Harbor Research - Designing Security for the Internet of Things & Smart Devices

White Paper SECURING THE FUTURE

Designing Security For
The Internet of Things
After a decade of rampant
growth, we see that the
Internet’s architecture has
been both a blessing and
a curse. It has evolved to
become the fundamental
platform for all intelligent
devices to share information.
The dliemma lies in the fact
that the network of networks
is still quite vulnerable to
security issues and the IT
community who we trust
are working to resolve these
challenges are still operating
with outdated models that
cannot serve the needs of
a truly connected world.

One company, Mocana
has developed a unique
approach to networked
device security that offers
a proven foundation for
the complexity of a global
information economy. Harbor Research, Inc.
SAN FRANCISCO | ZURICH

Securing The Future - White Paper

W
Designing Security For The Internet of Things

2 hen it comes to preparing for the global
information economy of the 21st century, most
people assume that the existing IT community
and its army of technologists are taking care of
all the “details” – particularly securing the devices
and data that will continue to grow exponentially. They take it on faith
that the best possible tools and designs for securing transactions
and managing information are already in place. That is potentially a
huge unfounded assumption. This paper examines a new and unique
approach to securely enabling the growing number and diversity of
devices connecting to the Internet. Mocana demonstrates that it is
possible to migrate gracefully and securely to “the Internet of billions
upon billions of things” if we first accept that the tools available today
were not designed for the tasks they are now routinely performing.
IS OUR NETWORK GETTING TOO CROWDED
ur society is at the cusp of a perfect storm of network connectivity e concept of
network eﬀects states that the value of a network grows exponentially with the number
of nodes connected to it long with the value however so too grows the complexity of
managing the network the diﬃculty of securing it and the reliance of people and orga
nizations on these networks functioning properly

e nternet was designed in the s to allow the incompatible data networks and
computing systems of the time to share information—to talk to each other e n
ternet is literally a network of networks s we know it today the public nternet is a
worldwide embodiment of those original data communications protocols—which are
by design extremely simple e original designers made very few assumptions about
the data being sent and about the devices connecting to the network to send and receive
data

t is this extensible technology neutral basis of the nternet that has allowed it to scale so
dramatically and gracefully since its inception with minimal central administration e
massive volume of data points coming from the growing number and diversity of smart

© 2007-2008 Harbor Research, Inc. All rights reserved. http://harborresearch.com/

info@harborresearch.com


3
devices presents an unprecedented information management challenge o too does the
evolution of devices to network platforms capable of delivering and consuming
applications and services at data will require scrubbing filtering compression ware
housing analysis reporting and perhaps more importantly securing e astronomical
growth of connected devices that continues today and is predicted well into the future
pushes the bounds of what the designers of the nternet had in mind

e growth of devices on the nternet today is chiefly occurring in two distinct ways
e first is that previously separate networks – such as video voice cellular etc are all
migrating toward shared s opposed to organic growth of devices on the periphery
this trend requires the nternet to absorb wholesale transi
tions of full scale networks into its existing framework
Device Growth Statistics
t the same time new classes of devices are becoming net
work enabled e types of devices being connected today There are approximately 2.8 billion
extend far beyond the laptops and cell phones we have be
million new ones added daily - Projected
come so accustomed to ny manufactured object has the
potential to be networked oday virtually all products
that use electricity from toys and coffee makers to cars
and medical diagnostic machines possess inherent data the global network will need to
processing capability accommodate one trillion devices, most
of which will be wireless devices.
t thus follows that virtually all electronic and electro me
M2M communications are projected
chanical products are being designed with more and more
to surpass human-to-human
capabilities e fact that many common devices have the
capability to automatically transmit information about sta
tus performance and usage and can interact with people
and other devices anywhere in real time points to the in
creasing complexity of these devices or example today
the average mobile phone contains just over million lines
of code this is expected to rise to million by n
automobile on average has million lines of code this is
predicted to grow to over million by

bjects that operate completely independent of human interaction are being networked
as part of the growing trend in machine to machine communication ecurity
cameras transmitting digital video electric meters sending regular usage readings even


info@harborresearch.com • 800.595.9368 • 415.615.9400 • +41 435 000 153


4
simple sensors and circuit breakers are being enabled so they can talk to us and to
each other

is phenomenon is not just about the dichotomy between people communicating with
people or machines communicating with machines it also includes people communicat
ing with machines e g a networked and machines communicating with people
e g automated stock ticker alerts on your e nternet s most profound potential
lies in its ability to connect billions upon billions of smart sensors devices and ordinary
products into a global digital nervous system that will allow every business the ability
to achieve undreamed of efficiency optimization and profitability owever the nature
and behavior of a truly distributed global information system are concerns that have yet
to take center stage not only in business communities but in most technology com
munities too

