The Construction of Security System under the Internet of Everything
Reading: Gartner, Inc. It is predicted that there will be 8.4 billion Internet of Things smart devices worldwide by the end of 2017, an increase of 31% over 2016. The agency also predicts that the total number of IoT smart devices will increase to 20.4 billion in 2020. The market for IoT smart devices and application services will expand to $200 billion in 2017.
Gartner, Inc. It is predicted that there will be 8.4 billion Internet of Things smart devices worldwide by the end of 2017, an increase of 31% over 2016. The agency also predicts that the total number of IoT smart devices will increase to 20.4 billion in 2020. The market for IoT smart devices and application services will expand to $200 billion in 2017.
In China, many investment consulting agencies are continuing to focus on the Internet of Things market. Many technology companies have already promoted their IoT products in security, automotive, construction, and finance. After focusing on and experimenting with some of the Internet of Things software and hardware products and services, we concluded that most products on the market lacked some basic security genes. For customers with high security needs, such as high-end retailers, factories, banks, security and public security industries, IoT products cannot be used in these industries.
A qualified security IoT product needs the following basic security capabilities:
Anti-intrusion and blackmail
A qualified IoT device or service requires a strict hacking and ransomware module. In 2015, 220,000 accounts of global Apple mobile phone users were invaded by hackers. Most of them were Chinese users. Compared to the relatively complete account system of Apple's mobile phones, most cameras, routers, and sensors in the market have only simple username and password settings. These terminal IoT devices are very vulnerable to attacks when they are connected to an external network.
Anti-data fraud and tampering
The 2010 Stuxnet worm tampered with the logic controller's data, causing a delay in Iran's nuclear program. In 2013, Syrian hackers played Obama’s injured fake news on the official radio’s Twitter account, causing the Dow Jones index to fluctuate. These examples are all serious impacts of data transformation. For a number of high-risk industries, such as chemical plants, security and public security industries, the ability of any IoT device to prevent data fraud and tampering will be examined.
Most of the personal Internet of Things (IoT) devices on the market are now connected to the Internet, and the device's control rights are assigned by users. Due to the easy-to-use requirements of individual users on security settings, device control rights can easily fall into the hands of hackers, resulting in the proliferation of zombie computers. In 2011, the FBI uncovered the Coreflood malicious program, which caused about 2 million personal computers worldwide to become part of the botnet. In order to address some of the basic security requirements for IoT devices described above, IoT devices and service providers need to be strengthened in the following aspects:
Internet of things equipment monitoring system
For every intelligent hardware connected to the Internet of Things, the product provider should provide the ability to connect to an independent device monitoring system. This equipment monitoring system should have the following basic functions:
· Device hardware status monitoring
· Device network connection status monitoring
· Software function status monitoring in the device
The IoT device itself also needs to enhance the device's own account authentication system, which includes the following functions:
· Force users to modify the default account and password
· Add Intrusion Detection Module
· Electronic signature authentication
Depending on the underlying hardware information of the Internet of Things (IoT) device, the device authentication system of the Internet of Things can be implemented by using the physical anti-replication technology (PUF) hybrid device cryptosystem. This kind of IoT hardware with strong security features is the foundation of the Internet of Things security solution.
The principle of PUF itself is to rely on the physical characteristics of the SRAM. After the electrical components are powered on, the grassroots organization also starts up and switches between 0 and 1 bits. Due to slight differences in physical properties, this bit signal is not the same in every wafer. The contents of these initiated bit signals can be converted into the unique "biological characteristics" of the device and used as a basis for authentication of the device's underlying device.
The PUF system authentication method is shown in Figure 1.
At the same time, on the data storage protection of the equipment, we are building the data storage and encryption protocol of the embedded blockchain technology based on the above-mentioned IoT hardware to create the principle of the system:
Imagine a 100-piece distributed database cluster IoT device deployed on the customer's intranet. If these devices are controlled by hackers, the data owners in these 100 devices become hackers and all nodes are within the customer's premises. In the network, so the hackers can make these 100 devices do anything, and hackers have absolute rights to use these devices. This situation is not allowed to happen.
Now the equipment is built to break the control authority of the 100 devices, and the node data for each control authority is the same, that is completely redundant, and all the nodes are in the wide area network, in other words this is 100 There is no trust between nodes, and there is no entity. It has absolute usage rights.
In addition, the following rules need to be revised, as shown in Figure 2.
· The process of exchanging data for each device node is not tampered with;
· Each device exchange history cannot be tampered with;
· Each device node's data will be synchronized to the latest data, and recognize the consensus of the latest data;
· Based on the principle of the minority obeying the majority, the data maintained by the overall node objectively reflects the exchange history.
The Internet of Things itself is still a new thing, and it requires the formulation and improvement of rules and regulations at the national level. At this stage, the landing and improvement of IoT products depends on the users themselves. Only IoT products that incorporate management processes and appropriate hardware and software technologies can increase the efficiency, security, flexibility, and automation of IT equipment.