This is the highlight of an article originally published by insight.tech on SmartAxiom IoT Cybersecurity.
If you’re a hacker, the equation is simple: Commandeer a lightly protected IoT endpoint, then use it to gain access to higher-value targets elsewhere on an enterprise network. It’s no surprise that cyberattacks targeting IoT devices tripled in the first half of 2019.
Such attacks are possible, at least in part because most IoT networks are based on centralized communications and security architectures like public key infrastructure (PKI). When dealing with thousands of distributed systems in the wild, PKI presents a number of challenges that leave IoT deployments susceptible to man-in-the-middle attacks, as well as single points of failure across a distributed network.
Trent Poltronetti, vice president at blockchain security company SmartAxiom, explains.
“The problem is that PKI involves a lot of certificates and this chain of trust back to the root certificate,” says Poltronetti. “If it’s well implemented, it’s quite secure, but if you’ve got these endpoint devices that are user-facing in the real world, then you’ve got to talk to some server far away that maybe has millions of devices hitting it.
“If a key is captured, you could do a man-in-the-middle attack and give fake data to the servers or to the devices. And then you’ve got this issue with whether to design the system to fail open so it still keeps running and the users are happy but the security is turned off, or just lock the whole thing down.”
So rather than trying to force a centralized security architecture onto distributed systems, why not just leverage a distributed security architecture like blockchain?
Click here to read more…
