Securing Smart Devices
To protect the rapidly growing edges of large networks like those found in the IoT, it is important to work with a new paradigm. This blog post will first cover the basic tenants of that model and then show how Bear secures the edge.
New Security Challenges
Unlike older topologies, modern enterprise edge systems operate under a different set of conditions highlighted in the following list:
- Disconnected State
- In older systems, every device can be directly connected, for the most part, to a central set of controllers.
- Modern systems are often disconnected, intermittently connected or connected through thin channels
- Protocol Arrays
- Most core enterprise systems are connected using Ethernet and those struggle with simply one-offs such as WiFi/BYOD
- New systems, especially in the IoT, leverage a massive range of protocols – RF, WiFi, Bluetooth, OTA and others
- Inconsistent Minimum Levels
- Implicit in the management and security of core enterprise systems is the concept of a minimum level of support or “the device will at least have X resources.”
- More and more, this minimum level is being divided by a chasm – between tiny endpoint sensors/effectors and larger, more traditional devices such as computers and servers
- Existing security just does not scale, and we have other blog posts on those issues, but the fact remains that the underlying models used by current options just cannot handle large volumes of devices
- On top of this matter is the inherent complexity of devices at scale and, since almost all modern security options rely on manual intervention, there is no clear way to manage these endpoints
- The ability to see is critical for protection and yet most current options run under a fire-and-pray model with the hopes that nothing is compromised
- In more consistent networks with advanced edge protection, this approach was somewhat viable, but the violate world of the IoT and mobile computing have rendered this approach obsolete.
Before discussing the solution in more depth, it is important to understand that “security” is a vast and complex beast and, while visibility can help a large number of issues in the security umbrella, Bear focuses its protective services on communications security. Most people, led by savvy marketing people working for inadequate security vendors, think that communications security can be reduced to encrypting data between two devices.
That is just wrong.
Security has to start with knowing the endpoints – what good is encrypting data between two devices if one device is an intruder? Not authenticating devices are akin to opening a browser on your computer to your bank (encrypted BTW) and then leaving your laptop in the middle of the street. The data is protected in transit but do you really want to know who is working with your account?
Second, security has to include authorization – are the two devices allowed to talk with one another. Go online, read about some malware attack and then think about it. Somebody got malware on one internal computer and that malware spread throughout the enterprise. Unchecked. Had the devices been running even basic authorization rules, the invasion would have been mitigated. Had they been running a full blown version of Bear authorization, the malware might have never gotten off the first device.
Once the devices are known AND authorized to talk then, the communications can be encrypted. Here, again, current option have issues as they remain relatively static over time. That limitation was not a huge effort when connections were people surfing the website for a few minutes but the IoT runs sessions for years at times and using static encryption is a well-known exploit.
The Bear Solution
Bear provides a new approach to security that leverages policies to define all behaviors on a device. For this discussion, a Bear policy determines how a Bear client authenticates itself, authenticates itself to others, authorizes communications and then protects communications over time. These policies are created through a central visual platform we call Formosan and then those policies are securely delivered to the endpoints.
When two devices connect, all security occurs directly between those two devices.
There are no third party connections, certificates or anything else involved – this is a pure peer-to-peer security effort that leverages some sophisticated processes to ensure integrity, and that is highly resilient to compromise. In fact, the way in which Bear is placed on a device – we call that Seating – both enables us to continuously authenticate the device and it provides us the ability to never share sensitive information over an insecure line of communication.
Due to the nature of these interactions, systems typically run even in a disconnected state as only the policies resident on a device during communication setup are used. Thus a system might be isolated, and yet it will still function as expected. When the connections come back online, new policies can be used to update the devices’ behavior, but those connections are not needed for ongoing operations.
This entire security system sits in the Bear Invisible Layer which is software running directly on top of a network card (or BLE receiver or other such option). The location of this layer is critical as it allows Bear to run across all physical mediums – Ethernet, WiFi, Bluetooth, RF, OTA, even microwave – with no issue. Thus the highly diverse world created by other security options becomes a unified, protocol agnostic, solution using Bear.
Bear also provides two main types of clients – Kodiak for devices with more resources and a lightweight alternative for small systems called Koala. Kodiak might employ, as one example, some number of encryption algorithms and an even larger number of security keys on communications flowing between two Kodiak clients for maximum protection over time. Koala, on the other hand, can leverage our patent-pending implementation system to hash values uniquely from a BLE device before sending those values to a Kodiak client. The Kodiak client will then know exactly from where the data originated and be the only device able to revert the hash to its original value. Ultimate flexibility wherein security adapts to its environment rather than the other way around.
Since Bear works in a pure peer-to-peer model, scaling to secure millions of devices is not an issue. Moreover, the Kodiak clients support workflow engines that can be leveraged through policy to handle a range of behaviors – from adapting to a device malfunction through data re-routing to intrusion detection response to configuration control. Bear leverages this system in a group setting to validate continuously the policies running at each level in a large system. Since policy changes handle all behaviors and since code revisions are avoided, even events reaching the central system can be quickly resolved remotely through a visual interface. We call this “actionable visualization” and it is how Bear handles systems at scale.
Given that Bear is running on each device, the Formosan Suite can provide complete visibility from the highest view to the granularity of a single device. With Bear, admins can see what they are controlling and directly take actions through a central platform…much better, we think, than a text at 3 AM saying something went wrong…