How to protect IoT with zero trust

While driving, sometimes a digital map guides you not to the initial route, but to an alternative route that reflects real-time traffic conditions. Even when using public transportation, you can check the fastest means of transportation among bus, tube, and taxi through a mobile application. This is a simple example of how IoT makes your daily life simpler and more convenient.

In industrial fields, IoT plays a leading role in innovation in productivity based on automation and artificial intelligence (AI). Since the UK's first 5G-based smart factory went live in early 2019, the combination of IoT and 5G has been showing amazing results across various industries. The UK has already introduced 5G network based IoT automation in many industries such as construction, manufacturing, logistics, and energy, witnessing process innovation in production, logistics, distribution, and inventory management.

As services using IoT become more diverse, the market is also growing rapidly. The global internet of things (IoT) market is projected to grow from $478.36 billion in 2022 to $2,465.26 billion by 2029, at a CAGR of 26.4% in the forecast period. The IoT market in UK is expected to grow by $21.81 billion from 2021 to 2026 at a CAGR of 11.80%.

Security concerns rise amid IoT market growth

However, there are not only positive aspects to IoT. The most serious problem regarding IoT is security. Privacy leakage incidents caused by surveillance camera hacking found in many countries are representative IoT security issues that we must address immediately.

If manufacturing machines connected to the network are hacked, production may be stopped or confidential information may be leaked to their competitors, resulting in enormous property damage. If medical devices are exposed to external threats, patients' lives may even be endangered. Again, if sensors in nuclear power plants fail to operate properly, a national disaster may occur as a result of radiation leakage. In case IoT devices for national disaster management are hacked, they may not be able to properly respond to large-scale disasters.

IoT includes various devices such as simple sensors without even firmware, personal smart devices, robots, vehicles, medical devices, home appliances and surveillance cameras in buildings. Therefore, it is not easy to identify all the numerous connected devices, and it is also difficult to manage vulnerabilities because they use various firmware, OS, software and hardware form factors. It is no longer news that IoT devices are connected to vulnerable networks and hacked to steal confidential information.

The most common security threats in the IoT environment are unauthorized device access, hacking of devices with vulnerabilities, and vulnerable patches and firmware updates. These incidents are expected to be resolved by adding a process that allows access, patching, and updating after verifying the integrity of IoT devices, patches and firmware.

For authentication of IoT devices, a trusted execution environment (TEE) is used as a software platform, and an independent security zone is created within the device to verify the integrity of devices and applications and the confidentiality of information.

Devices that don't support TEE can be protected using security chips such as trusted platform module (TPM) and secure element (SE). TPM is a hardware chip for cryptographic operation and key management, and SE is a hardware-based encryption storage that protects certificates and user data within the device.

Protecting IoT with zero trust through continuous verification and monitoring

TEE, TPM, and SE are not difficult to use, but the fact you have to replace the device you are already using poses a problem. These technologies must be applied from manufacturing IoT devices, but many manufacturers lack such a level of expertise. The fact manufacturing costs of IoT devices rise due to new technologies is also a burden for manufacturers.

Many solutions are being proposed to protect IoT while minimizing changes to the already established IoT environment, and one of them is zero trust. Zero trust is a security strategy based on the principle of verifying and monitoring all access.

With existing security, pre-approved devices were connected without strict authentication, and actions within the authority were considered normal. So, hackers stole the certificate of the device and disguised it as a normal device, to leak data and destroy the system by changing the authority without approval. In addition, by hacking the commands sent from the control server to the IoT devices, they made the IoT devices perform wrong actions.

Zero trust can prevent sophisticated and intelligent hacking, because it verifies the device every time it accesses even in a normal environment and continuously monitors the activity of the device. swIDch's IoT Auth Platform OTAC not only authenticates device access with a one-time authentication code that changes every time, but also continuously performs authentication even after access to verify the normal operation of the device. It can be installed as a lightweight applet that is only 4KB, so you can apply it without restrictions to the type and environment of IoT devices, solving various security problems that occur in IoT.

IoT can improve and streamline everyday life, enterprises, and society as a whole. It makes people's daily life convenient, supports health management, helps solve environmental problems by saving energy, and increases corporate productivity and secures social infrastructure.

However, vulnerable IoT threatens people's lives, jeopardizes the survival of companies and disrupts society. It is time to maximize the value of IoT by implementing IoT where security is guaranteed through zero trust.