WHY WE NEED TECHNOLOGY TO SAVE US FROM TECHNOLOGY
fter more than a decade of rampant growth we see that the nternet s inherent archi
tecture has been both a blessing and a curse ith the rapid growth of wireless networks
– from cellular to i i to ig ee – connecting these devices to the nternet has never
been easier hat we need is a remarkably agile global network that can comfortably
scale to trillions of nodes—some of them hardware some software some purely data
many of them coming into and out of existence or changing location constantly bvi
ously such a network cannot be designed in any ordinary sense ertainly it cannot
be designed top down

ome basic design principles must be put in place to guide the growth of this vast distrib
uted technological organism t demands that we design not only devices and networks
but also information interaction in ways not addressed by current e reader may
ask dont we already have a vast public information space called the orld ide eb
idnt the eb completely revolutionize human communication nd isnt the eb
working and scaling quite handsomely

lmost everyone will answer with a resounding es ut consider this analogy from
uckminster uller uppose you are traveling on an ocean liner that suddenly begins to
sink f you rip the lid off the grand piano in the ballroom throw it overboard and jump
on it the floating piano lid may well save your life ut if under normal circumstances
you set about to design the best possible life preserver are you going to come up with the
lid of a grand piano




5
e growing scale of interactions between devices with more and more features and the
antiquated client server architecture of the web is like that piano lid n a period of great
change and tumult it worked—in the sense that it kept us aﬂoat ut that does not make
it the best possible design or qualify it to be something that we should plan to live with
forever

et in the course of one mere decade the world has become so dependent upon the eb
that most people inside and out cannot bring themselves to think about it with any
critical detachment ven high tech business people use the terms the eb and the nter
net interchangeably without giving it a thought

Moore’s Law - Transistors Per Intel Chip Drive Growing Complexity

ut the eb is not the nternet e nternet itself is a simple elegant extensible scalable
technology neutral networking system that will do exactly what it was designed to do for
the indeﬁnite future e same cannot be said of the eb which is essentially an applica
tion running on top of the nternet t is hardly the only possible nternet application nor is
it the most profound one conceivable




6
e chilles heel in this story does not originate in browser software or markup lan
guages or other superficial aspects that most users touch directly ose inventions are
not necessarily ideal but they are useful enough for today and they can be replaced over
time with better alternatives

ather the growing bottleneck lies in the relationship and interactions between ever
more complex devices and the antiquated client server architecture of the web ith
memory and processor capabilities getting cheaper by the day product designers are em
bedding feature upon feature into their designs hat may finally bring oore s law to
its knees is the sheer complexity of software driving infinite interactions
e growing disparity of devices on networks is diluting the ability of technicians to ef
fectively manage them t is extremely difficult to keep up with the unique requirements
of each new device and all its advanced features ncreasingly what is needed is a means
of creating an abstraction layer that unifies common tasks and manages the complex
ity of implementation down to the device ustomers expect networked devices to be
functional ubiquitous and easy to use ithin this construct however the first two
expectations run counter to the third n order to achieve all three the network must be
loaded with intelligence

hen telephones first came into existence all calls were routed through switchboards
and had to be connected by a live operator t was long ago forecast that if telephone
traffic continued to grow in this way soon everybody in the world would have to be a
switchboard operator f course that has not happened because automation was built
into the network to handle common tasks like connecting calls

e are quickly approaching analogous circumstances with the proliferation of connected
devices or device networking ach new device that comes online now requires custom
ization and maintenance just to exist safely on the network and perform the same basic
tasks securing provisioning reporting etc as most others e must develop methods
to automate and facilitate these common functions otherwise the lack of technical ex
pertise will only get worse and will continue to hold back device networking from the
truly astronomical growth that many have forecast




