Is Secure IoT device possible?

In 1926s, Nikola Tesla stated “When wireless is perfectly applied the whole earth will be converted into a huge brain, which in fact it is, all things being particles of a real and rhythmic whole………and the instruments through which we shall be able to do this will be amazingly simple compared with our present telephone. A man will be able to carry one in his vest pocket.“.

Almost a century ago, Nikola Tesla deduced from potential power of wireless devices and now these devices got different dimension by introducing IoT device boards.[1][2][3] Nowadays, we can see IoT devices in almost everywhere, many systems has been started to utilize IoT device features. Since there is not any tool or software that provide developing IoT application without requiring programming and hardware knowledge, developing IoT application is still advance topic for beginner users. In addition to previous one, another important thing is keeping these device in secure. Nowadays, hackers started to tend to hack IoT devices to create them to BotNet device, there is a lot of point for this hacker’s tendency. Most important one is that most IoT devices have many vulnerabilities that stems from developing application without giving attention to security. To illustrate, let’s assume we have Arduino device and we want to connect it by using WiFi shield. If we use it without updating it’s firmware and not giving attention to it’s configuration, it can be vulnerable for latest attack for IoT device. There is many BotNet attacks that stem from default passwords of WiFi shields of IoT devices. [4]

As you read my bio page, I am researcher at Cyber-Pysical Systems Security Lab in FIU. We have been trying to answer one of the famous questions, “Is Secure IoT device possible?”.  In my opinion, the only way to secure all information is stoping to use these devices. What if we can not stop to use, what if we need them.. We thought we could create software that could program IoT devices with various sensors by creating secure code on behalf of user and then we started to develop software which is named “Proviz”.

Proviz is a desktop application that can run under almost every operating systems, it supports 3 IoT devices( Raspberry Pi, Arduino, Beagleboard devices) and over 20 various sensors. Users can create their sensor applications with network connection support by using two different programming mode. These network connection are Bluetooth classic, WiFi and serial USB cable connection for now, but we are trying to extend by adding new connection ways such as XBee, BLE..

First one is visual programming mode, users can create their IoT application by using sensor drag&drop feature. Users simply drag sensors to canvas and then they adjust sensor’s parameters. These adjustable parameters are upper bound, lower bound, sample rate and timeout values. After adding sensors and adjusting thresholds of sensors, they simply click compile button and Proviz creates codes to be flashed through three different ways which are Bluetooth, WiFi, serial cable connections.

Second programming mode, it excites me very much, is code based programming. This may not be suitable for beginner users but I believe that it will change development way of IoT devices. I created new programming language that can rule out three IoT devices. Once user uses my programming language and writes code, s/he can program Arduino, Beaglebone, Raspberry Pi devices without changing any part of his/her code.

After adding devices to our canvas, user can easily track ouputs of these devices by looking canvas, our software gives tracking devices at same window with alarm mechanism. If any device exceeds its threshold, our software shows threshold exceed violation on canvas and it warns to user about it.

Since all generated codes are tested in our security environment and our software makes penetration test on it before releasing to IoT devices, this software can make our IoT devices more secure.

I will share more information about Proviz in coming days, please keep in touch!

If you want to proviz support more sensors or IoT boards, please contact me by giving information about what it is and where we can find it.

References

[1] Arduino, https://www.arduino.cc

[2] Raspberry Pi, https://www.raspberrypi.org

[3] BeagleBone, http://beagleboard.org/bone

[4] Source Code for IoT Botnet ‘Mirai’ Released, https://krebsonsecurity.com/2016/10/source-code-for-iot-botnet-mirai-released/

Leave a Reply

Your email address will not be published. Required fields are marked *

*