Tolga Talks Tech is a weekly video series in which Onica’s CTO Tolga Tarhan tackles technical topics related to AWS and cloud computing. This week, Tolga discusses the IoT Security with Akito Nozaki, Lead Solutions Architect at Onica. For more videos in this series, click here

So Akito, you work on a lot of IoT projects and when we are talking about IoT, security is a really big topic. What are the considerations for security in IoT applications?

There are three things that we think about when we are talking about security – identity is one of them, eavesdropping or man in the middle, and DDoS. 

Let’s go over each of them one by one. When you say identity, what are you talking about and how do we solve for that?

When we are talking about identity, we want to make sure that the device we are talking to is the device that it says it is. We do that by loading a TLS certificate on from the factory that allows us to identify the device that’s connecting. 

So if I’m a rogue device or I am a fake device that is trying to be an attacker, I can’t assert the identity of another device.

Yes, that is correct.

How do you prevent eavesdropping?

We prevent eavesdropping by using TLS, which is a very de facto standard for communicating, that allows us to prevent the malicious attacker from eavesdropping or impersonating the device that we’re talking to. 

With TLS encryption and TLS certificates, we both know that we are talking to the right device. We can also be assured that nobody has tampered with the communication and that no one has been able to see the communication from the device to the cloud.

With regards to Denial of Service (DDoS) and other attacks, how do we prevent those in an IoT application?

We rely on the AWS side to do a lot of that for us, and then they provide us with the infrastructure to prevent the DDoS attack from happening. And that’s because our devices actually connect to the AWS endpoints. So we are not deploying infrastructure to absorb that traffic volume. 

Want to learn more about how you can make your IoT initiatives secure? Watch the IoT Security: Prevent Your Devices from Becoming Attack Vectors webinar to learn about key threats and how to mitigate risks.

Tolga Tarhan

About Tolga Tarhan

As Onica’s Chief Technology Officer, Tolga Tarhan leads the technological vision of the company by pushing innovation and driving strategy for our product development and service offerings. With nearly two decades of experience leading and hands-on software development, his cross-functional expertise across different technology areas gives him unique insight into the best approaches for building complex systems and applications. In addition to facilitating technology on the executive level, Tolga has also successfully led numerous deployments involving web-based, mobile, Internet of Things (IoT), and real-time telecommunications applications. His passion for IoT in particular has driven Onica’s achievement of the AWS IoT competency, and he continues to show thought leadership in the field through his extensive speaking engagements at AWS events and educational groups across North America. Tolga also holds an MBA from Pepperdine University and helps customers strategize beyond technology solutions to improve their businesses and grow their bottom line.