Devices Can Be Secure and Easy to Install on the Internet of Things

  • Roger D. Chamberlain
  • Mike Chambers
  • Darren Greenwalt
  • Brett Steinbrueck
  • Todd Steinbrueck
Chapter
Part of the Internet of Things book series (ITTCC)

Abstract

One of the major issues that must be addressed in the emerging Internet of Things (IoT) is balancing the needs of security and reasonable installation and maintenance efforts. Security is crucial, as evidenced by the fact that IoT devices are frequent targets of attack. However, if the security infrastructure is not relatively easy to use, it will ultimately be compromised by users who are unwilling (or insufficiently motivated) to deal with the complexity of ensuring security. This paper describes the industrial deployment experience of the EZConnect™ security infrastructure implemented by BECS Technology, Inc., a firm that provides water chemistry monitoring and control equipment to the aquatics market.

References

  1. 1.
    Ammann, P., Wijesekera, D., Kaushik, S.: Scalable, graph-based network vulnerability analysis. In: Proceedings of 9th Conference on Computer and Communications Security, pp. 217–224. ACM, New York, NY, USA (2002). doi: 10.1145/586110.586140
  2. 2.
    Apvrille, A., Pourzandi, M.: Secure software development by example. IEEE Secur. Priv. 3(4), 10–17 (2005). doi: 10.1109/MSP.2005.103 CrossRefGoogle Scholar
  3. 3.
    Bardram, E.: The trouble with login: on usability and computer security in ubiquitous computing. Pers. Ubiquitous Comput. 9(6), 357–367 (2005). doi: 10.1007/s00779-005-0347-6 CrossRefGoogle Scholar
  4. 4.
    BECSys EZConnect™ Application Note. Technical Report ENG-6072-DOC, BECS Technology, Inc., St. Louis, MO, USA (2016)Google Scholar
  5. 5.
    Binnie, C.: Linux Server Security: Hack and Defend. Wiley Inc, Indianapolis, IN, USA (2016)CrossRefGoogle Scholar
  6. 6.
    Braz, C., Seffah, A., M’Raihi, D.: Designing a trade-off between usability and security: a metrics based-model. In: Baranauskas, C., Palanque, P., Abascal, J., Barbosa S.D.J. (eds.) Proceedings of IFIP TC-13 11th International Human-Computer Interaction Conference, Part II, pp. 114–126. Springer, Berlin (2007). doi: 10.1007/978-3-540-74800-7_9
  7. 7.
    Costin, A., Zaddach, J., Francillon, A., Balzarotti, D.: A large-scale analysis of the security of embedded firmwares. In: Proceedings of 23rd USENIX Security Symposium, pp. 95–110. USENIX Association (2014). https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/costin
  8. 8.
    Cranor, L.F., Garfinkel, S.: Guest editors’ introduction: secure or usable? IEEE Secur. Priv. 2(5), 16–18 (2004). doi: 10.1109/MSP.2004.69 CrossRefGoogle Scholar
  9. 9.
    Cui, A., Stolfo, S.J.: Reflections on the engineering and operation of a large-scale embedded device vulnerability scanner. In: Proceedings of 1st Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, pp. 8–18. ACM, New York, NY, USA (2011). doi: 10.1145/1978672.1978674
  10. 10.
    Dhamija, R., Dusseault, L.: The seven flaws of identity management: usability and security challenges. IEEE Secur. Priv. 6(2), 24–29 (2008). doi: 10.1109/MSP.2008.49 CrossRefGoogle Scholar
  11. 11.
    Dierks, T.: The Transport Layer Security (TLS) Protocol Version 1.2 (2008). http://tools.ietf.org/pdf/rfc5246.pdf. Rfc5246
  12. 12.
    Esposito, R.: Hackers penetrate water system computers. ABC News (2006). http://blogs.abcnews.com/theblotter/2006/10/hackers_penetra.html
  13. 13.
    Fortino, G., Trunfio, P. (eds.): Internet of Things Based on Smart Objects. Springer, Berlin (2014). doi: 10.1007/978-3-319-00491-4
  14. 14.
    Gaw, S., Felten, E.W., Fernandez-Kelly, P.: Secrecy, flagging, and paranoia: adoption criteria in encrypted email. In: Proceedings of SIGCHI Conference on Human Factors in Computing Systems, pp. 591–600. ACM, New York, NY, USA (2006). doi: 10.1145/1124772.1124862
  15. 15.
    Gefen, D., Straub, D.W.: The relative importance of perceived ease of use in IS adoption: a study of e-commerce adoption. J. Assoc. Inf. Syst. 1(1), 8 (2000). http://aisel.aisnet.org/jais/vol1/iss1/8
  16. 16.
    Heer, T., Garcia-Morchon, O., Hummen, R., Keoh, S.L., Kumar, S.S., Wehrle, K.: Security challenges in the IP-based internet of things. Wirel. Pers. Commun. 61(3), 527–542 (2011). doi: 10.1007/s11277-011-0385-5 CrossRefGoogle Scholar
  17. 17.
    Hertzum, M., Jørgensen, N., Nørgaard, M.: Usable security and e-banking: ease of use vis-a-vis security. Australasian J. Inf. Syst. 11(2) (2004). doi: 10.3127/ajis.v11i2.124
  18. 18.
