Thursday, October 15, 2015

Security Threats in IoT

Internet of Things is the latest buzzword in today’s world of ICT. IoT is a new wave in the market which is all set to sensationalize our lives with no obscurity. There is an estimate that over the next decade or two about 26-100 billion IoT based devices will evolve surpassing the entire human population of the world. [Source: Gartner].
Now interconnected devices on such a large scale will bring forth the issues of privacy and security. Mulling over the solutions for such concerns is indispensable now. Devices under the umbrella of IoT will be interconnected with the help of IP addresses based out of IPV6 where each device will be identified with an IP address assigned to it. When you build a network using uniform standards, it becomes more vulnerable. Hence in a way the use of IP addresses will invite major security issues.

Following are the top five areas of security concerns with respect to Internet of Things:

Privacy Concerns: Majority of the IoT devices will indulge in collecting personal information like name, date of birth, address, health, credit card information and much more. Most devices would transmit this information across interconnected networks. If unknowingly users somehow misconfigure their home network, then it is very likely that their personal information can be exposed via wireless networks. The situation can even be fatal; imagine what can happen if someone hacks into a cardiac pacemaker or a car being driven on the road!

Insufficient Authorization /Authentication: A huge number of devices per single user would eventually end up with users keeping weak and simple passwords and sometimes common passwords. Many such users would also use the same password in the cloud for cloud products. This issue can be mitigated by defining strong password policies which may even fail if there are common passwords everywhere.

Transport Encryption: When information that is being transferred from one device to another device is encrypted; it is called Transport encryption. Transport encryption is crucial and failing to do so might also create a backdoor for hackers to extract information from the devices or the cloud itself.

User Interface: IoT devices will bring in security concerns with their user interfaces. These issues would include: persistent cross-site scripting, weak default credentials and poor session management. Hackers can identify valid user accounts and take over control using features like password reset etc.

Device Constraints: IoT would work if only if the end devices use as little energy as possible. This means that the devices will have comparatively low processing power. Hence devices cannot run a complicated security software else it would hamper its processing speed. Developing specialized security software for such devices will be another issue. Also many current firewall systems may not control the traffic flows into these devices which is another security concern.

Therefore security threats for IoT should be addressed throughout the device lifecycle i.e. from its initial design to its operational environment. This will include: Secure Booting, Access Control, Device Authentication, Firewall and IPS, Updates and Patches etc.
Simultaneously security at both the device and network levels is crucial for the successful operations of IoT. Fortunately, this need not require a revolutionary approach, but rather an evolution of steps and controls similar to those which have proven successful to a greater extent in IT networks. Instead of searching for an exclusively revolutionary solution that as of now does not exist, one can focus on delivering the current IT security controls and measures adapted and optimized to an extent to address security threats for the new and complex embedded applications and  systems driving Internet of Things.


Deepika Dave
Batch 2017
Symbiosis Institute of Telecom Management


Spectrum Sharing - India

Exponential growth in consumer demand for wireless services is driving the evolution of wireless networks towards high speed data networks. But with most spectrum already allocated, it is becoming exceedingly difficult to find vacant bands to either deploy new services or to enhance existing ones. It has also been found out that a significant amount of spectrum remains idle at any given point of time and location. To issue the problem of call drops and ease telecom congestion, Government of India on August 12, 2015 allowed Telecom operators to share airwaves in the same band by giving approval to the guidelines of Telecom Regulatory Authority of India (TRAI). This will also help to improve spectral efficiency and Quality of Service.
 
Some of the important guidelines are as follows:
1) Spectrum sharing would be allowed only when both the licensees are having spectrum in the same band. 
2) Spectrum usage charge will be levied on the entire spectrum holding in the particular band and spectrum including traded spectrum will be shareable. 
3) Spectrum usage charge of each licensees post sharing shall increase by 0.5% of Aggregated Gross Revenue (AGR).
4) Both licensees sharing the spectrum will have to give a prior intimation for sharing the right to use spectrum at least 45 days before the sharing starts. 
5) Sharing will be permitted where both entities are having administratively allotted spectrum where one entity has spectrum acquired through auction (liberalized spectrum) and other entity has spectrum allotted administratively, sharing shall be permitted only after spectrum charges are paid for liberalizing the administratively allotted spectrum. Spectrum sharing is an alternative of auction to companies who need more airwaves for expanding their wireless bandwidth to deliver high speed internet services.

Spectrum sharing is taken as a welcome move by telecom operators across the country. Telecom operators like Uninor who have not won any spectrum in February 2015, will benefit by this decision.  After the government allowed spectrum sharing, Reliance Communications (RCOM) and Reliance Jio Infocomm announced on 14th August 2015 that they are set to ink a pact that will enable Jio to offer fourth generation (4G) services over the 800 MHz band across 10 circles. The airwaves sharing pact will allow Reliance Jio to access 10 MHz of contiguous 4G bandwidth in Mumbai, UP-East, Orissa, Madhya Pradesh, Bihar, Assam, Northeast, Haryana, Himachal Pradesh and Jammu & Kashmir. Reliance Communications too will benefit as it will gain access to Jio's 4G network in the 10 circles at virtually zero incremental capex costs.


Parth Vora
Batch-2017
Symbiosis Institute Of Telecom Management