n pples
case they feel they can be successful here both for the revolutionary capabilities of their
device and for the range of new services it will allowor the first time the ihone al
lows uncompromised access to web content from a cell phonehile not fully open the
ihone will allow third party developers to write webbased applications for the device
is is sure to cause significant disruption to the market as a broad range of new partici
pants start gravitating towards delivering new functions and services to cell phones all of
which will deliver enhanced value to users of the devicesaken to the extreme this all
has the potential to redefine the definition of a cell phone
Expanding Constituents In The Networked Value Chain Create New Value & New Risks
13
Securing The Future - White Paper
Designing Security For The Internet of Things
2007-2008 Harbor Research, Inc. All rights reserved. http://harborresearch.com/
[email protected] 800.595.9368 415.615.9400 +41 435 000 153
-
8/9/2019 Harbor Research - Designing Security for the Internet of Things & Smart Devices
14/25
ith all of this cooperation and collaboration not just around cell phones but all net
worked devices it is a foregone conclusion that the device networking community must
agree upon universally accepted open communication standards hile historicallyproprietary protocols have dominated in some arenas the pervasive nature of is
eroding these proprietary boundaries will over time be the dominant transport for
device networking
s revolutionary and farreaching as the devicenetworking paradigm shift is this does
not change everything and the eternal truths remain eternalhen you open yourself
to relationships and connect to other people or devices you can get hurtnd the
greatest opportunities usually involve the greatest riske realworld risks of open
technology and asset connectedness include possible breaches of secure systems that canhave catastrophic impact
WAITING FOR THE WAKE UP CALL YOU HOPE WILL NEVER COME
espite a growing awareness of the presence of connected devices and their importance
as a phenomenon there is quite little understanding within most device manufacturers
service providers and enterprises as to how best to secure them and the services they
enableevice security is usually handled on an adhoc basis surrounding a device or
network specific projectarely are there horizontal organizationwide security solu
tions from which a device manufacturer and device network might benefit nstead
security design and implementation decisions occur deep within organizationsften
times individual developers are left to port software designed originally for andserver security to their burgeoning devices and device networksesides being labor
intensive this is not a scalable solution nor does it provide adequate functionality or an
acceptable level of protection
any companies today have let their connectivity outpace their securitye focus
of most companies security efforts is on devices with which humans interact directly
ey fail to realize that each newly connected device represents another potential point
of weakness through which hackers can gain unauthorized access to sensitive informa
tionese customers must demand more complete security from their device manu
facturersften device manufacturers will do the bare minimum claiming securitysupport that is in reality very narrow and only provides protection along a very limited
dimensione practical consequences of the resulting underinvestment and trivializa
tion of security can be devastating
14
Securing The Future - White Paper
Designing Security For The Internet of Things
2007-2008 Harbor Research, Inc. All rights reserved. http://harborresearch.com/
-
8/9/2019 Harbor Research - Designing Security for the Internet of Things & Smart Devices
15/25
ecently the major retail chaino operator of such stores as axxarshalls
and obs incurred a security breach that reportedly resulted in the exposure of at least
million customers debit and credit card informationeportedly hackers accessedthe network wirelessly while parked outside using a laptops a consequence the com
pany is facing backlash and lawsuits that according to some estimates have potential to
cost nearly billion and may jeopardize the entire company itself
ccording to some reports nearly percent of laws that include personal information
have an express encryption standard written into the definitioney define personal in
formation under the law as data being unencrypted or they use a harm standard stating
that if there is an encryption there is no probability of identity theft or harm to the vic
timt started with house bill in alifornia approximately five years agoow
states have similar laws and there are provisions as well for financial institutions whichare federally administeredn those industries where the level of connectedness and the
value of the data are both high such as financial services the costs of security breaches
have proven to be so substantial that many of these enterprises are already carrying data
breach insurance ese same dynamics will absolutely play out in device networking
perhaps even to a greater degreehile the example above illustrates the huge potential
for financial liability associated with security breaches device networking has potential
to take this one step furtherdevice network security breach can have devastating real
world life and death consequences
e problem with securing todays device networks is one of human nature one of motivation and incentivesnvesting in security is sometimes viewed as buying insurance