THE INTERNET OF THINGS: HOW MANY THINGS & WHERE ARE THE THINGS?
ntelligent device networking is a global and economic phenomenon of unprecedented
proportions t will radically transform customer service resource allocation and pro
7
ductivity
Global Device Networking Market Growth is Exponential

arbor esearch expects that by there could be anywhere from million to
over one billion devices communicating continuously ese devices will drive new net
worked applications and services such as status monitoring usage tracking consum
able replenishing automated repairing and new modes of entertainment whose value
together could reach beyond billion in value added revenues from services ese
new services are based upon the convergence of networks embedded computing control
and content

casual but informed observer may say that is preposterous particularly considering
some of the fluffy prognostications from the e era ell consider that depending on
your definition of a sensor there are already more sensors on earth than people o the




8 well informed the potential scale of device connectivity and value added network services
is less a question about whether it will happen and more often a question about when

oon any device that is not networked will rapidly decrease in value creating even great
er pressure to be online evices will blend into every venue and vast opportunities will
arise for companies delivering managing and responding to the rich media and data
being generated
Any ‘Thing’ On A Network Can Communicate With Other ‘Things’ Across Global Venues

is is not an isolated phenomenon by any means o matter what means are used to
segment markets growing device networks have applications in every venue across the
global economy

nything that operates over – cell phones computers o phones car navigation
systems – is capable of intercommunicating with other devices is is relatively easy
to conceive of in the familiar contexts of consumer and business devices like these but
the chart helps illustrate some of the devices being connected in other less familiar areas
ophisticated expensive devices are among the ﬁrst to get connected so that they may
be closely monitored and report information about their status indmills pipelines




construction equipment oil rigs harvesters mass spectrometers and mass production
equipment – any piece of high value capital built within the past twenty years has some
kind of embedded electronics and the newer it is the greater the intelligence
9
ven in developing areas new networking technologies are keeping up with and even
outpacing growth here in orth merica ey have late mover advantage which
allows them to design infrastructures with new requirements and capabilities in mind
eveloping regions tend to skip steps that seem standard in first world countries

or example many developing countries use cell phones as their dominant means of com
munication as the wireless infrastructure is easier to set up than running telephone lines
to every house onsequently data communications must also operate predominantly
wirelessly raising the importance of developing technologies like i ax and cellular
broadband acking many preconceived notions for how certain products and devices
have functioned in the past these markets may well be among the most receptive to new
service centric offerings from networked product manufacturers and their partners

s oore s law persists and the price of embedding intelligence and connectivity into de
vices continues to fall networked devices push further and further into the mainstream
is process is somewhat self reinforcing as low prices are driven by high quantities and
vice versa making these devices increasingly prevalent in our lives and businesses hile
the growth is spread through all areas of our lives it is concentrated on the same global
network e immense growth that is just now beginning will continue to accelerate
creating new strains on existing infrastructure and skill sets

A DAY IN THE NEW NETWORKED LIFE
ust consider the number of devices that exist with the potential to be networked alk
through a typical day and note the variety of electronic devices with which you interact
ach device s uses and functions have the potential to be expanded with networking

ach of these devices can benefit from connected services and this is just the tip of the
iceberg is phenomenon has far reaching effects the likes of which have never before
been seen in business or our everyday lives e nternet versions and had broad
implications on how people and businesses interact with computers and other new in
formation devices but did not necessarily change every aspect of our lives evice et
working represents version of the nternet and it will be felt in everything that we




10 touch and do o matter who you are what industry or what job function this tidal
wave of change will be inescapable

Network Devices In Everyday Life Will All Drive New Services

THE STAKES ARE HIGH FOR BOTH INDIVIDUALS AND THE ENTERPRISE
oday s enterprises are evolving at a pace unseen before in human or business history
hile they grow they fall subject to an intriguing paradox as they become ever more
connected they also get more dispersed and visa versa lobalization and outsourcing
penetration of broadband networking and pressures to be financially lean have all con
tributed to the trend of distributing organizational resources hether it is managing
a work from home sales force or teleconferencing with clients on a different continent
organizations are relying on networks to keep them connected as they grow ever more
diffuse

s their prey evolves so do the predators so as enterprises improve and expand their
networks hackers are constantly developing new tools for breaking into them ot only




does this growth mean more endpoints for organizations to secure but even devices
thought to be protected are increasingly susceptible to attack skilled hacker can eas
ily circumvent security measures that are old weak or not properly configured
11
orporations invest millions of dollars on physical perimeter security for their offices
but what is the point if the information flowing constantly to and from the building is
not secure ith the increasing use of streaming media over networks like elecon
ferencing and o more and more valuable and potentially sensitive information is be
ing transmitted often unprotected et with these real time communication services
latency is misguidedly the main concern not security or fear that security measures
will slow down transmissions many are not secured properly if at all ffectively secur
ing these devices requires a solution that is highly optimized and can operate efficiently
without introducing latency and disruption to the communications process

hile corporations face security concerns over ever growing corporate networks simi
larly individuals must deal with concerns over their increasing vulnerabilities onve
niences like wireless credit cards cell phone payments online banking and more leave
us increasingly exposed to information interception and identity theft hether for
home or for enterprise no matter what type of business security is a common concern
and one that will be discussed in detail later in this paper

