Considerations for development
From the developer point of view, developing devices that cater to IoT enthusiasts becomes an important factor. With the ever-increasing rise in connectivity there is also the need to look into security of these connections. “For the development we are effectively looking at the cost power utilization and hence you look at how secure the technology is,” adds Ramachandra.
A good thing is a lot of software that is coming out today is open source. So the bigger challenge would be productisation that is making sure that thing works. “The challenges on the digital front are much more simpler in terms of implementing these solutions. This goes extremely complex on the RF front, where there is a completely different set of challenges like antennae design.” says Ramachandra.
Size of the chip is another factor of consideration. For an OEM manufacturer, the smaller the size of the chip, the larger the battery they can put in. Hence the size is due in fact to the use case.
Security in Communication
Today we have NFC being used in vehicle safety. There is a small NFC tag provided along some phones, which switches your cellphone to silent mode while you are driving, hence preventing or reducing accidents. Leading RFID tag makers are already investing in the area of making RFID more secure. These tags are already being used in passports for the past decade.
The hacking problem
NFC goes active only when you want it to. The chip isn’t even working during standby mode. It activates for instance when you checkout at a retail store using their NFC terminal.
So, even if a hacker got close enough at the right moment, hacking into your phone via NFC would require some heavy mental acuity. NFC signals are extremely sensitive in terms of direction as well. if you turn your phone slightly, it won’t be able to read the smart tag. So for somebody to somehow catch your signal, would require heavy manoeuvring just to get the hacking device’s antenna exactly right. Cracking the signal is secondary.
Evidently the standards are still evolving
A vulnerability with the system in was uncovered in AES-encrypted Z-Wave door locks. These could be remotely exploited to unlock doors without even the knowledge of the encryption keys, and due to the changed keys, subsequent network messages, like “door is open”, would be ignored by the network. This vulnerability however ended up being an implementation error rather than a flaw in the Z-Wave protocol specification.
The security levels infrastructure is based on CCM, which adds encryption- and integrity-only features to CCM. If sources are to be believed, Zigbee Home Automation 1.2 uses fallback keys for encryption negotiation which are known and cannot be changed. This makes encryption highly vulnerable. But hopes are still high and probably newer editions of the system can take care of the errors.
Addressing the data security concerns
The primary focus has been changing from personal communication to things communication. “What we believe is that it is going to be an incredibly connected world. So there are going to be four or five standards in the initial four to six years, before you get back to established one or two main technologies.”
When things were stand alone, nobody cared about security. All we had to do for security was to lock the device in a safe and be done with it. “The moment you connect it to some network, the data on it becomes accessible,” adds Ramachandra. The moment the data on a particular device becomes available, you have to worry if the data is restricted or not, If you don’t implement suitable measures, you risk the big danger of getting hacked.