Security Review and Summary

[From the last episode: We looked at some state-level laws regulating IoTThe Internet of Things. A broad term covering many different applications where "things"  are interconnected through the internet. securityRefers to whether or not IoT devices or data are protected from unauthorized viewers..]

OK, wow, we’ve come a long way without coming up for air. Let’s review what we’ve discussed since our last review.

• We started by looking at another IoT application: a new idea for a glucose tester.
• We then picked up the security topic first by reviewing what we already knew…
• We then started looking at encryption, which is fundamental to any security.
• We saw that there are different types of keys used for encryptionEncryption refers to encoding and decoding (or encrypting and decrypting) data so that it can't be read unless you have the right key. It's critical for good security..
• We discussed how IoT devices prove that they’re authentic through the process of authentication.
• We then looked more at keys, and the fact that different keysA number used to encrypt (or encode) information so that no one can read it. Keys are used when encoding and decoding. You shouldn't have to mess with keys yourself. may be used at different times – some of them being temporary keys for use only for one session. We also saw what it takes to store keys securely in IoT devices.
• We moved from authenticationThis is the act of proving to some other entity that you are truly who you are representing yourself to be. That is, you're not pretending to be someone else. "You," of course, means a computer or IoT device or any other entity trying to make a network connection with another computer or device. to authorization. Once you’ve proved that you’re you, then the question is, what do you have the authority or permission to access?
• We then discussed what softwareIn this context, "software" refers to functions in an IoT device that are implemented by running instructions through some kind of processor. It's distinct from "hardware," where functions are built into a silicon chip or some other component. engineers call hashingA way to combine the contents of a message to generate a value that is almost unique to that message., and how we can go from that to a digital signature.
• We then saw how digital signaturesAn encrypted digest that can be appended to a message or sent separately from the message. help us prove that code hasn’t been monkeyed with – that it can be trusted – through a process called attestation.
• We then talked about why it’s important to update IoT device software.,,
• … and how one can do those updates securely…
• … and what happens if an update doesn’t work properly.
• We then looked at a super-important topic: what your personal role is in helping to maintain IoT security.
• We saw how blockchain technology has a potential role in IoT security.
• At that point, we took a break to look at yet another IoT application: sensors for shipping container forensics.
• We looked at some guidelines that the UK has written up for IoT security.
• We looked at the many different roles security can play in the OSI communications stackRelated to communications: A way of organizing parts of a complicated process (like communications) so that any task relies on tasks below it and feeds the tasks above it. Related to computing: A place in memory where you store “where was I?” information when you go from, say, one function into another. Before starting a new function, you store where you were in the old one so that, when the new function ends and you’re back in the old one, you can figure out where you were and continue on., with different types of security on different layers
• We then started looking at hardwareIn this context, "hardware" refers to functions in an IoT device that are built into a silicon chip or some other dedicated component. It's distinct from "software," which refers to instructions running on a processor., and, in particular, how hardware can help establish what’s called a root of trust. Important in a world where you’re really not supposed to trust anything or anyone.
• We then saw ways that such hardware can be attacked, along with ways of protecting the secrets stored within hardware roots of trustA chip of some sort that stores security artifacts like keys and certificates. It can perform the security operations itself so that those artifacts never have to (and can never) leave the chip..
• We looked at some of the nuances of real-world security by examining the Amazon Key IoT application.
• Finally, we looked at an attempt by some states to regulate IoT device security.

Phew, that was a long run without a break. And, just to review at a higher level, we’ve spent time talking about high-level IoT notions, we’ve dug into sensors and actuators, we’ve spent time understanding communications details, and, of course, we’ve spent a ton of time on security. Along the way, we’ve occasionally looked at products and applications and other topics that have put the IoT in the news.

Next we start looking at the computing aspect of the IoT. This will particularly relate to how cloud computing works (at least as is visible today, since it’s changing quickly).

But, for the moment, you’ve earned a well-deserved breather. Back at it next week.