STRANGE BEDFELLOWS THE RISKS OF CONNECTEDNESS AND OPENNESS
etworked devices providing and consuming real time data and services will be the
hallmark of our new etworked ociety ese new devices will become portals into
other network resources in which device users will gain utility not only from the devices
themselves but from a variety of adjacent value added service providers s it evolves
this infrastructure will amount to nothing less than a global digital nervous system
for commerce—indeed for society itself

onsider the implications of pervasive networked devices not just on the user experi
ence but on the organization of businesses aligned to deliver value to these users e
value chain for a non networked device has remained relatively consistent for hun
dreds of years rom raw materials to components to finished products the obligations
of the manufacturer and their relationship with their customer essentially began and
ended at the point of sale

ost businesses have been built around this product centric paradigm – it is ingrained
in their culture and organizational structure to focus all of their efforts on selling a




12
physical product ut now device connectivity is changing the entire structure of value
delivery threatening long standing business models and forcing all companies to con
sider how to participate in service delivery and building ongoing relationships with their
customers

ather than owning declining profit commodities companies will aggressively need to
seek innovation in value added services and ensure that they maintain some control over
access to their devices in the field and the stream of device data coming in through them
ost importantly thanks to that device data companies will own their relationships to
customers in ways never before imagined hat happens after that point depends upon
the strategy adopted company could for example lease part of its stream of customer
information—and thus part of the customer relationship—to another company wishing
to provide value that is not part of the first company s business ther relationship own
ers could lease relevant parts of their own customer information back or share informa
tion in a joint venture or some other contractual arrangement

ew capabilities will bend the traditional linear value chain into a loop of complex in
terdependencies that will demand new thinking and will require new alliances with the
many new participants in the chain

usinesses that create the best ecosystem of alliance partners from complementary de
vice manufacturers to third party application software providers – will be the most suc
cessful evice manufacturers network service providers new software and value added
services players will all combine to create significant business and customer service value
or devolve into an environment of strange bedfellows
ven if a device manufacturer decided that it did not want to build an ecosystem and
instead wanted to vertically integrate and own all aspects of device networking for a
particular class of devices it must still embrace the concept of value added services and
recognize that it is the combination of hardware software and value added online ser
vices that define the ultimate value to end customers ou need look no further than
pple s i od device and i unes service for a present day example n a very short period
of time pple has rocketed to become the third largest music retailer in the world while
also creating a billion dollar revenue device business all with a device that connects to
a networked service




ow with the introduction of the i hone pple is entering a market that many would
consider saturated the cell phone market whose structure is the definition of linking de
vices and services ot only must a cell phone plan match the capabilities of the device
13
often the ongoing service fee is used to offset the upfront cost of the device n pple s
case they feel they can be successful here both for the revolutionary capabilities of their
device and for the range of new services it will allow or the first time the i hone al
lows uncompromised access to web content from a cell phone hile not fully open the
i hone will allow third party developers to write web based applications for the device
is is sure to cause significant disruption to the market as a broad range of new partici
pants start gravitating towards delivering new functions and services to cell phones all of
which will deliver enhanced value to users of the devices aken to the extreme this all
has the potential to redefine the definition of a cell phone

Expanding Constituents In The Networked Value Chain Create New Value & New Risks




ith all of this cooperation and collaboration not just around cell phones but all net

14 worked devices it is a foregone conclusion that the device networking community must
agree upon universally accepted open communication standards hile historically
proprietary protocols have dominated in some arenas the pervasive nature of is
eroding these proprietary boundaries will over time be the dominant transport for
device networking

s revolutionary and far reaching as the device networking paradigm shift is this does
not change everything and the eternal truths remain eternal hen you open yourself
to relationships and connect to other people or devices you can get hurt nd the
greatest opportunities usually involve the greatest risk e real world risks of open
technology and asset connectedness include possible breaches of secure systems that can
have catastrophic impact

