Establishing Principles for Internet of Things Security Part 3

Is the safe and/or timely arrival of data important?

So far in this blog series, we have looked at both privacy and trust. For this part, we look at principles for scenarios where safety or timeliness is important.

Consider how the service would be impacted if data could be blocked or delayed. Points to consider include:

• Data is accurately timestamped.
  • This allows users and devices to determine how current the data is and act accordingly.
• Integrity of data in the device, server and other parts of the system is designed in from outset.
  • Considering any integrity requirements during the design phase will enable the system to meet such requirements without re-engineering at a later date.
• Devices should provide failure handling and status monitoring to meet availability requirements.
  • When a device fails, it should fail into an appropriate configuration for its use. Users or managers should be able to monitor devices to determine their current status.
• Carriers and device managers can identify safety and timeliness needs in a secure, trusted fashion.
  • Devices should securely communicate their requirements to allow networks to allocate resources accordingly and act appropriately when these are not being met.
• Any reliance on other systems or devices for availability is clearly detailed to the user.
  • The user must be aware of what other systems their device has dependencies on in order to meet security requirements.
• Devices should identify themselves to a network using a secure identifier.
  • This ensures that the network can allow efficient management and allocation of resources.
• Be clear what functionality the device is offering and its intended use. Make users aware of any restrictions or limitations.
  • Some devices may appear similar, but have different assurance or reliability profiles. In order to avoid inappropriate deployments, users must be clear of what the device is intended to achieve.

The next part of the blog series looks at “Is it necessary to restrict access to or control of the device?”

There are 7 elements to the IoTSF security principles blog:

• Part 1. Establishing Principles for Internet of Things Security
• Part 2. Does the data need to be trusted?
• Part 3. Is the safe and/or timely arrival of data important? [this blog posting]
• Part 4. Is it necessary to restrict access to or control of the device?
• Part 5. Is it necessary to update the software on the device?
• Part 6. Will ownership of the device need to be managed or transferred in a secure manner?
• Part 7. Does the data need to be audited?

Edited by David Rogers, CEO Copper Horse Solutions Ltd., Member of the Executive Steering Board IoTSF.