Internet Of Things 简明教程

Internet of Things - Security

每个连接的设备都给攻击者创造了机会。即使对于单个小型设备来说,这些漏洞也很广泛。构成的风险包括数据传输、设备访问、设备故障以及始终开启/始终连接的设备。

Every connected device creates opportunities for attackers. These vulnerabilities are broad, even for a single small device. The risks posed include data transfer, device access, malfunctioning devices, and always-on/always-connected devices.

安全性的主要挑战仍然是与生产低成本设备相关的安全限制,以及设备数量不断增加,从而为攻击创造了更多机会。

The main challenges in security remain the security limitations associated with producing lowcost devices, and the growing number of devices which creates more opportunities for attacks.

security

Security Spectrum

安全设备的定义从最简单的措施跨越到复杂的设备。安全应被认为是随着威胁演变而随时间变化的漏洞范围。

The definition of a secured device spans from the most simple measures to sophisticated designs. Security should be thought of as a spectrum of vulnerability which changes over time as threats evolve.

必须根据用户需求和实施情况评估安全性。用户必须认识到安全措施的影响,因为设计不当的安全措施会造成比它解决的问题更多的问题。

Security must be assessed based on user needs and implementation. Users must recognize the impact of security measures because poorly designed security creates more problems than it solves.

Example − 一份德国报告显示,黑客破坏了钢铁厂的安全系统。他们破坏了控制系统,从而无法正确关闭高炉,导致重大损坏。因此,用户必须在决定采取适当保护措施之前了解攻击的影响。

Example − A German report revealed hackers compromised the security system of a steel mill. They disrupted the control systems, which prevented a blast furnace from being shut down properly, resulting in massive damage. Therefore, users must understand the impact of an attack before deciding on appropriate protection.

Challenges

除了成本和设备的普遍性之外,其他安全问题还困扰着物联网 −

Beyond costs and the ubiquity of devices, other security issues plague IoT −

  1. Unpredictable Behavior − The sheer volume of deployed devices and their long list of enabling technologies means their behavior in the field can be unpredictable. A specific system may be well designed and within administration control, but there are no guarantees about how it will interact with others.

  2. Device Similarity − IoT devices are fairly uniform. They utilize the same connection technology and components. If one system or device suffers from a vulnerability, many more have the same issue.

  3. Problematic Deployment − One of the main goals of IoT remains to place advanced networks and analytics where they previously could not go. Unfortunately, this creates the problem of physically securing the devices in these strange or easily accessed places.

  4. Long Device Life and Expired Support − One of the benefits of IoT devices is longevity, however, that long life also means they may outlive their device support. Compare this to traditional systems which typically have support and upgrades long after many have stopped using them. Orphaned devices and abandonware lack the same security hardening of other systems due to the evolution of technology over time.

  5. No Upgrade Support − Many IoT devices, like many mobile and small devices, are not designed to allow upgrades or any modifications. Others offer inconvenient upgrades, which many owners ignore, or fail to notice.

  6. Poor or No Transparency − Many IoT devices fail to provide transparency with regard to their functionality. Users cannot observe or access their processes, and are left to assume how devices behave. They have no control over unwanted functions or data collection; furthermore, when a manufacturer updates the device, it may bring more unwanted functions.

  7. No Alerts − Another goal of IoT remains to provide its incredible functionality without being obtrusive. This introduces the problem of user awareness. Users do not monitor the devices or know when something goes wrong. Security breaches can persist over long periods without detection.