WAITING FOR THE WAKE UP CALL YOU HOPE WILL NEVER COME
espite a growing awareness of the presence of connected devices and their importance
as a phenomenon there is quite little understanding within most device manufacturers
service providers and enterprises as to how best to secure them and the services they
enable evice security is usually handled on an ad hoc basis surrounding a device or
network specific project arely are there horizontal organization wide security solu
tions from which a device manufacturer and device network might benefit nstead
security design and implementation decisions occur deep within organizations ften
times individual developers are left to port software designed originally for and
server security to their burgeoning devices and device networks esides being labor
intensive this is not a scalable solution nor does it provide adequate functionality or an
acceptable level of protection

any companies today have let their connectivity outpace their security e focus
of most companies security efforts is on devices with which humans interact directly
ey fail to realize that each newly connected device represents another potential point
of weakness through which hackers can gain unauthorized access to sensitive informa
tion ese customers must demand more complete security from their device manu
facturers ften device manufacturers will do the bare minimum claiming security
support that is in reality very narrow and only provides protection along a very limited
dimension e practical consequences of the resulting under investment and trivializa
tion of security can be devastating




15
ecently the major retail chain o operator of such stores as axx arshall s
and ob s incurred a security breach that reportedly resulted in the exposure of at least
million customers debit and credit card information eportedly hackers accessed
the network wirelessly while parked outside using a laptop s a consequence the com
pany is facing backlash and lawsuits that according to some estimates have potential to
cost nearly billion and may jeopardize the entire company itself

ccording to some reports nearly percent of laws that include personal information
have an express encryption standard written into the definition ey define personal in
formation under the law as data being unencrypted or they use a harm standard stating
that if there is an encryption there is no probability of identity theft or harm to the vic
tim t started with house bill in alifornia approximately five years ago ow
states have similar laws and there are provisions as well for financial institutions which
are federally administered n those industries where the level of connectedness and the
value of the data are both high such as financial services the costs of security breaches
have proven to be so substantial that many of these enterprises are already carrying data
breach insurance ese same dynamics will absolutely play out in device networking
perhaps even to a greater degree hile the example above illustrates the huge potential
for financial liability associated with security breaches device networking has potential
to take this one step further device network security breach can have devastating real
world life and death consequences

e problem with securing today s device networks is one of human nature – one of mo
tivation and incentives nvesting in security is sometimes viewed as buying insurance
and unfortunately many companies do not face up to the risk until after they ve already
experienced the impact ust as airport security increased after or a household will
finally invest in an alarm system after a break in it often takes some kind of wake up
call to get motivated to upgrade device network security

urther corporate structures and the segregation of expertise therein means that usu
ally the person in charge of investment decisions related to security is not the person with
the keenest understanding of the present risks and protection level technician who
calls for a security upgrade out of the blue is easily ignored n engineering manager in a
device manufacturer is only concerned with satisfying minimally specified requirements
regardless of how naïve those specified requirements are n the absence of any problems
managers are quick to assume that present measures are working adequately et that
reasoning is inherently flawed and dangerous y that logic it could be claimed that this




white paper is coated in tiger repellent nd because there arent currently any tigers

16 around to prove otherwise we can assume the tiger repellent is working e days of
leaving well enough alone have passed and it is imperative now more than ever not
just to fix problems but to preempt them

hen evaluating any type of risk there are two main considerations that must be
weighed e first is the likelihood or chance that a particular undesired outcome
would occur n the security context this comes down to an assessment of a device or
network s vulnerability or protection level e second consideration is the size of the
impact that would occur if such a risk were to materialize n the realm of security
the potential consequence could be just a few hours of network downtime or it could
be millions of dollars worth of credit fraud or a device that is rendered inoperable
and must be returned to the manufacturer all of which can cause irreparable damage
to the brand and customer confidence

oth of these dimensions weigh into a persons decision of how to approach risk
mitigation s they relate to device networking one must also realize that both risk
factors grow quickly with the size of the network that must be protected larger
network means more nodes and endpoints and more potential points of weakness t
also means more information that has a higher value being transmitted on the net
work and consequently a greater impact if that network is compromised s networks
grow so too must the focus on security and as they begin encompassing new types
of devices that becomes increasingly difficult

e net of this analysis is that a functional and elegantly simple security solution for
devices and device networks becomes the silver bullet of sorts – the catalyst that
will allow organizations to comfortably deploy large device networks while also al
lowing them to operate safely catalyst like this may be all that is needed to spur
the enormous growth that has been forecast

