The IoT is a fundamental piece to convert real world conditions into data, allowing companies to make better, more informed decisions. As the IoT gains maturity, we’re seeing its impact across many industries and use cases.
- In agriculture, smart sensors are in widespread use for real-time crop monitoring to help farmers track the state of their products.
- Security cameras, alarm systems and smart locks are strengthening physical security and bringing residents peace of mind.
- Manufacturers, pharmaceutical firms and utilities are increasingly switching to remote infrastructure monitoring. To manage and repair their assets without extended downtime and costly travel, these industries have begun connecting previously disconnected machines.
What do these diverse use cases have in common? Without trusted data from connected sensors and devices, all of them become vulnerable and the decisions they support become questionable. Establishing data trust should be top of mind for IoT device manufacturers, and it is imperative that they take steps to ensure that data is not being manipulated in transit or at rest. This protection applies not only to data packets exchanged by the devices and applications but firmware updates and supply chain processes.
To achieve this, one model that has been in use for a long time is that of the CIA triad. The key components of this model (see Figure 1) are based around confidentially, integrity and availability.
In the context of IoT, confidentiality caters for protecting privacy of IoT devices, integrity looks after the data contained within the device while availability covers accessibility of the device.
Focusing on integrity, it is helpful to consider three different states that data can exist, namely in motion, at rest and in process.
Any breach of data integrity will mean that an IoT device cannot operate correctly but it also potentially exposes the device to being exploited and become a compromised platform from which other attacks can be launched. The usual method of verifying the integrity of data is by a mathematical algorithm called a hash, of which the secure hash algorithms (SHA) is most popular.
Data-in-motion requires that data be protected from modification while on its journey from sensor to cloud application. While a hash technique can be used an attacker could make a change to the message and recalculate the hash. A stronger approach is by using a data integrity check with a shared private key as illustrated in Figure 3. This is called a keyed-hash message authentication code (HMAC), and since it needs a shared private key, it must be protected just like any other cryptographic key.
When it comes to data-at-rest there are several considerations. Firstly, the stored program data will need to be verified and that will be done at boot time, see secure boot in the next section of this article. Configuration data and any stored device data should always be verified prior to being processed by an IoT device. Periodic integrity checks can be made during operation and always at start-up and shutdown.
The positive business outcomes enabled by the IoT all hinge on working with accurate, timely and trusted data. With this, Artificial Intelligence (AI) systems and Advance Analytics applications can provide reliable results based on that data, thus leading to positive operational decisions and results.
Data integrity can bring trust to data by:
- Ensuring its origin and providing a secure and private access through cryptography.
- Enable a reliable data stream verification thanks to blockchain technology.
- Provide a more robust chain-of-trust, that is, taking the trust of the system as close as possible to the source of data, guaranteeing its authenticity across networks and servers without the need to rely on strong network security.