Enhance IoT security: use snipers
There has been a lot of talk about IoT security, but not much new in the way of ideas for attaining it. Mostly the discussion has been to raise awareness of the need for security, even in the smallest devices, and to encourage designing security in from the very beginning. But now Pat Burns, CEO of Haystack Technologies, has put out a proposal that is intriguing in its simplicity and seems well worth careful consideration.
Basically, what Burns said in an article published on LinkedIn is that the first step in securing IoT devices is making them harder for hackers to find. In particular, change their operation so that they are not continually broadcasting their presence to facilitate discovery by the network. They should instead, Burns argues, operate in a mode of radio silence for as long as possible, broadcasting only in response to an authorized query or when they have something vital to report.
In other words: operate in stealth mode.
In his discussion of legacy wireless technologies for the IoT he categorizes devices into three groups. Devices that talk non-stop, communicating to the network every few milliseconds whether or not they have important information to share, he calls "chatterboxes." Devices that broadcast on a regular, scheduled basis – again whether or not they have an important message – he calls "cuckoo clocks." Devices that only broadcast when they have something important to share or are responding to a query from an authorized entity, he calls "snipers." Burns is suggesting that IoT devices should be snipers.
This suggestion by no means is intended to imply that by operating in stealth mode IoT devices will become secure. Burns clearly states that no single security approach can provide that kind of protection. Security needs to comprise a series of barriers and locked doors to delay attackers and raise the price in time and effort for breaking in that it is not worthwhile for an attacker to pursue. Stealth is only a first step, making it harder for attackers to locate potential targets. It's the equivalent of locking your front door when you leave home rather than leaving it standing open. It's a tactic that won't prevent a motivated thief from breaking in, but may encourage them to move on to an easier target and will definitely keep out the casual, opportunistic ones.
Burns goes into some depth discussing the principles of a stealth approach as well as its hidden advantages, such as power savings and reduced bandwidth consumption. On the whole, I think he makes a good argument supporting the idea. But there is a caveat.
Burns' company Haystack Technologies, is a member of the Dash7 Alliance and offers protocol stack software in support of the Dash7 low-power wide-area networking standard for IoT communications. That standard includes a stealth mode of operation for endpoint devices, just like the behavior he recommends. So his article could be seen as having a highly self-seeking agenda.
But I feel that his points are well taken. An IoT network that has a central coordinator querying the end nodes is harder to crack into than one in which devices are continually broadcasting information, at the very least because there are fewer transmissions to capture and analyze. That centralized control structure also provides a means for regulating the amount and timing of data collection, allowing more deliberate management of traffic, bandwidth, and the like.
The approach is not necessarily suitable in all IoT applications, though. Sometimes you want continual or scheduled information or the ability to discover and accommodate new endpoints as they enter the network. A chatterbox or cuckoo clock might be the best kind of endpoint for an application. But this stealth mode is worth considering for its security and other system advantages.
What do you think? Share your thoughts below on the pros and cons of sniper IoT.