Securing Smart Cities with comprehensive IoT security solution

May 25, 2018

Smart cities are rapidly becoming a reality all around the globe. Like all revolutionising innovations, smart cities are developing their own unique challenges alongside of their perks. Among the benefits of Smart cities lies a slew of security nightmares that are unmatched by any other technological development. Such large, interconnected networks of gadgets and people are bound to generate issues ranging from social surveillance to pollution to even physical security threats. Let`s get prepared to countermeasures well before towards building the resilient cities of tomorrow.

The challenges that are clouding the smart cities excitement

Man-in-the-middle: An attacker breaches, interrupts or spoofs communications between two systems.

Data & identity theft: Personal information of inhabitants may lie in the hands of cyber attacks for fraudulent transactions and identity theft as large amount data are being generated in automated system such as parking garages, EV charging stations and surveillance

Device hijacking: Smart apparatus such smart meters can be hijacked by attackers without altering its functioning. Thus without any difficulty virus like ransomware can be launched to hamper Energy Management Systems (EMS) or stealthily siphon energy from a municipality.

 

 

Distributed Denial of Service (DDoS): This is typically achieved by flooding the target with superfluous requests to prevent legitimate requests from being fulfilled. In the case of a distributed denial-of-service attack (DDoS attack), incoming traffic flooding a target originates from multiple sources, making it difficult to stop the cyber offensive by simply blocking a single source. Within smart cities, a plethora of devices, such as parking meters, can be breached and forced to join a botnet programmed to overwhelm a system by requesting a service simultaneously.

Permanent Denial of Service (PDoS): Permanent denial- of-service attacks (PDoS), also known loosely as phlashing,is an attack that damages the device so badly that it requires replacement or reinstallation of hardware. In a smart city scenario, a hijacked parking meter could also fall victim to sabotage and would have to be replaced.

Countermeasures towards building resilient cities of the future

Connected smart city devices should be protected by a comprehensive IoT security solution that does not disrupt profitability or time to market.

Firmware integrity and secure boot- Secure boot utilizes cryptographic code signing techniques, ensuring that a device only executes code generated by the device OEM or another trusted party. Use of secure boot technology prevents hackers from replacing firmware with malicious versions, thereby preventing attacks. Unfortunately, not all IoT chipsets are equipped with secure boot capabilities. In such a scenario, it is important to ensure that the IoT device can only communicate with authorized services to avoid the risk of replacing firmware with malicious instruction sets.

Mutual authenticationEvery time a smart city device connects to the network it should be authenticated prior to receiving or transmitting data. This ensures that the data originates from a legitimate device and not a fraudulent source. Secure, mutual authentication— where two entities (device and service) must prove their identity to each other—helps protect against malicious attacks.

Security monitoring and analysisCaptures data on the overall state of the system, including endpoint devices and connectivity traffic. This data is then analyzed to detect possible security violations or potential system threats. Once detected, a broad range of actions formulated in the context of an overall system security policy should be executed, such as quarantining devices based on anomalous behavior

Security lifecycle managementThe lifecycle management feature allows service providers and OEMs to control the security aspects of IoT devices when in operation. Rapid over the air (OTA) device key(s) replacement during cyber disaster recovery ensures minimal service disruption. In addition, secure device decommissioning ensures that scrapped devices will not be repurposed and exploited to connect to a service without authorization.

 

Comments (0)
» Uncategorized » Securing Smart Cities with comprehensive...
On May 25, 2018
By

Leave a Reply

« »

COVID-19 Measures – Update 10 Mar 2021

 

Dear Esteemed Clients & Partners,

As you are all aware, the Authorities enforced a second lockdown effective as from today, and as they continue to recommend or impose new measures in an attempt to contain the contagion, we would like to assure you that at Digiconsult, we are well-prepared to continue to serve and work with you with the same level of efficiency and quality as before.

A number of measures, as part of our BC plan, have been actioned. Be assured that our employees are trained to assist you remotely, while ensuring confidentiality and integrity of our projects. We expect to shortly transition from remote assistance to physical assistance once the Authorities re-activate the WAP (Work Access Permit).

We will ensure that there are no disruptions to our service delivery. Please feel free to discuss with our people about your specific requirements and any impacts that you foresee in the present circumstances, such that we can continue to work with you and your teams, as efficiently as possible.

We continue to prioritise the health and safety of our people and strive to provide you with the service standards expected throughout the pandemic.

 

STAY SAFE & STRONG….

Kind Regards,

DIGICONSULT TEAM