Improve IoT Security by a One-way Street

Improve IoT Security by a One-way Street

Mikko Peltonen

Lead Solution Architect, Security Services at Tieto

Views 510

Improve IoT Security by a One-way Street

19.01.2017 09:00 am

A true IoT breakthrough heavily depends on security. The lack of security standards is a well-known fact, but there are methods for protecting IoT, such as one-way networking.

Recently, several cases have painfully demonstrated how massive problems follow if poorly protected devices are connected to the internet. For example, the infamous Mirai botnet used IP cameras and DVRs to orchestrate the biggest DDoS attack ever.

Brand new devices and solutions may be less prone to attacks, as they are, hopefully, designed according to security first principles. But for industrial IoT this is not enough. There tends to be a wide mixture of machines, devices, and full automation systems representing different generations of cyber security. Connectivity becomes essential in these heterogeneous environments, as businesses go fully data-driven – and security issues must be solved rapidly.

What can be done? One method to secure critical assets is unidirectional networking. It means enabling only one-way transmission of data. In an IoT environment, data could flow only upstream from a sensored device and never the other way round.

This method is also known as a data or firewall diode. A diode is a basic concept of electronics, meaning a unidirectional electric current.

A data diode requires hardware devices and proxy servers which enforce one-way traffic only. The unidirectional flow of data is physically secured. Thus, a data diode will disconnect immediately if some hostile party tries to break it.

The power of simplicity

A data diode is certainly not a cutting-edge innovation nor a silver bullet. The idea originated in the 1960’s, and has been used in industrial control systems for more than a decade. But unidirectional networking could be utilized as a straightforward security solution for IoT as well.

For the critical infrastructure, a data diode could be the only possible method to allow connectivity in the first place. What about other use cases, both for enterprises and consumers? Could the same concept be applied?

Often, it can be perfectly OK to just get the data from the endpoints, such as sensor readings of temperatures, locations, pressures etc. There may never be any need to send data to the device or the sensor controller.

The method is simplistic, and it has several downsides. The worst problem is that data diodes are against the basic principle of TCP/IP, which has a feedback channel by default. Thus, they can not be used with any applications that require TCP.

Obviously, when a data diode is used, the sender side can never check whether the data was transmitted or not. To overcome this, an implementation typically includes software, which takes care of data integrity. Resending each transmission several times may be necessary.

Unidirectional networks prevent updating the device's software over the internet. In massive sensor networks this is a major setback, if a critical update is needed fast. Data diodes may also cause some pain in firewall configurations and they increase network complexity.

Still, I recommend the method as a valuable option, if absolute security of the perimeter must be ensured – and if it’s certain that one-way traffic fulfills the foreseeable needs. Unidirectional networking does improve security to a certain extent. At least the network can not be used as an attack vector, which is a clear benefit.

Latest blogs

Ian Johnson Marqeta

UK finance finds that 7.4 million in UK living "almost cashless" lives

These findings show that even before COVID-19 struck, digital banking was increasing exponentially. As more people adopt online and mobile banking, the demand for greater personalisation, flexibility and value that consumers expect from their Read more »

Ian Bradbury Fujitsu UK

UK Finance's UK Payment Markets Report - Comment from Fujitsu

Over the past months, businesses have had to rapidly move away from physical cash in order to provide consumers with a safer service. However, this data shows us that a gradual movement away from cash in society started long before the Read more »

James Turner Turner Little

Protecting yourself against a recession

The coronavirus outbreak has spread to businesses, leaving many around the world counting costs. Notoriously, known as the Great Lockdown, it’s been affecting the world economy since early this year. The predicted recession is considered to be the Read more »

Alan Cole JHC Financial

Every Cloud: Covid-19 and the opportunity for digital transformation

Faced with tighter regulations and changing customer needs, over the last decade Wealth Managers have not had it easy – but with the development of new technologies, many have been able to create efficiencies, reduce costs and shrink operational Read more »

Nabeel Irshad Mastercard

Two sides of the same coin: Financial and digital inclusion

The issue of how to tackle financial inclusion has long been a part of the conversation in banking and financial services circles. Regulations have ledto the UK’s biggest banks having to provide ‘basic bank accounts’ to cater for those who do not Read more »

Related Blogs

Gabriel Leperlier Verizon Enterprise Solutions

Why is Payment Security Compliance Declining with only 1 in 3 Companies Globally Making the Grade?

When companies are attacked, personal and financial customer information from payment card data is often the target. The Payment Card Industry Data Security Standard (PCI DSS) was designed to help protect payment data from the point of purchase and Read more »

Alan Stewart-Brown Opengear

Security Challenges for Financial Institutions – How Smart Out-of-Band (OOB) Management Keeps Networks Up and Running

Information technology and telecommunications are fundamental to service delivery in financial institutions today. Firms are increasingly reliant on IT networks to deliver core services but this can leave them vulnerable to ever-expanding security Read more »

Ali Raza Financial Software Systems

The Best of both Worlds: Security and User Experience

Globally e-commerce is booming. According to industry estimates digital commerce is projected to grow at a 20% CAGR to reach $5.8 trillion by 2022.  At the same time fraud losses are mounting. Read more »

Jason Tooley Veridium

Retailers Focus on Security to Avoid Becoming Another High Street Casualty

There is a consistent pattern of disruption in most industries, and surviving in the face of this rising tide means embracing the change, not fighting it. 68 per cent of c-level executives expect their industry to be significantly disrupted by new Read more »

Paul Hampton Thales

Going back to basics will solve a security headache for financial firms

With reports of new data breaches hitting the news every day, you might be surprised to hear that spending on cyber-security is at an all-time high. However, as these attacks become more sophisticated, much of this spend has been focused on Read more »

Free Newsletter Sign-up
+44 (0) 208 819 32 53 +44 (0) 173 261 71 47
Download Our Mobile App
Financial It Youtube channel