A doppelgänger model for IoT security in 2017
Contributed by Patrick Kerpan, CEO and co-founder, Cohesive Networks
In June 2016, Cisco estimated that global IP networks will grow to support up to 10 billion new devices and connections, up from 16.3 billion in 2015 to 26.3 billion by 2020.
This article originally appeared on VMblog
There are 2 key IoT inevitabilities to watch for in 2017. First, the future will not really be “the internet of things” but the “internets of things.” Rather than all devices connecting on one network, it will require many networks and many layers of devices. Device owners, enterprises, home automation enthusiasts will probably want to have all of the connected devices on a private, internal internet. Because there are now so many devices connecting to a network, the address blocks will be huge.
The quick solution to save address block space is also a practical first step for security too. The second inevitability is that our “things” cannot be allowed to directly connect to each other just yet.
Three large direct denial of service (DDoS) attacks this fall have shown the massive force of networked Things. A “botnet” of compromised IoT devices called Mirai has played a part attacks on security expert Brian Krebs’ website, KrebsonSecurity.com, and French cloud provider OVH. The massive DDoS attack against KrebsOnSecurity.com pummeled the site with denials at 620-gigabit per second. The OVH attack also used Bashlight, another IoT botnet, that involved a combined 30,000 Internet-connected cameras and DVRs.
As if we needed more proof, the massive Mirai based DDoS attack on October 21st took down much of the internet. The attack targeted the Domain Name Service (DNS) infrastructure provider Dyn, effectively taking the legs out from under many internet services. The Mirai attacks are a signal that in the world of devices and things, there is a legitimate need for security as well as an understanding of how IoT devices connect via networks.
IoT is too immature of a space to let “Thing A” talk directly to “Thing B” and have the ability to perform an action. What the IoT market needs is a “state model” for connecting devices to each other. Rather than have a variety of devices on a network, owners should use a node model to connect them AND force them to operate independently.
In other words, users need to set up a “doppelgänger node” of each thing in the cloud. With this “doppelgänger model” setup creates a doppelgänger or a proxy of Thing A in cloud. The Thing A proxy that can directly communicate to the Thing B proxy in the cloud, maybe with some traffic analysis to make sure it’s the right kind of traffic going between them. This way Thing A and Thing B’s proxies can only talk to the doppelgänger version, not directly to the real Thing A. The mirrored doppelgänger model creates a hub and spoke connection between the real Thing A and its proxy, as well as a way to control traffic between devices.
The doppelgänger model is the future of secure IoT. The model of multiple networks with proxies in between can prevent IoT security disasters in 2017. For every device that is ‘real’ there must be a doppelgänger in cloud. That way people can more directly manage the cloud version of their “things.” It sounds wild, but IoT traffic will have to travel 8000 miles to go 4 feet from Thing A to Thing B in order to be safe traffic.
About the Author
Patrick Kerpan is the CEO and co-founder of Cohesive Networks. Mr. Kerpan is responsible for directing product, technology and sales strategy. Mr. Kerpan brings more than 20 years of software experience to the role of CEO and was one of Cohesive Networks’ founders in 2006. Previously he was the CTO of Borland Software Corp which he joined in 2000 through the acquisition of Bedouin, Inc., a company that he founded. Mr. Kerpan was also the vice president and general manager of the Developer Services Platform group at Borland, where he was instrumental in leading the Borland acquisition of StarBase in 2003. Before founding Bedouin, Inc., Mr. Kerpan was a managing director responsible for derivatives technology at multiple global investment banks.
Published Monday, November 14, 2016 on VMblog
By: Margaret Valtierra