Ensuring safety and security of Connected Societies: Innovative security technology that protects small IoT devices
September 27, 2018
A major point of weakness in security in today’s IoT society is the individual IoT device. Since small IoT devices have limited memory capacity and CPU performance, equipping them with conventional security software has been a challenge. IoT devices can serve as network entry points for viruses that manipulate programs and cause major damage to daily life and activities. How then can these risks be prevented? We are now seeing the commercialization of technologies aimed at addressing these issues.
Major risks in a Connected Society
Connected Societies, where everything is connected through IoT, are developing at a rapid pace. Smart Factories raise production efficiency through the use of sensors. Connected Cars enable the use of various Internet services while driving. Smart Cities enhance convenience and provide security and safety to citizens by leveraging IoT for transportation, disaster and crime prevention, energy use, etc. Literally, IoT is becoming the key technology that underpins society.
Having everything ”connected,” however, means that the entire society becomes exposed to risks of cyberattack.
”Thus far, enterprises and local governments have avoided damage from cyberattack by implementing measures to prevent the entry of viruses in their servers or gateways. However, as the number of IoT devices increase, direct attacks aimed at each of these devices are also foreseen to rise.
This was according to Takayuki Sasaki, NEC Security Research Laboratories Principal Researcher.
”Conventional security software can be installed in devices that have CPUs or memory capacities similar to those of PCs. Most of the IoT devices, however, are small-sized and have small memory capacity, making it extremely difficult to install and run software on them.”
Cyberattackers aim for the ”weakest component” of the network. And in an IoT society, individual IoT devices serve as the ”weakest component.” In case of cars or hospitals, when their IoT devices fall under attack and their programs become manipulated, the damage could endanger human life. Also, an attack on IoT devices in factories could cause the undetected production of a large volume of defective goods.
”Obviously, the wider the scope of IoT use, the deeper the extent of damage from cyberattacks.”
Innovative technology that protects devices in an IoT society
Mr. Sasaki and his team spent around two years to develop a proprietary security technology to prevent these risks that threaten the Connected Society. Installed into each IoT device, the innovative technology protects the device from direct cyberattacks. Its key features are its lightweight property and speed, explains Mr. Sasaki.
”Ordinary security software usually require from a few tens to hundreds of megabytes of memory, but running our security software only requires a memory capacity of around 4 kilobytes. It can therefore be installed in extremely small devices. Also, by limiting the program domain it examines, the software is able to detect tampering at a faster speed.”
The lightweight implementation was achieved by a technology that simply monitors only the executable codes, not the IoT device’s ”behavior” or other abnormal operations. Meanwhile, faster speed was achieved by a technology that divides the program according to functions and scans only those functions that are necessary.
For example, excessive time spent in checking security of active IoT devices in factories results in delay in their operations. This is similar to the delay that results from running security software on PCs while they are in use. In factories, this leads to a drop in the operation rate of production lines, which could result in a significant impact to productivity.
Making it lightweight has made it possible to implement the software in minute devices previously not amenable to use of security software, and its faster speed prevents operational delay in the devices running the software. These are what make this technology different.
”Now we can protect devices that could not be protected by previous technologies, greatly expanding the protective range of security measures. We believe this is the major value that the technology provides to the IoT society.”
Finding the technology that society needs
A research team of three members led by Mr. Sasaki was responsible for developing this technology.
”In the first phase of the development, we consulted with representatives of IoT device manufacturers and in-house personnel in-charge of smart city projects to accurately identify today’s most needed security technology. This thorough search led us to the goal of finding a lightweight and fast program that can be implemented on IoT devices.”
The emphasis was on simultaneously carrying out the pursuit of technology seeds and the exploration of societal needs.
”Before, researches and engineers were expected to create products and solutions from technology seeds. Today, however, it is not anymore possible to create something of true value outside the paradigm of co-creating innovation with customers and society. This security technology was borne out of efforts to conceive what is required in the IoT society and what technology can address those requirements. In other words, it was a product of reconciling the needs with the seeds.”
When the development had progressed to some extent, Mr. Sasaki and his team presented the technology to business divisions within the company and visited factories and device manufacturers to further verify whether the technology they were developing was really necessary. Currently, they are conducting trials with IoT device manufacturers to further enhance the accuracy of the technology. Mr. Sasaki expects that they will be able to release the technology for embedding into devices soon.
Opposing ”darkness” to enhance the value of ”light”
Work style reform can be achieved by leveraging IoT. Convenience can be enhanced by embedding IoT in home appliances. Or, IoT can be used to connect various devices used in medical settings. These are just some of the ways by which IoT devices are becoming increasingly used in our immediate surroundings at work and everyday life. If the convenience, amenity, safety, and security brought about by these applications represent the ”light” side of the IoT society, then the ensuing security risks represent the ”dark” side. Enhancing the value of the ”light” entails using the power of technology to oppose the ”darkness”. Mr. Sasaki says that this is their role.
”We are expected to respond to two kinds of evolutionary events. One is the evolution of IoT and other similar technologies, and the other is the evolution of cyber attack methods. Responding to attacks that are increasingly becoming sophisticated each day while incorporating the latest technologies makes working together with various players all the more important. It has become imperative to create a framework for various players to bring in their unique strengths and work together against attackers.”
There is a limit to what one research department of a company can do. Our job is to establish technologies that robustly ensure security of devices. And by connecting these technologies with a wide range of security solutions, it will become possible to protect the entire society. On top of that, if it is within our means, we would also like to further promote awareness regarding security throughout society. Because protecting the entire society cannot be achieved merely through robust technologies. It is only when we succeed in linking the technologies for protecting IoT with the consciousness and behavior of the people enjoying the ”light” of the IoT society that we can overcome its ”dark” side, explains Mr. Sasaki.
Going forward, the team will continue working with various companies and stakeholders to pursue initiatives to ensure the safety and security of the IoT society.