THE ANSWER LIES IN A DEVICE SECURITY FRAMEWORK
solution that effectively manages the security requirements of disparate devices
must have two main qualities automation and homogeneity t must handle com
mon tasks without human intervention and it must provide a single platform and
interface for interaction with a wide range of devices hat is needed is new infra
structure software plus centralized business processes for dealing with security within
and across device manufacturers and service providers is software solution would




17
be a combination of resident software embedded in the devices plus capabilities deliv
ered as applications across the network

Mocana Device Security Framework

s this is describing the unique needs of an entirely new type of network it stands to
reason that this solution does not fall within the specialties of any current mainstream
software companies n fact the evice ecurity ramework being described is best
viewed as an entirely new market category

ith the disjointed patchwork security solutions presently in place and the lack of
general market understanding particularly among larger software players of what is
needed for device security the ﬁeld is wide open for any viable solution evertheless




18 this solution must not be a stopgap measure t must create a platform that is extensible
and will be able to solve tomorrow s problems as well as today s

t a minimum a evice ecurity ramework should address the following security
centric demands across any connected device
4 ecure remote device access
4 ecure data communications between devices
4 evice identity management
4 uthentication of devices and device applications on the network including
wireless networks
4 echanism for simpliﬁed key management
4 dvanced connection handling capabilities
4 ird party validated cryptography library
4 e ability to fully leverage advancements in silicon including multi core pro
cessors and hardware acceleration

ENTER MOCANA

ne company fully understands the needs of these networks and has begun creating a
solution that meets the needs described above an rancisco based ocana orpora
tion has positioned itself as one of the lone players in this new market and while they
could rest on their foresight and the advantage of being the ﬁrst to recognize the needs
of this market the company continues to develop its evice ecurity ramework so
that it meets the aforementioned requirements and more
ocanas solution is fully compliant with validated cryptography algo
rithms meaning it will interoperate with all applicable standards ocanas evice
ecurity ramework contains software that gets embedded into devices at the time of
manufacture as well as capabilities delivered across the network known as etwork
pplications

hile philosophically a major supporter of open standards ocana realizes that many
companies build their devices on proprietary operating systems using a wide variety
of chips o scale across these disparate platforms all components of ocanas evice
ecurity ramework leverage a common abstraction layer that has two integration axes
one dealing with integration and the other with integration




implistically if chips

the
and are supported along with
# will inherit support for chips
abstraction axis onversely if #
# then a port to
and automatically by only modifying
and are supported along with chip
19
then a port to chip will immediately inherit support for this chip on all three s by
only modifying the chip abstraction axis

is approach provides maximum coverage of and combinations and maxi
mum ﬂexibility for device manufacturers and service providers to make and
decisions independent of ocanas evice ecurity ramework

ocanas ramework has another major beneﬁt – it can meet the extremely diverse
needs of disparate wired and wireless operating environments ome end devices such
as those involving voice and video require high performance ther devices on the
periphery may have intense restraints on power consumption to prolong battery life

The Real World - Operating System & CPU Independence

till others have constraints on memory and processing capabilities ocanas solution
can meet the needs of all of these devices because it possesses three distinct qualities

e etwork pplications are themselves network and device independent

e embedded software is designed to leverage the capabilities being built
into new chips such as hardware acceleration and multicore asynchronous




20
processing providing a higher level of performance and scalability than
much of today s mainstream software making it ideal for voice video and
data applications

e embedded software has a very small footprint making it ideal for any
connected device – even resource constrained ones

dditionally ocanas evice ecurity ramework is capable of extending to address
emerging threats as well e ramework takes full advantage of network connectivity
and the benefits this brings in being able to have additional intelligence reside in the net
work versus only in the connected device t provides a holistic approach to security and
can also enable an entirely new class of end customer network and device independent
applications and services as described below

