 |
 |
Ioetec are working in partnership with many organisations to improve cyber security for IoT devices
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
What’s the Problem
The Internet of Things is experiencing explosive growth but what’s being developed right now is a massive problem, creating a vast web of weak or totally unsecured connections. Ioetec’s vision is to create a better safer secure Internet of Things, so we tackled THE most difficult problem facing the industry today, how to secure data from the edge node through to the end user.
As the Internet of Things (IoT) grows there are an ever-increasing number of interconnected devices gathering data on all aspects of our lives. Along with the technical complexities of implementing an IoT communications platform and scalable cloud infrastructure, there are concerns regarding the lack of security of these devices.
It is increasingly important to preserve the integrity, confidentiality and accessibility of data as well as safeguard against the dangers of these devices being exploited to launch cyber-attacks.
Security methods such as TLS are well established for large central servers such as those used by banks, however due to the complexity of the mechanisms used to protect this data they are not always suitable for the small, resource constrained devices used for IoT. This has caused many manufacturers to ignore the problem and fail to implement adequate security and therefore suffer from security flaws such as weak authentication and encryption, default username and passwords, and poor update and patch procedures.
The Ioetec Service
Ioetec Limited have developed an innovative solution to counter this issue – an end-to-end secure communications platform.
As well as providing the communications and cloud infrastructure, the Ioetec solution uses encryption and authentication technology to ensure that data is secured from the sensor to the user. This removes the risk of existing vulnerabilities and provides security exclusively for the user, including privacy from third parties, and protecting data against malicious attackers, governing bodies and manufacturers.
The Ioetec solution is provided to the manufacturers to be included in their product so they do not have to design their own solutions. The service is free during development and only charged when product is sold to a customer and becomes live. Ioetec provide a simple range of subscription & technical services to ensure your IoT device works efficiently and securely for your customer.
Talk to the Ioetec team today about your requirement and we’ll work with you to select the best plan for your range of products.
Secure by Design
The Ioetec service already meets the DCMS Secure by Design requirements and provides manufacturers with an easy to use, off the shelf solution.
| Requirement | Ioetec Status |
| No default passwords | √ Automatic registration and key exchange. No default passwords required |
| Implement a vulnerability disclosure policy | √ All users notified of any vulnerabilities. security@ioetec.com cyber@ioetec.com info@ioetec.com are all monitored for incoming notifications. |
| Keep software updated | √ Checks version, hash code and end-of-life against database when device registers. Supports secure device code updates |
| Securely store credentials and security-sensitive data | √ All sensitive key information held in transient memory. Device automatically reregisters if information deleted |
| Communicate securely | √ Ioetec uses AES for encryption and TLS/RSA for key exchange |
| Minimise exposed attack surfaces | √ Ioetec only requires a single port for each of socket and MQTT connection. All others closed. Cloud service fully secured |
| Ensure software integrity | √ Check version and hash code against database. |
| Ensure that personal data is protected | √ Data is encrypted in transit and at rest |
| Make systems resilient to outages | √ Cloud service include automatic elastic scaling and geolocation resilience |
| Monitor system telemetry data | √ Automated procedure for monitoring server logs and performance and sending alerts using AWS Cloudwatch |
| Make it easy for consumers to delete personal data | √ Customer can delete account, sensors and data. Automatic projection of data as only the user has the unlock keys |
| Make installation and maintenance of devices easy | √ Automatic registration with no user interaction required (apart from creating a master account and registering ownership of a device) |
| Validate input data | √ All input on Ioetec web interfaces is fully validated. Guidelines provided to manufacturers for input to their data input sources |
Act Now
The time to act is now. Contact us for further information on the Ioetec Service.