Internet of Things security

New security technology which could stop cyber-attacks and protect the privacy of billions of smart device users worldwide could soon be available.

Samsung, the UK Parliament and the NHS are among the big names who have fallen victim to cyber criminals, who have deliberately infiltrated their computer networks and introduced viruses, with devastating consequences.

The route in is often through smart devices, which rely on an internet connection to work, but which usually have far less security than computers. The process of connecting these devices, allowing them to talk to each other and us, is known as the Internet of Things (IoT), but insecure devices have left organisations vulnerable to attack and individuals at risk of being spied on.

Now researchers at the University of Kent’s School of Engineering and Digital Arts (EDA), working alongside academics at the University of Essex, are developing an encryption technology, called ICMetrics, which could stop the attackers in their tracks.

It uses the unique set of identifiers in each device – both the software and the hardware – to validate the credentials of in-coming messages from another source. This is similar to biometrics technologies that use the unique identifying characteristics of a person to allow access to a device or account.

If incorporated into IoT devices it should make it impossible for other devices to trick an IoT device into sending it data, thereby reducing privacy concerns and reducing the risk of cyber-attacks. Additionally, as the technology would be built in to the device there would be no requirement for users to do anything to secure their devices.

Professor Klaus McDonald-Maier, from the University of Essex, added: “IoT devices are all around us, from smart fridges to systems to switch your lights on and off. Although the risk to individuals is limited, there is the potential for someone to eavesdrop on you and an attack could take down your heating system. This new technology could revolutionise the security of IoT devises and has the capacity to make a real difference to cyber-attacks.”

The Mirai botnet attack of October 2016 took advantage of the fact many IoT devices are insecure because users rarely change the default security settings. This allowed the Mirai botnet to infect millions of devices and then overwhelm internet services with Distributed Denial of Service (DDoS) requests. The ICMetrics systems could prevent such attacks and bring much needed security to the billions of IoT devices in use globally.

The technology is being developed as part of the Security and Privacy for the Internet of Things (SPIRIT) research project, headed by the University of Kent, working with the University of Essex, the University of La Rochelle and the University of Geneva. It is being funded by EPSRC through the CHRIST-ERA European funding programme.