Two security experts from Huawei Shield Lab (Huawei’s Central Research Institute) shared their research vision on IoT security at the 11th ASIACCS (ACM Asia Conference on Computer and Communications Security) conference, which was recently held in Xi’an, China. In order to overcome coarse-grained access control and long lead times for identifying malicious behavior, their invited talk focused on studying security mechanisms which enhance the security of smart homes and connected cars.
Many ICT enterprises have released their own IoT products and platforms to grab a share of the booming IoT market and to foster the creation of their own IoT ecosystems. However, the security and privacy challenges posed by the rise of the IoT and the now wide proliferation of smart devices have to be addressed carefully and innovatively before IoT services are widely accepted. This is because conventional IT security defensive technologies have been shown to be incapable of resisting novel attacks against constrained IoT devices which have been massively deployed.
Motivated by this observation, the Huawei security experts highlighted new security mechanisms which can adaptively learn from existing attacking mode databases, then identify and prevent new security and privacy threats.
As a result, a variety of IoT scenarios can be protected effectively, as Dr. Tieyan Li explains: “Connected car security architecture focuses on the security of on-board equipment, automotive systems and internal/external networks, which can be met only via systematically integrating separation, control and obfuscation mechanisms. Once these security solutions feature a self-learning capability, newly emergent malicious behavior or attacks can be identified quickly.”
Dr. Guilin Wang, another Huawei security researcher, pointed out: “To design smart home security architecture resistant to emerging threats like functionality extension attacks, IoT applications, devices and networks need to be protected with new end-to-end security mechanisms with fine-grained access control policies. For this purpose, lightweight identity-based cryptography, password-based authenticated key exchange, and blockchain are likely to be the key security mechanisms that can be applied to realize fine-grained access control, authorization and trust establishment between users and devices in IoT scenarios.”
As a result of discussions between security professors and professionals attending the conference, it is now believed that greater efforts are needed from academia, industry and governments to study and specify international IoT security standards which are more secure and easier to implement. Huawei, one of the global leading providers of IoT devices and network solutions, is dedicated to this mission and is always open to collaboration with all parties interested in this subject area.
ASIACCS is a well-known global security conference, which was established by the Association for Computing Machinery (ACM) 10 years ago. ASIACCS 2016 covered various topics including network security, system security, IoT security, cloud security, and applied cryptography.