and unfortunately many companies do not face up to the risk until after theyve already
experienced the impactust as airport security increased after or a household will
finally invest in an alarm system after a breakin it often takes some kind ofwakeup
call to get motivated to upgrade device network security
urther corporate structures and the segregation of expertise therein means that usu
ally the person in charge of investment decisions related to security is not the person with
the keenest understanding of the present risks and protection level technician who
calls for a security upgrade out of the blue is easily ignoredn engineering manager in adevice manufacturer is only concerned with satisfying minimally specified requirements
regardless of how nave those specified requirements aren the absence of any problems
managers are quick to assume that present measures are working adequatelyet that
reasoning is inherently flawed and dangerousy that logic it could be claimed that this
15
Securing The Future - White Paper
Designing Security For The Internet of Things
2007-2008 Harbor Research, Inc. All rights reserved. http://harborresearch.com/
[email protected] 800.595.9368 415.615.9400 +41 435 000 153
-
8/9/2019 Harbor Research - Designing Security for the Internet of Things & Smart Devices
16/25
white paper is coated in tigerrepellentnd because there arent currently any tigers
around to prove otherwise we can assume the tigerrepellent is workinge days of
leaving wellenough alone have passed and it is imperative now more than ever notjust to fix problems but to preempt them
hen evaluating any type of risk there are two main considerations that must be
weighede first is the likelihood or chance that a particular undesired outcome
would occurn the security context this comes down to an assessment of a device or
networks vulnerability or protection levele second consideration is the size of the
impact that would occur if such a risk were to materializen the realm of security
the potential consequence could be just a few hours of network downtime or it could
be millions of dollars worth of credit fraud or a device that is rendered inoperable
and must be returned to the manufacturer all of which can cause irreparable damageto the brand and customer confidence
oth of these dimensions weigh into a persons decision of how to approach risk
mitigations they relate to device networking one must also realize that both risk
factors grow quickly with the size of the network that must be protected larger
network means more nodes and endpoints and more potential points of weaknesst
also means more information that has a higher value being transmitted on the net
work and consequently a greater impact if that network is compromiseds networks
grow so too must the focus on security and as they begin encompassing new types
of devices that becomes increasingly difficulte net of this analysis is that a functional and elegantly simple security solution for
devices and device networks becomes the silver bullet of sorts the catalyst that
will allow organizations to comfortably deploy large device networks while also al
lowing them to operate safely catalyst like this may be all that is needed to spur
the enormous growth that has been forecast
THE ANSWER LIES IN A DEVICE SECURITY FRAMEWORK
solution that effectively manages the security requirements of disparate devices
must have two main qualities automation and homogeneity t must handle common tasks without human intervention and it must provide a single platform and
interface for interaction with a wide range of devices hat is needed is new infra
structure software plus centralized business processes for dealing with security within
and across device manufacturers and service providersis software solution would
16
Securing The Future - White Paper
Designing Security For The Internet of Things
2007-2008 Harbor Research, Inc. All rights reserved. http://harborresearch.com/
-
8/9/2019 Harbor Research - Designing Security for the Internet of Things & Smart Devices
17/25
be a combination of resident software embedded in the devices plus capabilities deliv
ered as applications across the network
s this is describing the unique needs of an entirely new type of network it stands to
reason that this solution does not fall within the specialties of any current mainstream
software companies n fact the evice ecurityramework being described is best
viewed as an entirely new market category
ith the disjointed patchwork security solutions presently in place and the lack of
general market understanding particularly among larger software players of what is
needed for device security the field is wideopen for any viable solution evertheless
Mocana Device Security Framework 17
Securing The Future - White Paper
Designing Security For The Internet of Things
2007-2008 Harbor Research, Inc. All rights reserved. http://harborresearch.com/
[email protected] 800.595.9368 415.615.9400 +41 435 000 153
-
8/9/2019 Harbor Research - Designing Security for the Internet of Things & Smart Devices
18/25
this solution must not be a stopgap measure t must create a platform that is extensible
and will be able to solve tomorrows problems as well as todays
t a minimum a evice ecurityramework should address the following security
centric demands across any connected device
4ecure remote device access4ecure data communications between devices4evice identity management4uthentication of devices and device applications on the network including
wireless networks
4echanism for simplified key management4dvanced connection handling capabilities4ird party validated cryptography library4e ability to fully leverage advancements in silicon including multicore pro
