GlobalSign Blog

09 Jul 2015

Are worries of constrained devices slowing IoT security?

As you've probably witnessed, the number of standards alliances and consortiums that exists to prepare for the coming Internet of Things (IoT) wave is enormous.  A good deal of attention from these thought leadership, standards bodies, and working groups is centralized around differences in the nature IoT devices and ecosystems.  Specifically, a common topic driving this discussion is that IoT devices will be limited and constrained much more so than the current Internet infrastructure, which has many wondering how we can build new protocols and technologies to work in a lighter weight fashion.

However, I have to wonder if this concern over developing solutions to address these constrained resources is a preemptive investment in the IoT. Is effort devoted to developing holistic solutions diverting focus from implementing security at the core of current IoT solutions?

Are we overestimating future device constraints?

Many of the activities and initiatives in the IoT are still at a proof of concept stage and not scaled out yet.  Within the portfolio of IoT solutions that GlobalSign's been involved with, the nature of the device and technology environments are nowhere near the level of resource constraint that some standards bodies are focused on.

While device cost may be top concern in certain scenarios, as we've seen with Moore's law and the exponential decrease of price performance ratios in hardware, will we see scenarios in the next five years where even the smallest devices are in fact capable of supporting a full gamut of processing storage and connectivity requirements? If this is in fact the case, then maybe we are best served to work and focus our efforts at continuing to scale out and apply existing solutions like TLS and OAuth.  Moving forward we see with partners who are leveraging PKI, SAML, Oauth, etc to secure and maintain a trusted Internet of everything and identity environment within their ecosystem.

Additional downsides of new protocols include churn and a slow adoption curve.  Bugs and logic holes are found, new use cases crop up, and the standards must evolve to handle those.  You also have the interoperability questions of working with the existing infrastructure.

Balancing Long Term Visions with Mid-term Delivery

While I recognize and agree that there are many unique aspects to deploying IoT technology, such as volume & scalability constraints, I’d suggest that there will and should be incremental growth to achieve long-term future states. This incremental growth will ultimately result in leveraging existing tools and technologies to achieve IoT value in the near term. When it comes to standards and protocols in the IoT, we may be best served to exploit and leverage existing tools, systems and protocols that have seen success in the current Internet environment.

Rather than building solutions to cater specifically toward a constrained environment of IoT devices, I'm proposing we may be better served by focusing on building the bridge to the bridge so that we can just meet short-term needs until device and processing power comes down to appropriate price performance levels. We may leverage proven standards that are best practices and verified throughout the IoT stack to arrive at intermediate temporary solutions to address these deficiencies (e.g., relying a bit more heavily on gateways), recognizing that we will in the near future evolve past those.

Security is becoming a more recognized distinguishing feature of IoT solutions.  Solutions which don't build security in from the beginning will be at a competitive, and potentially legislative, disadvantage in the marketplace.  Therefore it's critical that security is incorporated into the IoT strategic planning, and along with that are the technologies and methods you will use to ensure as successful and secure ecosystem.

As the industry moves forward in IoT ecosystems, there undoubtedly will be scenarios which strain these existing systems and standards. As those deficiencies do arise, we are committed to maintaining our involvement and contributing and guiding standards and governance that guides maintaining trust and security within IoT ecosystems.

PKI for IoT Webinar

Share this Post

Subscribe to our Blog