Be careful with your privacy! Demystifying the five "lie" of Internet of Things security

The Internet of Things is expected to improve every aspect of life. Its main function is to be able to connect many “objects” to each other, thus gaining insight and creating synergies. Although this interconnected feature also poses security and privacy issues, there are now five "lie" on the Internet about IoT security and privacy.

The biggest lie: security has increased, meaning privacy has decreased.

Technically, security and privacy have commonalities. For example, both rely on encryption, and the system's design approach will help protect security and privacy; both have the same kind of failure, and design software or system engineers may ignore it if they don't understand what the opponent thinks and thinks. The design of the loophole.

Similarly, since each component of the IoT will be part of the system, the original designer of the component may not have the security and privacy implications of its components interacting with other components and systems. For example, researchers and the Federal Food and Drug Administration (FDA) have identified that many personal medical devices (PMDs) have encryption flaws that compromise the safety of the devices and the data recorded and transmitted by the devices, but do not jeopardize the users of the devices. privacy.

As we know from traditional IT issues, we can get a 100% secure system, but this system has no function at all. Therefore, we must find a compromise that is cost-effective and practical.

The second biggest lie: existing IT security and privacy concepts and practices are sufficient to address the IoT challenge

From a theoretical point of view, we know how to ensure system security and privacy. But we don't know how to do this effectively. Priorities are always important. Do we want to spend $1 billion to secure a local bookstore website? Don't want to. Would you like to spend so much money to make sure the nuclear warhead is safe? This sounds like a wise investment, and the decision makers will decide to do this. If we need more security, the cost will be quite high. Businesses face realistic trade-offs: Do I want to buy security features or buy revenue-generating features? This is not one or the other, but a compromise.

Back to efficiency, countless devices and systems are connected to the Internet of Things, and we need to be more effective in terms of security and privacy practices.

VintCerf, the "father of the Internet" and Google's chief Internet publicity officer, spoke at the Brussels meeting, recalling why he and his colleagues originally chose a 32-bit Internet Protocol (IP) address for the Internet. After rough calculations, they found that they might need 2 billion to 4 billion IP addresses, and the 32-bit address seems to be more than enough. In the coming decades, we expect everyone to have hundreds or thousands of associated IP address objects. Therefore, the greatly increased complexity naturally requires a significant increase in efficiency. If the number of items we have has increased to trillions, even if each item costs only 1 cent, the total cost will be too high.

Internet of Things security

The third lie: Today's cybersecurity can solve most problems of the Internet of Things

One aspect that needs to be explored is that we lack an effective network domain model to study human and user behavior. What prompted us to make wise or bad security and privacy decisions? This is critical because humans are involved in every aspect of the Internet of Things, including design, implementation, operations, deployment, maintenance, use, and decommissioning.

Since the Internet and the Internet of Things are so indispensable to humans, how do we model user behavior? How do we model the engineer's thinking process when engineers design these systems? How to model human-designed institutions that operate in the IoT environment?

The challenge here is that human behavior does not have a closed form like mathematics. For example, encryption has a nice closed form in terms of how to describe the problem and how to provide a solution. Science has a good way to deal with systems that are not closed (such as human behavior). Biologists model cell behavior, and in the wider field of everyday life (such as interacting with the Internet of Things), we are just getting started.

The fourth biggest lie: Software security for IT will also apply to the Internet of Things.

One of the challenges facing the Internet of Things (to name just one example) is that some traditional desktop security strategies may not work very well. What does it mean to patch software in the Internet of Things? In the field of industrial control systems, equipment has not been patched every month for decades. Therefore, an efficient approach to desktop computing and traditional IT infrastructure may not be effective for the Internet of Things.

I think the biggest challenge facing the Internet of Things may be in scale. The IT infrastructure we face is a highly networked infrastructure that connects countless entities, devices and systems. We have never had a thorough understanding of this before.

Assuming there are 1,000 people on the Internet, we are faced with a situation. If there are 1 million people, it is another situation. If there are 1 billion people or more? We will move into a world we have never encountered before, and we have not designed a system for this world before. The Internet and computing technology are actually the only areas in which we have continued to see dramatic changes for decades. Is there any other area of ​​efficiency or functionality that is 10 times higher than it was a decade ago? The Internet of Things seems to be such an area.

The fifth biggest lie: Internet security in the Internet of Things is a challenge that the private sector can handle alone.

The private sector will have to make its own decisions about security and privacy. However, I anticipate that private companies may lack incentives to focus on this public interest if they lack guidance on public policy.

But I don't agree with laws to ensure security. We need a more flexible model to share information securely for scientific security incident analysis and to facilitate reference to validated guidelines. The key is to communicate what methods work and what doesn't, so researchers, businesses, and IoT users can make informed decisions.

Policymakers need to be very knowledgeable and willing to allocate a certain amount of common resources to meet this challenge. It turns out that in this environment, top-down unverified regulations are ineffective. Policymakers need to actively address public concerns about the security and privacy of the Internet and the Internet of Things.

I am convinced that 100 years ago, many parents took it for granted that when they were born, they were very accustomed to serious illness, and basically they could not do anything about it. Children often die from polio and smallpox. And now, we have overcome those diseases. So guess, the Internet of Things security and privacy will do the same, but it takes time and concentration.

Wireless Earphones

Phone Wireless Earphones,Sports Bluetooth Earphone,Best Cheap Wireless Earbuds,Wireless Earbuds For Android

Dongguang Vowsound Electronics Co., Ltd. , https://www.vowsound.com