INITIAL BEACHHEAD: DEVICE SECURITY
nce a evice ecurity ramework is in place it can be used to perform a number of
functions necessary for securing and operating device networks ocana provides not
only the ramework itself but also several initial applications necessary for nearly all de
vice network deployments mong the first of these network applications is a solution for
ertificate anagement allowing its customers to provide certificate level security and
identification for devices on their networks

o understand the value of ertificate based security takes a brief description of the pro
cedure itself f a theoretical entity lice wants to receive secured communications over
a network she uses her own unique algorithm to create both a ublic ey and a rivate
ey hile these two encryption devices are related one cannot be used to determine
the other s an analogy if lice wanted to receive a secure object in the mail from her
friend ob she might first send him an open padlock the key to which she kept herself
ob could then use that lock to secure his message before sending it knowing that only
lice using her key can open it n this analogy the key lice kept is her rivate ey and
the lock she sent out is her ublic ey lice could make these open locks available for
anyone who wants to send her a message knowing that the messages once locked will
only be readable by her

hile this structure seems secure it creates another problem how does ob know for
sure that the lock he s using to secure his message is actually lice s n the digital realm
where ublic eys abound it is even more conceivable that a malicious hacker could
publish a ublic ey claiming it to be lice s when in fact it is not o solve this problem




requires a rusted ird arty or ertificate uthority known and acknowledged by
both lice and ob is third party would know exactly what lice s ublic ey should
look like and by confirming with its own igital ignature that the ublic ey ob is
21
receiving matches that which they have on record for lice could verify her identity so
that the secure transaction may proceed is is exactly what a ertificate does – it is an
electronic document containing the digital signature of a trusted third party that links a
public key with an identity

ertificates are typically issued with expirations dates in the range of about one year so
they do not need to be issued for each transaction they can be re used for a period of
time as long as the identification information of either party has not changed hile cer
tificate based security is among the most effective methods for securing communications
on a network it also leads to several accompanying tasks that are often labor intensive
raditionally certificate management – including enrollment renewal revocation
expiration query etc – is a manual process ut with the size and growth of device
networks manually managing these tasks does not scale uilt on the imple ertificate
nrollment rotocol an evolution of the protocol developed for traditional non
device centric networks by erisign and isco ystems ocanas ertificate anage
ment application allows for automation of these and other common tasks

ertificate based security for networked devices completely shifts the paradigm of how
manufacturers and users may conceive of their devices rom an information perspective
once a device and its identity are trusted so too is any other information it might convey
about itself and its environment is might range from location information to usage
data to information about or from other devices near it imilarly once a user s identity
can be tied to a device in a secure fashion user names and passwords become unneces
sary e ability to incorporate and transmit this accompanying information opens the
door for the creation of a whole new class of services to end users n addition to basic
services required for device network operation such as certificate management a tidal
wave of yet inconceivable applications is just over the horizon

DEVICE SECURITY FRAMEWORK FUTURES
alling this new platform a evice ecurity ramework is somewhat restrictive hile
security is its first and most important capability the ramework allows for the secure
delivery of any services or applications to devices on the network n a broader context




22 this trend of linking devices with accompanying services has been in the marketplace for
some time now ust consider the previously mentioned i od and i unes i o service
and the i o box lackberry handhelds with data service plans ese are all
examples of traditional product manufacturers that have distinguished themselves by
pairing their devices with high value services arbor esearch has been tracking this
market trend for several years and while it has been gaining recognition device centric
services have not yet seen the explosive growth that has been predicted

ow it is apparent that difficulties with security and identification of devices on a net
work – and the secure scalability of those networks themselves – have thus far hampered
their growth both in a literal sense and in the broader market ith the combination of
its technology and its relationship with device makers and chip manufacturers ocana
is in the unique position to remove this significant obstacle from the equation and spur
the growth of this burgeoning service industry y doing this ocana has the potential
to capture enormous value for itself and its ecosystem e success of the i od created a
billion dollar side industry for accessories while keeping its network services proprietary
n the near future we will see an abundance of devices on open networks allowing the
creation of an enormous new side industry – that of third party device centric service
providers

ocana has a keen awareness of this potential as demonstrated by their ongoing efforts
to build partnerships within the device networking community eir support of open
standards shows that the company realizes that the real value of device networks will
only be revealed upon arrival of those pervasive device applications and services hile
security is most certainly a prerequisite to that and a catalyst for much initial growth
it will be the applications delivering tangible value to device users that will bring device
networking to the mainstream e difficulty here is that these future device services
will not be uniform hile there are a large number of horizontal etwork pplications
each device type each customer segment each industry will demand its own end cus
tomer facing device applications and services e requirements are so far reaching that
no single company could ever anticipate and meet everybody s needs ike the networks
themselves the customer facing applications provided over them will be fragmented
hat ocana does is provide the platform on which a whole new class of secure identity
based device and network independent applications and services can be built ocana is
getting the ball rolling by providing some initial necessary etwork pplications rom
here they are open to partnering with third party software developers wishing to build
these applications of the future




