Secure IoT commissioning: How hard can it be?
One of the most critical parts of IoT security is the commissioning process. Secure communication depends on getting this stage right, but the best products successfully balance this need with ease-of-use.
Simply put, commissioning is the act of adding a new device to a network, or establishing a link between two devices, and it is one of the most critical parts of IoT security.
As we put more and more information out there into the connected world, the incentive will grow for hackers, both amateur and professional, to gain access to this information from our IoT devices.
How to secure IoT communications
One of the biggest threats to security is how to do the commissioning in a safe manner, without requiring every device to be equipped with expensive hardware for commissioning, or forcing the user to go through a complicated secure IoT commissioning process.
Although devices with screens make the commissioning process easier and less vulnerable, it is not always practical and as wearables, nearables and other smaller devices become commonplace, a screen will soon be the exception rather than the rule.
> Read more: 6 wireless technologies for wearables
Avoid the passive eavesdropper
A typical commissioning challenge is how to exchange security keys in a safe manner. A passive eavesdropper will passively record all the communication in the key exchange phase, and can then process these packets after the fact. If the hacker is successful in decrypting the key exchange packets then the security key will be available, and as long as the link continues to use the same key the hacker will have full access.
The most common way to avoid this problem is to use an asymmetric encryption scheme to exchange the security keys. In such a system each node in the link will generate a public/private key pair, and send its public key to the peer node. The peer can then encrypt its security information using the public key, and only the private key can be used to decrypt this information. The private key is never passed over the air, and as such is unavailable to the passive eavesdropper.
Avoid the man in the middle
Another common type of attack is the so-called ‘man in the middle’ attack, where the hacker acts as a middle man between two communicating devices. To avoid this problem, most secure systems authenticate the link over a separate data channel (also called out-of-band), so that the hacker would need access to both data channels to successfully break the link.
A good example of this is online banking, where a text or call to a cellphone or a PIN sent to a standalone physical device such as a ‘code brick’ is used as the authentication channel to login or complete any transaction.
An alternative authentication channel could also be something as simple as a unique code printed on the device being commissioned. This is common practice on new Wi-Fi routers and in Apple Homekit devices.
NFC is also often used as an authentication channel, since the short range of an NFC connection makes it much harder for signals to be intercepted by a hacker. The other advantage of NFC is that the user doesn’t have to manually enter or verify a passkey, which simplifies the commissioning process.
> Read also: Things you should know about Bluetooth range
Internet of Things security after commissioning
With the commissioning phase being the most vulnerable part of a product’s lifetime, this should ideally be a one-time activity.
Once commissioned, the security details should be stored in the device for future use, and the commissioning channel should be closed so that a hacker is unable to force a device to re-enter into the commissioning phase.
Of course, the need for secure commissioning needs to be balanced with usability, or people will not use the product. Commissioning should be straightforward for everyone, not just those with an ICT degree.
Finding the right balance
A recent study by researchers at the Norwegian University of Science and Technology in Trondheim concluded that scenarios that combine Bluetooth low energy with NFC technologies seem to offer the best balance of security and user-friendliness.
Use case: Configuring a BLE device via NFC
In this way, NFC can be used as the out-of-band channel for a Bluetooth low energy pairing. This combination provides authentication and limits the risk of both man-in-the-middle attacks and passive eavesdropping.