Forbes estimates that cybercrime will cost approximately $6 trillion per year on average by 2021.
By 2024, there are expected to be more than 22 billion connected smart devices in the world. This vast opportunity brings vast risk. How are billions of devices kept secure? What about the networks they run on? How do you make sure the data from all these devices isn’t compromised?
IoT security cannot be an afterthought or an add-on. Security must be built in from the beginning.
IoT security requirements are unique. Connecting devices is different from connecting individual people and personal computers. Different sensors being brought into your organization may expose network vulnerabilities. Let Citykinect help you design a digital security strategy for your organization to ensure any IoT sensors brought in adhere to your corporate policy.
Citykinect can help you establish a holistic IoT cybersecurity strategy, from business readiness to technical approach. Being technology-agnostic, we won’t push you to any particular security solution, rather we’ll help you clearly see security vulnerabilities, and plan your approach.
IoT Security Challenges
Security in an IoT network is similar yet different to other computer networks, and in many cases far more complex.
With IT networks, it’s about data and information. But with IoT it’s about the physical world. Instead of manipulating data, malicious parties can manipulate the physical world.
This is why any IoT project should involve someone with proven experience and expertise (like us!)
Some IoT devices are never updated because they are in use 24/7. Updating devices means one must temporarily shut down a critical system like an assembly line. It’s also possible that a device is too old and doesn’t receive any updates from the vendor.
Compromise of an IoT device could result in injury or impact the environment. For example, a compromised device could impact railway signalling and make two trains collide.
Some environments (like a power plant) are closed systems so data confidentiality is critical.
A Proper IoT Security Strategy
A properly designed IoT security strategy needs to take these three items into account:
LoRaWAN™ utilizes two layers of security: one for the network and one for the application. The network security ensures authenticity of the node in the network while the application layer of security ensures the network operator does not have access to the end user’s application data.
Accordingly, the LoRaWAN specification defines two layers of cryptography:
- A unique 128-bit Network Session Key shared between the end-device and network server.
- A unique 128-bit Application Session Key (AppSKey) shared end-to-end at the application level.
Data over LoRaWAN is encrypted twice; sensor data is encrypted by the node, and then it is encrypted again by the LoRaWAN protocol; only then is it sent to the LoRa Gateway. The Gateway sends data over normal IP network to the network server.
The network server has the network session keys (NwkSkey), and decrypts the LoRaWAN data. It then passes the data to the application server which decrypts the sensor data, using the application session key (AppSKey).
This is important since LoRa gateway operates over open frequency so can receive data from any sensor in the vicinity. Thus, it becomes important that the LoRa gateways not have ability to decrypt sensor data.
It’s important to note that it is the LoRaWAN communication protocol that adds the encryption. LoRa transmissions by themselves are simple radio wave transmission and cannot be encrypted.
Talk to Western Canada’s IoT security experts.