Technical issues today

Why state of the art protocols aren't enough

Existing issues with current architectures

IoT devices operate by exchanging messages, with cloud services and other connected machines. So we must ensure that the messages that carry configuration data, sensor readings, control instructions and firmware updates (see the review of requirements in D1).

The current weaknesses are usually due to the following reasons:

  • implicit trust in network boundaries (e.g. segmentation of connected devices versus the rest of the IT infrastructure), without authenticating the sender or validating the integrity of the message.

  • most IoT systems optimize for one-way authentication, without managing unique credentials for the fleet of devices

  • every IoT development team ends up hand rolling mechanisms for provisioning keys, activating devices and bootstrapping trust, which is a source of mistakes like default passwords or hard coded secrets

  • most IoT message transport protocols support some way to establish a secure channel. However, such secure channel protocols have traditionally been tightly coupled to their corresponding transport protocols, and they are only connection based. Therefore security over multiple hops cannot be established, enabling too curious observers or even attacks at interception points.

  • there's a separation between IoT transport protocols (e.g. MQTT, CoAP) and IP protocols, which creates vulnerabilities in end to end solutions

  • remote updates are mostly ad-hoc

  • authorization protocols such as OAuth2 have lacked adoption for IoT, despite their potential, because the security model is hard to implement (mutual TLS often seems easier for developers, although that requires advanced networking setup).

Those choices are flawed trade-offs, because if customers/patients are relying on the information collected by these sensors, then an attacker can easily tamper or forge that information.

Hidden complexity costs of current architectures

Ockam.io provides a complementary use case in the following video: https://youtu.be/wEeLSbkU_jI which shows how the current architectures make it very hard to protect its infrastructure that requires integration with many different vendors.

PreviousHardware prototypeNextSolution architecture

Last updated