Why does the coffee machine have an account?

Last year's loud news about a coffee machine, which infected computers of one of the European petrochemical plants with an extortion virus, as well as other frequent cases involving home appliances, robot devices, drones and other smart devices and systems used in the city, office, enterprises, production and other areas about which we hear more and more often from the media, for example:

• home cleaner robot, independently turned on, climbed on the included electric stove, pushed the pan on the burner and burned itself, almost burning the apartment of its owners;
• a robot guard buried in the fountain of the business center;
• a robotic lawnmower who escaped from his job and cut a hose with fuel along the way;
• a robot surgeon who beats up patients during operations and holds tissue of internal organs with his hand;
• interception control unmanned aerial vehicles;
• cases of disconnection of industrial devices responsible for control, heating and cooling systems;
• hacking smart children's toys, watches, fitness bracelets and other wearable personal and office devices,

All this makes us have long to think about the security level of smart systems and devices that we encounter in everyday life ...
')
Some of these cases can be a simple malfunction of smart devices, but most of them are still planned malicious acts aimed at obtaining various benefits through perfect actions.

In the era of a huge number of hacker attacks and other cyber threats, you need to increase the security of your own and corporate devices. And for companies to think about the security of using smart systems in their business processes, in industry, manufacturing, medicine, etc., primarily to reduce the risks of simple equipment failure due to third-party interventions and of course protecting transferred, corporate and personal data.

Smart things are already accompanying us everywhere: in the city, at home, in the office, as well as in medicine, transport, manufacturing, industry, agriculture, logistics, power engineering and other areas, and every year this list is growing, and we are getting closer and closer We are approaching a “smart” but not yet safe environment.



In the fast-growing market of the Internet of Things, as one of the most promising technologies of the next years, developers devote little time and not very important safety of devices, focus on developing the systems themselves, so as not to lose their niche in the market and be one of the innovators in this area services.

Such a race in the development and release of new and new smart devices gives attackers how to turn around in their guises.

Today I will not focus on the types of IoT devices and their security in general, but I will try to pay a little attention to the issue of managing accounts and user access to these devices and to the functionality that IDM systems need to pass from applications to things.

So what is IDM for IoT? What will need to be considered when building IDM systems? What awaits us in the near future?

The implementation of IoT implies a complex interaction between people, things and services, from which the need for ensuring the constant verification of accounts and the relevance of access rights between applications, systems, devices / things rationally follows.

The fact of transparent interaction between devices and transmitted data, control over them will be crucial for the success of IoT, both in the consumer and in the industrial space. IoT solutions should offer a set of user account and access rights controls that can correctly determine who has access to what, be able to authenticate users, check authorization policies and access rights.

According to leading analytic agency Gartner, by the end of 2020, 40% of IDM solution providers will have to upgrade their solutions for working with the Internet of Things (IoT), compared with 5% today.

WHAT IS IMPORTANT?

Applying accounts to devices

It will be necessary to determine the attributes that may constitute, so to say, the identity of the device. It will be necessary to create a general scheme or data model that IoT manufacturers could use to make the registration, verification and authentication process simple and repeatable. When a set of attributes is defined and assembled from a device, they must be used during the device registration process. For some devices, registration may require some additional unique verification, for example, to confirm that the device itself is legal.

Interaction

The interaction between people (person-person) will no longer be enough, it will be necessary to establish other relationships between devices, things, people, services and data), it will be necessary to use the principle of many-to-many interaction.

Some of the relationships will be used for temporary access to data, while others will be permanent / long-lasting, such as "man-smart device" or "smart device-smart production." These interactions should be recorded, verified, and then canceled, if necessary.

Authentication and authorization

The authentication and authorization components will have to be applied at each stage of the IoT data flow. The following protocols are currently supported: OAuth2, OpenID Connect, UMA, ACE and FIDO.

Access rights management

Creation and / or management of attributes: user and device - will have to occur, both at the stage of loading, initialization of the device, and at the stage of user registration. Standards developed in this area: LWM2M, OpenICF and SCIM.

As we know, the traditional IDM class systems are designed to issue access rights to the company's internal systems in the network perimeter. The evolving technology of the Internet of Things requires more dynamic IDM class solutions that are capable of servicing and connecting not only internal users, customers and partners, but also devices and smart systems, regardless of their location, thereby expanding the possibilities of providing protection in the conditions of digital transformation.