cessors and hardware acceleration
ENTER MOCANA
ne company fully understands the needs of these networks and has begun creating a
solution that meets the needs described above an rancisco based ocana orpora
tion has positioned itself as one of the lone players in this new market and while theycould rest on their foresight and the advantage of being the first to recognize the needs
of this market the company continues to develop its evice ecurityramework so
that it meets the aforementioned requirements and more
ocanas solution is fully compliant with validated cryptography algo
rithms meaning it will interoperate with all applicable standardsocanas evice
ecurityramework contains software that gets embedded into devices at the time of
manufacture as well as capabilities delivered across the network known as etwork
pplications
hile philosophically a major supporter of open standardsocana realizes that many
companies build their devices on proprietary operating systems using a wide variety
of chipso scale across these disparate platforms all components ofocanas evice
ecurityramework leverage a common abstraction layer that has two integration axes
one dealing with integration and the other with integration
18
Securing The Future - White Paper
Designing Security For The Internet of Things
2007-2008 Harbor Research, Inc. All rights reserved. http://harborresearch.com/
-
8/9/2019 Harbor Research - Designing Security for the Internet of Things & Smart Devices
19/25
implistically if chips and are supported along with # then a port to
# will inherit support for chips and automatically by only modifyingthe abstraction axisonversely if # and are supported along with chip
then a port to chip will immediately inherit support for this chip on all threes by
only modifying the chip abstraction axis
is approach provides maximum coverage of and combinations and maxi
mum flexibility for device manufacturers and service providers to make and
decisions independent ofocanas evice ecurityramework
ocanas ramework has another major benefit it can meet the extremely diverse
needs of disparate wired and wireless operating environments ome end devices such
as those involving voice and video require high performance ther devices on theperiphery may have intense restraints on power consumption to prolong battery life
till others have constraints on memory and processing capabilitiesocanas solution
can meet the needs of all of these devices because it possesses three distinct qualities
e etworkpplications are themselves network and device independent
e embedded software is designed to leverage the capabilities being builtinto new chips such as hardware acceleration and multicore asynchronous
The Real World - Operating System & CPU Independence
19
Securing The Future - White Paper
Designing Security For The Internet of Things
2007-2008 Harbor Research, Inc. All rights reserved. http://harborresearch.com/
[email protected] 800.595.9368 415.615.9400 +41 435 000 153
-
8/9/2019 Harbor Research - Designing Security for the Internet of Things & Smart Devices
20/25
processing providing a higher level of performance and scalability thanmuch of todays mainstream software making it ideal for voice video and
data applications
e embedded software has a very small footprint making it ideal for anyconnected device even resource constrained ones
dditionallyocanas evice ecurityramework is capable of extending to address
emerging threats as well e ramework takes full advantage of network connectivity
and the benefits this brings in being able to have additional intelligence reside in the net
work versus only in the connected device t provides a holistic approach to security and
can also enable an entirely new class of end customer network and device independent
applications and services as described below
INITIAL BEACHHEAD: DEVICE SECURITY
nce a evice ecurityramework is in place it can be used to perform a number of
functions necessary for securing and operating device networks ocana provides not
only the ramework itself but also several initial applications necessary for nearly all de
vice network deploymentsmong the first of these network applications is a solution for
ertificate anagement allowing its customers to provide certificatelevel security and
identification for devices on their networks
o understand the value ofertificatebased security takes a brief description of the pro
cedure itselff a theoretical entitylice wants to receive secured communications overa network she uses her own unique algorithm to create both a ublic ey and a rivate
eyhile these two encryption devices are related one cannot be used to determine
the others an analogy iflice wanted to receive a secure object in the mail from her
friend ob she might first send him an open padlock the key to which she kept herself
ob could then use that lock to secure his message before sending it knowing that only
lice using her key can open itn this analogy the keylice kept is her rivateey and
the lock she sent out is her ublic eylice could make these open locks available for
anyone who wants to send her a message knowing that the messages once locked will
only be readable by herhile this structure seems secure it creates another problem how does ob know for
sure that the lock hes using to secure his message is actuallylices n the digital realm
where ublic eys abound it is even more conceivable that a malicious hacker could
publish a ublic ey claiming it to belices when in fact it is noto solve this problem
20
Securing The Future - White Paper
Designing Security For The Internet of Things
2007-2008 Harbor Research, Inc. All rights reserved. http://harborresearch.com/
-
8/9/2019 Harbor Research - Designing Security for the Internet of Things & Smart Devices
21/25
requires a rusted ird arty or ertificate uthority known and acknowledged by
bothlice and obis third party would know exactly whatlices ublicey should
look like and by confirming with its own igital ignature that the ublic eyob is
receiving matches that which they have on record for lice could verify her identity so
that the secure transaction may proceedis is exactly what a ertificate does it is an
electronic document containing the digital signature of a trusted third party that links a
public key with an identity
ertificates are typically issued with expirations dates in the range of about one year so
they do not need to be issued for each transaction they can be reused for a period of
time as long as the identification information of either party has not changedhile cer
tificatebased security is among the most effective methods for securing communications
on a network it also leads to several accompanying tasks that are often labor intensive
raditionally certificate management including enrollment renewal revocation
expiration query etc is a manual processut with the size and growth of device
networks manually managing these tasks does not scaleuilt on the imple ertificate
nrollmentrotocol an evolution of the protocol developed for traditional non
devicecentric networks byerisign and isco ystemsocanas ertificate anage
ment application allows for automation of these and other common tasks
ertificatebased security for networked devices completely shifts the paradigm of how
manufacturers and users may conceive of their devicesrom an information perspective
once a device and its identity are trusted so too is any other information it might convey
about itself and its environmentis might range from location information to usage
data to information about or from other devices near itimilarly once a users identity
can be tied to a device in a secure fashion user names and passwords become unneces
sarye ability to incorporate and transmit this accompanying information opens the
door for the creation of a whole new class of services to endusersn addition to basic
services required for device network operation such as certificate management a tidal
wave of yet inconceivable applications is just over the horizon
DEVICE SECURITY FRAMEWORK FUTURESalling this new platform a evice ecurityramework is somewhat restrictive hile
security is its first and most important capability the ramework allows for the secure
delivery of any services or applications to devices on the network n a broader context
21
Securing The Future - White Paper
Designing Security For The Internet of Things
2007-2008 Harbor Research, Inc. All rights reserved. http://harborresearch.com/
[email protected] 800.595.9368 415.615.9400 +41 435 000 153
-
8/9/2019 Harbor Research - Designing Security for the Internet of Things & Smart Devices
22/25
this trend of linking devices with accompanying services has been in the marketplace for
some time nowust consider the previously mentioned iod and iunesio service
and the io boxlackberry handhelds with data service plansese are all
examples of traditional product manufacturers that have distinguished themselves by
pairing their devices with highvalue servicesarbor esearch has been tracking this
market trend for several years and while it has been gaining recognition devicecentric
services have not yet seen the explosive growth that has been predicted
ow it is apparent that difficulties with security and identification of devices on a net
work and the secure scalability of those networks themselves have thus far hampered
their growth both in a literal sense and in the broader marketith the combination of
its technology and its relationship with device makers and chip manufacturers ocana
is in the unique position to remove this significant obstacle from the equation and spur
the growth of this burgeoning service industryy doing thisocana has the potential
to capture enormous value for itself and its ecosysteme success of the iod created a
billiondollar side industry for accessories while keeping its network services proprietary
n the near future we will see an abundance of devices on open networks allowing the
creation of an enormous new side industry that of third party device centric service
providers
ocana has a keen awareness of this potential as demonstrated by their ongoing efforts
to build partnerships within the device networking community eir support of open
standards shows that the company realizes that the real value of device networks will
only be revealed upon arrival of those pervasive device applications and services hile
security is most certainly a prerequisite to that and a catalyst for much initial growth
it will be the applications delivering tangible value to device users that will bring device
networking to the mainstream e difficulty here is that these future device services
will not be uniformhile there are a large number of horizontal etworkpplications
each device type each customer segment each industry will demand its own end cus
tomer facing device applications and services e requirements are so farreaching that
no single company could ever anticipate and meet everybodys needs ike the networks
themselves the customer facing applications provided over them will be fragmentedhatocana does is provide the platform on which a whole new class of secure identity
based device and network independent applications and services can be builtocana is
