Securing the Internet of Things
The Internet of Things is experiencing explosive growth but what’s being developed right now is a massive problem, creating a vast web of weak or totally unsecured connections.
Ioetec’s vision is to create a better safer secure Internet of Things, so we tackled THE most difficult problem facing the industry today, how to secure data from the edge node through to the end user.
As the Internet of Things (IoT) grows there are an ever-increasing number of interconnected devices gathering data on all aspects of our lives. Along with the technical complexities of implementing an IoT communications platform and scalable cloud infrastructure, there are concerns regarding the lack of security of these devices.
It is increasingly important to preserve the integrity, confidentiality and accessibility of data as well as safeguard against the dangers of these devices being exploited to launch cyber-attacks.
Security methods such as TLS are well established for large central servers such as those used by banks, however due to the complexity of the mechanisms used to protect this data they are not always suitable for the small, resource constrained devices used for IoT.
This has caused many manufacturers to ignore the problem and fail to implement adequate security and therefore suffer from security flaws such as weak authentication and encryption, default username and passwords, and poor update and patch procedures.
Ioetec Limited have developed an innovative solution to counter this issue – an end-to-end secure communications platform.
The Ioetec Service
As well as providing the communications and cloud infrastructure, the Ioetec solution uses encryption and authentication technology to ensure that data is secured from the sensor to the user. This removes the risk of existing vulnerabilities and provides security exclusively for the user, including privacy from third parties, and protecting data against malicious attackers, governing bodies and manufacturers.
The Ioetec solution is provided to the manufacturers to be included in their product so they do not have to design their own solutions. The service is free during development and only charged when product is sold to a customer and becomes live. Ioetec provide a simple range of subscription & technical services to ensure your IoT device works efficiently and securely for your customer.
The service is free during development and only charged when product is sold to a customer and becomes live. Ioetec provide a simple range of subscription & technical services to ensure your IoT device works efficiently and securely for your customer.
Get In Touch With Us
Secure By Design
The Ioetec service already meets all thirteen steps of the DCMS Secure by Design requirements and provides manufacturers with an easy to use, off the shelf solution.
|No default passwords||Automatic registration and key exchange. No default passwords required|
|Implement a vulnerability disclosure policy||All users notified of any vulnerabilities by firstname.lastname@example.org|
|Keep software updated||Checks version, hash code and end-of-life against database when device registers. Supports secure device code updates|
|Secure credentials and sensitive data||All sensitive key information held in transient memory. Device automatically re-registers if information deleted|
|Communicate securely||Ioetec uses AES for encryption and TLS/RSA for key exchange|
|Minimise exposed attack surfaces||Ioetec only requires a single port for each of socket and MQTT connection. All others closed. Cloud service fully secured|
|Ensure software integrity||Check version and hash code against database|
|Ensure that personal data is protected||Data is encrypted in transit and at rest|
|Make systems resilient to outages||Cloud service include automatic elastic scaling and geolocation resilience|
|Monitor system telemetry data||Automated procedure for monitoring server logs and performance and sending alerts using AWS Cloudwatch|
|East to delete personal data||Customer can delete account, sensors and data. Automatic projection of data as only the user has the unlock keys|
|Easy installation and maintenance||Automatic sensor registration with no user interaction required (apart from registering ownership)|
|Validate input data||All input on Ioetec web interfaces is fully validated. Guidelines provided to manufacturers for input to their data input sources|