23
MOCANA NOW
espite the futuristic overtones to much of this analysis it is most important to realize
that this device networking trend is happening right now owhere is this exemplified
better than by the fact that ocana has already built a substantial base of customers
some of which are listed below including several ortune companies and many
others of equal significance in their functional areas

rom major device manufacturers to communications companies to chip vendors
ocanas evice ecurity ramework is already being embedded into many of the de
vices we see every day ese customers range from consumer and industrial device
manufacturers to makers of network infrastructure products to communication provid
ers ithin this mix also sits several extremely significant adopters of components of
ocanas evice ecurity ramework and its components including ortel etworks
oneywell hilips iemens and more

Sample Adopters of Mocana’s Technology Are Diverse

y adopting ocanas software or even incrementally exploring the option all of these
companies are demonstrating to customers investors and the broader market that they
have a grasp on the coming wave of device networking ot only do they understand the
phenomenon but they are showing their commitment to securing the communication
of these devices and to doing so in an open extensible fashion that will allow them to




24
be active participants in the growing corporate communities providing smart products
and services

WHERE IT IS VERSUS WHERE IT’S HEADED
is white paper has discussed the evolution of device networking and the phenome
nons scale upon arrival t has highlighted some of the benefits of our new etworked
ociety but also its potential dangers t has explained the details of how these networks
will operate technically architecturally and organizationally e net of this analysis
brought to light the need for creating a evice ecurity ramework in order to scalably
manage effectively secure and reliably identify devices on our shared global network

ut management security and identification are just the tip of the iceberg ese are
the absolutely necessary prerequisite functions that must be in place in order for our
etworked ociety to begin to bloom nce established a wide range of new applica
tions will begin to be developed ome will run behind the scenes addressing emerging
bottlenecks around efficiency and scalability thers will be more visible delivering a
new level of personalized information to us and to our devices x

hile most of this value will be created by a vast ecosystem of companies and develop
ers making their way into the realm of evice etworking ocana will continue to
develop and add to the evice ecurity ramework enabling it all hether by giving
us confidence through continuing to strengthen security or by creating new uses for the
certainty of device identification ocana will continue to be a catalyst for development
of evice etworking and a driving force behind one of the most disruptive yet benefi
cial phenomena of ours or anyone s lifetime




About Harbor Research, Inc.
Harbor Research Inc. has more than twenty years of experience providing strategic
consulting and research services to high technology clients. Harbor’s strategy and
25
business development work is organized around emergent and disruptive opportu-
nities, with a unique focus on the impact of the Pervasive Internet—the use of the
Internet to accomplish global device networking that will revolutionize business by
unleashing entirely new modes of system optimization, customer relationships, and
service delivery.

Harbor Research’s clients are leaders in communications, computing, control, and
content. Harbor Research has built extended relationships with larger multi-line
companies including AT&T, ABB, Agilent, General Electric, Danaher, Eaton, Emerson,
Hewlett Packard, Hitachi, Honeywell, Hughes, IBM, Intel, Invensys, Motorola, Rock-
well, Siemens, and Texas Instruments, as well as with growth companies such as EMC,
Cisco Systems and Qualcomm. We also work with a broad array of emergent start-
ups and pre-IPO technology ventures. We have built relationships with a number of
signi cant Pervasive Internet players, including Ember Corporation, Questra Corpo-
ration, GridAgent, DeepStream Technologies and Dust Networks, to name a few.

CONTACT
Glen Allmendinger, President
Harbor Research, Inc.
gallmendinger@harborresearch.com



Harbor Research - Designing Security for the Internet of Things & Smart Devices

Recomendados

Recomendados

Más contenido relacionado

La actualidad más candente

La actualidad más candente (18)

Destacado

Destacado (7)

Similar a Harbor Research - Designing Security for the Internet of Things & Smart Devices

Similar a Harbor Research - Designing Security for the Internet of Things & Smart Devices (20)

Más de Harbor Research

Más de Harbor Research (15)

Último

Último (20)

Harbor Research - Designing Security for the Internet of Things & Smart Devices