getting the ball rolling by providing some initial necessaryetworkpplications rom
here they are open to partnering with thirdparty software developers wishing to build
these applications of the future
22
Securing The Future - White Paper
Designing Security For The Internet of Things
2007-2008 Harbor Research, Inc. All rights reserved. http://harborresearch.com/
-
8/9/2019 Harbor Research - Designing Security for the Internet of Things & Smart Devices
23/25
MOCANA NOW
espite the futuristic overtones to much of this analysis it is most important to realize
that this device networking trend is happening right now owhere is this exemplifiedbetter than by the fact that ocana has already built a substantial base of customers
some of which are listed below including several ortune companies and many
others of equal significance in their functional areas
rom major device manufacturers to communications companies to chip vendors
ocanas evice ecurityramework is already being embedded into many of the de
vices we see every day ese customers range from consumer and industrial device
manufacturers to makers of network infrastructure products to communication provid
ers ithin this mix also sits several extremely significant adopters of components of
ocanas evice ecurityramework and its components including ortel etworksoneywellhilipsiemens and more
y adopting ocanas software or even incrementally exploring the option all of these
companies are demonstrating to customers investors and the broader market that they
have a grasp on the coming wave of device networkingot only do they understand the
phenomenon but they are showing their commitment to securing the communication
of these devices and to doing so in an open extensible fashion that will allow them to
Sample Adopters of Mocanas Technology Are Diverse
23
Securing The Future - White Paper
Designing Security For The Internet of Things
2007-2008 Harbor Research, Inc. All rights reserved. http://harborresearch.com/
[email protected] 800.595.9368 415.615.9400 +41 435 000 153
-
8/9/2019 Harbor Research - Designing Security for the Internet of Things & Smart Devices
24/25
be active participants in the growing corporate communities providing smart products
and services
WHERE IT IS VERSUS WHERE ITS HEADED
is white paper has discussed the evolution of device networking and the phenome
nons scale upon arrival t has highlighted some of the benefits of our newetworked
ociety but also its potential dangers t has explained the details of how these networks
will operate technically architecturally and organizationally e net of this analysis
brought to light the need for creating a evice ecurityramework in order to scalably
manage effectively secure and reliably identify devices on our shared global network
ut management security and identification are just the tip of the iceberg ese are
the absolutely necessary prerequisite functions that must be in place in order for our
etworked ociety to begin to bloom nce established a wide range of new applica
tions will begin to be developed ome will run behind the scenes addressing emerging
bottlenecks around efficiency and scalability thers will be more visible delivering a
new level of personalized information to us and to our devices x
hile most of this value will be created by a vast ecosystem of companies and develop
ers making their way into the realm ofevice etworkingocana will continue to
develop and add to the evice ecurityramework enabling it all hether by giving
us confidence through continuing to strengthen security or by creating new uses for the
certainty of device identificationocana will continue to be a catalyst for development
ofevice etworking and a driving force behind one of the most disruptive yet benefi
cial phenomena of ours or anyones lifetime
24
Securing The Future - White Paper
Designing Security For The Internet of Things
2007-2008 Harbor Research, Inc. All rights reserved. http://harborresearch.com/
-
8/9/2019 Harbor Research - Designing Security for the Internet of Things & Smart Devices
25/25
About Harbor Research, Inc.
Harbor Research Inc. has more than twenty years of experience providing strategicconsulting and research services to high technology clients. Harbors strategy and
business development work is organized around emergent and disruptive opportu-
nities, with a unique focus on the impact of the Pervasive Internetthe use of the
Internet to accomplish global device networking that will revolutionize business by
unleashing entirely new modes of system optimization, customer relationships, and
service delivery.
Harbor Researchs clients are leaders in communications, computing, control, and
content. Harbor Research has built extended relationships with larger multi-line
companies including AT&T, ABB, Agilent, General Electric, Danaher, Eaton, Emerson,Hewlett Packard, Hitachi, Honeywell, Hughes, IBM, Intel, Invensys, Motorola, Rock-
well, Siemens, and Texas Instruments, as well as with growth companies such as EMC,
Cisco Systems and Qualcomm. We also work with a broad array of emergent start-
ups and pre-IPO technology ventures. We have built relationships with a number of
signicant Pervasive Internet players, including Ember Corporation, Questra Corpo-
ration, GridAgent, DeepStream Technologies and Dust Networks, to name a few.
CONTACT
Glen Allmendinger, President
Harbor Research, [email protected]
25
Securing The Future - White Paper
Designing Security For The Internet of Things
2007-2008 Harbor Research, Inc. All rights reserved. http://harborresearch.com/
info@harborresearch com 800 595 9368 415 615 9400 +41 435 000 153