Introduction
Adoption of Internet of Things (IoT) technologies is accelerating in the enterprise and industrial environments, but IoT presents complex new security challenges. Fortunately, advanced technologies are starting to pave the way for IoT standards and standardized architectures that will make it possible to systematically harden IoT environments. The information in this book introduces a new approach to leveraging orchestration and automation to safeguard IoT systems by delivering security through the application of network function virtualization (NFV), software-defined networking (SDN), software-defined automation (SDA), and fog architectures.
NFV, SDN/SDA, and fog computing are proven technologies used to deploy, operate, and retire use cases at scale. Combining these technologies into a platform approach delivers the capability to address heterogeneous elements of the full IoT stack. This means that efficient service insertion, including security, can be deployed effectively and efficiently in an automated manner throughout a deployed IoT system.
This book uses a four-part approach for understanding and delivering security capabilities via automation. Part I, “Introduction to the Internet of Things (IoT) and IoT Security,” begins by reviewing existing IoT and security architectures and standards, identifying key security risks associated with early deployments, and showing how early adopters have attempted to respond. Part II, “Leveraging Software-Defined Networking (SDN) and Network Function Virtualization (NFV) for IoT,” introduces standards-based offerings that leverage NFV, SDN, and fog, and it explains why these architectures lend themselves well to IoT and IoT security. Part III, “Security Services: For the Platform, by the Platform,” explores advanced security concepts and how they can be leveraged for IoT deployments. Finally, Part IV, “Use Cases and Emerging Standards and Technologies,” presents real-world use case examples and previews emerging technologies and security concepts that will shape IoT security in the future.
The reader will
■ Learn fundamental standards, architectures, and security for IoT
■ Understand how to leverage SDN, NFV, fog, and cloud computing concepts to deliver security capabilities for IoT environments
■ Gain knowledge on the book’s core concepts and best-practice methodologies through real-world use cases
■ Master advanced IoT security concepts and how they can be overlaid onto current IoT deployments, as well as provide the architectural foundation for new ones
■ Understand the future direction of IoT technologies and security
Who Should Read This Book?
With the number of IoT implementations in both enterprise and industrial environments continuing to increase, it is essential to provide technical professionals who are looking at automation and virtualization technologies with a resource to deliver security solutions more effectively
Research from Gartner, McKinsey, Forbes, Accenture, and Ovuum all predicts the emergence of services-based automation platforms for IoT and security embedded as a service. Thus, this book content is especially beneficial to anyone looking at the next-generation design for a scalable and interoperable IoT platform.
Anyone working on enterprise or service provider projects with a focus on security or risk management will benefit from understanding the content of this book.
The concepts require a foundational understanding of IoT and security. This book ultimately is aimed at technical IoT professionals, technical security professionals, and business security and risk managers. The content is applicable across a wide range of verticals and market segments, and also is relevant to those working in IT or the operational environment.
How This Book Is Organized
Chapter 1, Evolution of the Internet of Things (IoT)
This chapter introduces IoT, illustrates the rapidly expanding scale of IoT and associated security threats, and outlines why automation is the only solution that can address security at the required scale.
Chapter 2, Planning for IoT Security
Securing the Internet of Things will pose new challenges to organizations. As with any system that needs to be secured, a number of practical steps can be leveraged. This chapter outlines some key considerations to explore as part of a security strategy for IoT.
Chapter 3, IoT Security Fundamentals
This chapter provides an overview of the building blocks of IoT and supplies an introduction to the required architectures in IoT deployments. It also covers the primary attack targets for IoT and the layered security tiers needed to mitigate them.
Chapter 4, IoT and Security Standards and Best Practices
To develop a robust and secure IoT system, openness and standards are required. The aim of this chapter is not to detail or recommend specific standards and guidelines, but to raise awareness of what should be considered when planning to secure an IoT system. It highlights some of the more robust standards and best practices that can help.
Chapter 5, Current IoT Architecture Design and Challenges
This chapter provides an overview of the main architectural approaches to building out IoT systems with security at the foundation. This includes benefits and drawbacks that existing architectures and platforms still need to address. This chapter aims to highlight what has already been proposed, to set the context and foundations for what needs to be done, as highlighted in subsequent chapters.
Chapter 6, Evolution and Benefits of SDX and NFV Technologies and Their Impact on IoT
This chapter gives an overview of the evolution and strengths of SDX and NFV technologies, both in isolation and combined. It examines their roles as technology enablers for IoT, 5G, and it looks at the expected interplay between fog and cloud computing. The chapter also covers several aspects of service automation in NFV/SDX scenarios, including the application of one of the most promising orchestration architectures in the industry for IoT.
Chapter 7, Securing SDN and NFV Environments
The focus of this chapter is how to secure both SDN and NFV environments. It organizes the various elements of SDN and breaks the infrastructure into categories, each of which can be examined for potential vulnerability and associated options to bolster. The same is done for NFV; the chapter examines the NFV threat landscape as defined by the ETSI Industry Specification Group (ISG) and discusses both the issues and associated methods in each category.
Chapter 8, The Advanced IoT Platform and MANO
This chapter covers the latest industry thought leadership related to architecting IoT platforms and the technology building blocks needed to deliver a next-generation solution. It then focuses on how advanced services (particularly security) can be created and delivered in an automated way before finally providing solution architectures that describe how this might look in a real-world deployment.
Chapter 9, Identity, Authentication, Authorization, and Accounting
Key topics in this chapter include the technology available to gain identity when an endpoint attempts to access the network, methods to authenticate the endpoint, and, ultimately, automated solutions that can couple identity and authentication information and then leverage that information to provide dynamic access privileges based on identity. It explores both legacy protocols and newer methods leveraging OAuth 2.0 and OpenID Connect that are helping to scale identity and authorization within IoT environments. Finally, the chapter looks at the evolution from IAM techniques to identity relationship management (IRM) and explores its potential applicability.
This chapter focuses on securing the “during phase” of an endpoint’s network connectivity. More specifically, it covers instituting virtualized technology to both detect and mitigate threats while, in parallel, ensuring that the endpoint adheres to company policy. It examines various threat defense methods such as packet filtering techniques, IDS/IPS, behavior analysis, and malware protection. It then examines deploying the VNFs in both distributed form (pushing out toward the edge) and centralized form, and it shows examples of the VM lifecycle management, orchestration, and service chaining processes within.
Chapter 11, Data Protection in IoT
The main aspects of data protection in IoT are the focus of this chapter. It starts with the lifecycle of data and its management and then focuses on protecting data at rest, on the move, and in use. The chapter is fundamentally centered on the confidentiality, integrity, and availability (CIA) triad, and the analysis is complemented with specific examples involving orchestration and automation to protect data exchanges across data centers, networks, and fog. Additionally, the chapter outlines other relevant aspects, such as the General Data Protection Regulation (GDPR), enforced in Europe in May 2018, and the immense potential of novel technologies such as blockchain to become game changers in the space.
Chapter 12, Remote Access and Virtual Private Networks (VPN)
This chapter discusses remote access and virtual private network (VPN) technologies for IoT use cases. In parallel, it highlights methods for leveraging automation and SDN techniques within the remote access scenarios. This includes methods to separate the control and data channels of IPsec and apply them to IoT use cases for better scalability. This chapter also includes remote access scenarios leveraging TLS using both client and clientless versions, and how to create a software-based extranet using IPsec with orchestration and NFV.
Chapter 13, Securing the Platform Itself
This chapter examines the security of the platform itself. It starts with the description of a modular architecture that offers a representative model of a comprehensive IoT platform. The focus is on an NFV-centric architecture, powered by ETSI MANO and SDN capabilities extended to fog computing. The architecture is sliced into five segments and a total of 20 elements, or modules. The security of each is examined throughout the chapter, and the analysis is linked to related contents covered in other parts of the book.
Smart cities are the focus of this chapter, which looks at the changes digitization through IoT will bring to cities and highlights how an appropriate security posture can be realized through advanced technologies and automation. The chapter describes a number of use cases that are deployed in smart cities and shows how they can be uniformly and securely delivered through a common platform.
Chapter 15, Industrial Environments: Oil and Gas
This chapter explores the industrial setting, using the oil and gas industry as an example. It discusses how IoT and digitization are driving changes in use cases and how this impacts architectural approaches and security. The chapter then describes a number of use cases and shows how they can be uniformly and securely achieved through a common platform.
This chapter covers the rapidly evolving automotive industry, looking at connected cars and the changes digitization through IoT will bring. It highlights how an appropriate security approach can be realized through advanced technologies and the automation needed for technology to be responsive to business needs. The chapter concludes with use case scenarios that guide the reader through a practical deployment to better illustrate the concepts.
Chapter 17, Evolving Concepts That Will Shape the Security Service Future
The final chapter introduces some of the developing technologies that are used for security and, in some cases, that will pose new security threats. Blockchain, machine learning, and Artificial Intelligence are introduced, and the chapter illustrates they can be incorporated into IoT and security for IoT. The chapter discusses how these can also be integrated into an orchestration platform to help automate IoT security at scale.