Tolga Talks Tech is a weekly video series in which Onica’s CTO Tolga Tarhan tackles technical topics related to AWS and cloud computing. This week, Tolga discusses the IoT Security with Akito Nozaki, Lead Solutions Architect at Onica. For more videos in this series, click here.
So Akito, you work on a lot of IoT projects and when we are talking about IoT, security is a really big topic. What are the considerations for security in IoT applications?
There are three things that we think about when we are talking about security – identity is one of them, eavesdropping or man in the middle, and DDoS.
Let’s go over each of them one by one. When you say identity, what are you talking about and how do we solve for that?
When we are talking about identity, we want to make sure that the device we are talking to is the device that it says it is. We do that by loading a TLS certificate on from the factory that allows us to identify the device that’s connecting.
So if I’m a rogue device or I am a fake device that is trying to be an attacker, I can’t assert the identity of another device.
Yes, that is correct.
How do you prevent eavesdropping?
We prevent eavesdropping by using TLS, which is a very de facto standard for communicating, that allows us to prevent the malicious attacker from eavesdropping or impersonating the device that we’re talking to.
With TLS encryption and TLS certificates, we both know that we are talking to the right device. We can also be assured that nobody has tampered with the communication and that no one has been able to see the communication from the device to the cloud.
With regards to Denial of Service (DDoS) and other attacks, how do we prevent those in an IoT application?
We rely on the AWS side to do a lot of that for us, and then they provide us with the infrastructure to prevent the DDoS attack from happening. And that’s because our devices actually connect to the AWS endpoints. So we are not deploying infrastructure to absorb that traffic volume.
Want to learn more about how you can make your IoT initiatives secure? Watch the IoT Security: Prevent Your Devices from Becoming Attack Vectors webinar to learn about key threats and how to mitigate risks.