    Herzog, A., Shahmehri, N.: Usability and security of personal firewalls. In: Venter, H., Eloff, M., Labuschagne, L., Eloff, J., von Solms, R. (eds.) New Approaches for Security, Privacy and Trust in Complex Environments: Proceedings of IFIP TC-11 22nd International Information Security Conference, pp. 37–48. Springer, Boston, MA, USA (2007). doi: 10.1007/978-0-387-72367-9_4
  19. 19.
    Just, M., Aspinall, D.: Personal choice and challenge questions: a security and usability assessment. In: Proceedings of 5th Symposium on Usable Privacy and Security, pp. 8:1–8:11. ACM, New York, NY, USA (2009). doi: 10.1145/1572532.1572543
  20. 20.
    Kleidermacher, D., Kleidermacher, M.: Embedded Systems Security: Practical Methods for Safe and Secure Software and Systems Development. Elsevier, Waltham, MA, USA (2012)Google Scholar
  21. 21.
    Krutz, R.L., Vines, R.D.: Cloud Security: A Comprehensive Guide to Secure Cloud Computing. Wiley Inc, Indianapolis, IN, USA (2010)Google Scholar
  22. 22.
    Laughlin, J.: Industrial control systems targeted by hackers. Ind. WaterWorld 13(3) (2013). http://www.waterworld.com/articles/iww/print/volume-13/issue-3.html
  23. 23.
    Leyden, J.: Water treatment plant hacked, chemical mix changed for tap supplies. The Register (2016). http://www.theregister.co.uk/2016/03/24/water_utility_hacked
  24. 24.
    Li, N., Kinebuchi, Y., Nakajima, T.: Enhancing security of embedded Linux on a multi-core processor. In: IEEE 17th International Conference on Embedded and Real-Time Computing Systems and Applications, vol. 2, pp. 117–121. IEEE, New York (2011). doi: 10.1109/RTCSA.2011.36
  25. 25.
    Luiijf, E.: SCADA Security Good Practices for the Drinking Water Sector. TNO, The Hague, TNO-DV p. C096 (2008). http://m.tno.nl/media/1538/tno-dv-2008-c096_web.pdf
  26. 26.
    Manadhata, P., Wing, J.: An attack surface metric. IEEE Trans. Softw. Eng. 37(3), 371–386 (2011). doi: 10.1109/TSE.2010.60 CrossRefGoogle Scholar
  27. 27.
    Medaglia, C., Serbanati, A.: An overview of privacy and security issues in the internet of things. In: Giusto, D., Iera, A., Morabito, G., Atzori, L. (eds.) The Internet of Things, pp. 389–395. Springer, New York (2010). doi: 10.1007/978-1-4419-1674-7_38
  28. 28.
    Müller-Steinhagen, H., Branch, C.: Comparison of indices for the scaling and corrosion tendency of water. Canadian J. Chem. Eng. 66(6), 1005–1007 (1988). doi: 10.1002/cjce.5450660617 CrossRefGoogle Scholar
  29. 29.
    Nielsen, J.: Finding usability problems through heuristic evaluation. In: Proceedings of SIGCHI Conference on Human Factors in Computing Systems, pp. 373–380. ACM, New York, NY, USA (1992). doi: 10.1145/142750.142834
  30. 30.
    Palensky, P., Sauter, T.: Security considerations for FAN-Internet connections. In: Proceedings of IEEE International Workshop on Factory Communication Systems, pp. 27–35. IEEE, New York (2000). doi: 10.1109/WFCS.2000.882530
  31. 31.
    Riahi, A., Challal, Y., Natalizio, E., Chtourou, Z., Bouabdallah, A.: A systemic approach for IoT security. In: Proceedings of International Conference on Distributed Computing in Sensor Systems, pp. 351–355. IEEE, New York (2013). doi: 10.1109/DCOSS.2013.78
  32. 32.
    Ristić, I.: Bulletproof SSL and TLS: Understanding and Deploying SSL/TLS and PKI to Secure Servers and Web Applications. Feisty Duck, London, UK (2015)Google Scholar
  33. 33.
    Schneier, B.: Stop trying to fix the user. IEEE Secur. Priv. 14(5), 96–96 (2016). doi: 10.1109/MSP.2016.101 CrossRefGoogle Scholar
  34. 34.
    Smith, T.: Hacker jailed for revenge sewage attacks. The Register (2001). http://www.theregister.co.uk/2001/10/31/hacker_jailed_for_revenge_sewage
  35. 35.
    Yee, K.P.: Aligning security and usability. IEEE Secur. Priv. 2(5), 48–55 (2004). doi: 10.1109/MSP.2004.64 CrossRefGoogle Scholar
  36. 36.
    Zhang, Z.K., Cho, M.C.Y., Wang, C.W., Hsu, C.W., Chen, C.K., Shieh, S.: IoT security: Ongoing challenges and research opportunities. In: Proceedings of 7th International Conference on Service-Oriented Computing and Applications, pp. 230–234. IEEE, New York (2014). doi: 10.1109/SOCA.2014.58

Copyright information

© Springer International Publishing AG 2018

Authors and Affiliations

  • Roger D. Chamberlain
    • 1
    • 2
  • Mike Chambers
    • 2
  • Darren Greenwalt
    • 2
  • Brett Steinbrueck
    • 2
  • Todd Steinbrueck
    • 2
  1. 1.Dept. of Computer Science and EngineeringWashington University in St. LouisSt. LouisUSA
  2. 2.BECS Technology, Inc.St. LouisUSA

Personalised recommendations