IoT Security - Software-defined perimeter and blockchain
Editor's Note: Securing the Internet of Things is critical not only for the integrity of data streams and software within each IoT application, but also for the integrity of the enterprise resources tied into those applications. IoT security is a complex problem, requiring a systematic approach for understanding possible threats and corresponding mitigation methods.
Adapted from Internet of Things for Architects, by Perry Lea.
Chapter 12. IoT Security
By Perry Lea
Software defined perimeter
Earlier in the book, in Chapter 8, Router and Gateways, the concept of software-defined networks and overlay networks was discussed. Overlay networks and their ability to create microsegments is extremely powerful especially in mass IoT scaling and situations where a DDOS attack can be mitigated. An additional component of software-defined networking is called Software-Defined Perimeter (SDP) and is worth a discussion in terms of the overall security picture.
Software-Defined Perimeter architecture
A Software-Defined Perimeter (SDP) is an approach to network and communication security where no trust model exists. It is based on the Defense Information Systems Agency (DISA)'s black cloud. Black cloud means information is shared on a need-to-know basis. An SDP can mitigate attacks such as DDOS, MITM, zero-day exploits, and server scanning among others. Along with providing an overlay and micro-segmentation for each attached device, the perimeter creates an invitation-only (identity-based) security perimeter around users, clients, and IoT devices.
An SDP can be used to create an overlay network which is a network, built on top of another network. A historical reference is legacy internet services built upon the pre- existing telephone network. In this hybrid networking approach, the distributed control plane remains the same. Edge routers and virtual switches steer data based on control plane rules. Multiple overlay networks can be built on the same infrastructure. Since an SDN remains persistent in much the same way as a wired network, it is ideal for real-time applications, remote monitoring, and complex event processing. The ability to create multiple overlay networks using the same edge components allows for microsegmentation where different resources have a direct relationship with different consumers of data. Each resource-consumer pair is a separate immutable network that is only able to see outside of its virtual overlay as the administrator chooses.
The ability to create multiple overlay networks using the same edge components allows for micro-segmentation where each endpoint in a globally distributed IoT network can build individual and isolated network segments over the existing network infrastructure. In theory, every sensor could be isolated from another. This is a powerful tool for enabling enterprise connectivity for IoT deployments as services and devices can be isolated and protected from each other.
The following graphic depicts an SDN overlay example. Here, a corporation has three remote franchises with a number of different IoT and edge devices at each store. The network resides on an SDN overlay network with micro-segments isolating POS and VOIP systems that are corporately managed from various sensors for security, insurance, and cold storage monitoring. Third-party service providers can manage various remote sensors using an isolated and secure virtual overlay network only for the device they manage:
click for larger image
An example SDN Overlay Network.
An SDP can further extend security by developing an invitation system, forcing a pair of devices to authenticate first and connect second. Only a pre-authorized user or client may be added to a network. That authorization is extended by an invitation from the control plane via email or some registration facility. If the user accepts the invitation, client certificates and credentials are extended to that system alone. The resource extending the invitation maintains a record of extended certificates and will only provide an overlay connection when both parties accept the role.
|The real-world analogy is how one sends invitations for a party. Invitations are mailed out to selected individuals, with a date, time, address, and other details. Those individuals may or may not want to attend at the party (it is up to them). The alternative is to advertise on the web, TV, and radio that you are having a party and then authenticate each person as they arrive at the door.|