Skip to content

Most Useful IoT Security Info Sources

April 28, 2017

Want to know exactly how to assess the end-to-end security needs of an IoT system?  Want to understand the limitations of IoT devices acting like servers, and a much, much simpler alternative?  Want to inform a non-technical person about IoT security?

I’ve found the 3 links listed below to be some of the most useful ones I’ve encountered in the area of IoT Security since I got started in IoT a couple years ago.  For more IoT security links please see my November 30, 2016 blog article Internet-of-Things Security — Info Sources.

1. Want to know exactly how to assess the end-to-end security needs of an IoT system? While this link includes the traditional IT security required for IoT systems, it also brings in other areas of security as well, e.g. physical security of IoT devices.  The Microsoft white paper “Evaluating Your IoT Security” published in March 2017 presents an “IoT Security Evaluation Framework” that deals with a complete list of threats, their consequences, and security evaluation strategies.  It also contains links to other valuable info sources, like the European Union Agency for Network and Information Security (ENISA) Threat Taxonomy:  “a rich and multi-level definition of threats” that goes far beyond the bounds of traditional IT security.

2.  Want to understand the limitations of IoT devices acting like servers, and a much simpler alternative? Clemens Vasters’ excellent blog article “Service Assisted Communication” for Connected Devices provides a deep dive into this area, and more. This is a must read article for IoT system developers since it shows specific ways how using services to communicate with devices can both dramatically simplify an IoT solution, while also significantly increasing its security.  One key concept used is that devices always act in the role of a client, calling services.  “Devices do not accept unsolicited network information.  All connections and routes are established in an outbound-only fashion.”  Mr. Vasters presents 7 fundamental principles.  They are backed up with a detailed exploration into device connectivity through a number of the network layers, exploring the strengths and weaknesses of various security techniques.

3.  Want to inform a non-technical person about IoT security on Azure? The Microsoft white paper “Microsoft Azure and Data Compliance – In the Context of the Internet of Things (IoT)” published in March 2017 presents a good non-technical discussion of the IoT security capabilities Microsoft provides in Azure, and why they are necessary.  This is aimed at the decision makers in an organization.

I hope you find these links as useful as I have.

George Stevens

Creative Commons License

dotnetsilverlightprism blog by George Stevens is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License. Based on a work at dotnetsilverlightprism.wordpress.com.

Advertisements
Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: