The Internet of Things (IoT) promises an unprecedented connectivity that creates both tremendous opportunity and considerable risk. According to Gartner, the total number of IoT endpoints will reach 21B units by 2020. A large enterprise may have up to millions of IoT sensors and actuators for functions such as building automation, smart manufacturing, logistics and transportation and so on. While many traditional IT endpoint security techniques sill play a role for certain IoT use cases, there are number of concerns unique to IoT that require innovative new approaches. For example:
- The massive scale of IoT deployments demand solutions that are manageable at scale. This includes securing the connected “things” throughout their life cycle, from on-boarding and provisioning to operations, monitoring, maintenance and update.
- Many brownfield deployments consist of devices with embedded controller and logic which were built using legacy protocols for connectivity within a private/local network (e.g. a shop floor or a building). With IoT, this connectivity is extended to apps and services in the cloud or in a back-end datacenter. It is not always possible to replace or upgrade these devices, especially in cases that such devices are expected to stay in service for many more years.
- A large number of IoT devices lack the minimum compute and power required for performing security functions that are common for a typical IT device.
Project Iris provides visibility and monitoring for IoT devices, while exploring innovative techniques to deal with above challenges. For example, by using analytics and machine learning, it attempts to deal with the scale issue (item (a) above). RSA is a market leader in risk-based authentication and fraud detection at scale for IT. Building on such expertise, RSA data scientists explore new methods and algorithms for monitoring and detecting compromised devices based on anomalous behavior. In practice, the large scale of IoT deployments and the massive number of devices provide a rich medium for this type of research.
Since Project Iris is primarily focused on monitoring and analyzing the device behavior, it is not constrained by limitations of brownfield deployments or low power/compute devices (items b & c). These connected devices, intrinsically, are built to perform well-defined functions and communicate with pre-defined endpoints. For example, sending temperature readings to a control application or receiving commands for changing a motor speed or moving a robotic arm. Therefore to observe and analyze the device behavior and its data exchange, it is not required to change the operational capabilities of the device or install additional software on the device.
And lastly, to deal with the environmental challenges for IoT security (item d), Project Iris follows the Edge Computing Model. In this model, the sensors and actuators, also referred to as the Edge End Nodes, are connected to more powerful nodes in the IoT network called Edge Gateways and Edge Servers. The communications between the edge end nodes and cloud services pass through the edge gateways and servers. These nodes are designed for protection levels that meet the security requirements of the target deployment (for example guarding against physical attacks). As such, the Edge Gateways/Servers are ideal platforms for deploying IoT services, including the security capabilities described here. Figure 1 depicts the relation between the IoT Edge and Cloud components.
Figure 1 - The IoT Edge vs Cloud
Project Iris is built using the EdgeX Foundry platform. The Edgex Foundry, an open source project hosted by Linux Foundation, is an industry initiative for providing a common IoT platform for edge computing. As a member of the EdgeX Foundry alliance, RSA is committed to research and development for securing the IoT ecosystem. Project Iris is focused on visibility and monitoring of the edge, that is the edge gateway and its connected devices. Figure 2 represents a high level architectural view of the EdgeX Foundry components.
Figure 2 - The EdgeX Foundry High-level Component View