Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Search
Demystifying Internet of Things security : successful IoT device/edge and platform security deployment
Cheruvu S., Kumar A., Smith N., Wheeler D., Apress, New York, NY, 2020. 488 pp. Type: Book (978-1-484228-95-1)
Date Reviewed: Dec 12 2019

When a paper on Internet of Things (IoT) security is too brief, experienced users will look for other papers. This book covers many aspects of IoT security, from hardware to applications and systems.

The first chapter covers why Stuxnet happened and what could have been done to prevent it from happening. To make IoT more secure, the authors conceptualize the pyramid of IoT, from device hardware to cloud servers; consider the limitations of Moore’s Law; and demonstrate the negotiation of trust with IoT. One suggested solution is the implementation of a trusted computing base for the entire IoT, including encryption keys, secure communication, and secure storage.

The second chapter focuses on IoT frameworks and complexity. An IoT system is divided into five elements, starting with the device and then system management and framework. The authors include a one-page table of the tradeoffs between cryptography types and give five criteria, including hardware-constrained environment and scalability. This, followed by a brief discussion of algorithms, is to be used with quantum computers that are not yet widely marketable. The authors complete the chapter with four more topics: framework architecture (of layers), consumer standards, industrial standards, and framework gateways.

The third chapter starts with a brief discussion on how vulnerabilities, when carried out, can impact assets from chips to applications/framework. Memory encryption technologies and platform trust technology are some of the other platform security hardware features covered. The remaining parts of the chapter focus on what security experts already know: device boot integrity, data protection, and runtime protection. The section on threat mitigation scenarios is too brief for further discussion.

Chapter 4, the longest, covers software security built or suitable for IoT devices, networks, and systems. The authors begin with threats to operating systems, from Linux to Windows, and security services for hypervisors to counter vulnerabilities. In addition to NIST SP 800-125A Rev. 1 standards, they cover security services related to programming errors. They specify three security services not considered by NIST: real-time protection, power management, and protection from external devices. Security matters concerning JavaScript, Node.js, Sails, Java-based Android, and Linux Foundation’s EdgeX Foundry are some examples of application-level frameworks. Discussions on device management, firmware updates, and message orchestration complete the chapter.

The fifth chapter divides connectivity technologies, that is, Ethernet time-sensitive networking (TSN) and wireless technologies. TSN is a vendor-neutral open standard for connectivity between devices from different vendors and between devices and enterprise systems. The authors give a list of published and upcoming IEEE standards for TSN and a list of TSN profiles, including industrial automation, and service provider networks. To help compare wireless technologies, both short range and long range, the authors suggest five factors to consider, including spectrum, service quality, and security.

This same chapter (5) continues with a discussion on protocols, standards, regulatory compliance, and the evolution of cellular technologies. To highlight the advantages of 5G cellular, the authors give examples of 5G technology enablers, including software-defined networking (SDN) and network functions virtualization (NFV). Where short-range, slower technologies like Bluetooth and Wi-Fi are to be used, the authors consider low-power wide-area networks (LPWANs) a good option for increasing geographical coverage.

The final chapter (6) looks at security requirements for IoT vertical applications such as retail, transportation, industrial, and digital surveillance systems. For each application, security objectives, threats, and standards are briefly covered.

The conclusion is treated as an appendix of summaries of each chapter. This can be helpful to readers who wish to read the chapters in the sequence they prefer rather than in sequential order. The index is good but seems to be missing key terms such as standards and protocols, which are of interest to network engineers and administrators.

The book is filled with tables, charts, and pictures to help readers better demystify IoT security by comparing, understanding, and visualizing current practices and requirements. Anyone who wants to stay abreast of IoT security should read this book.

More reviews about this item: Amazon

Reviewer:  J. Myerson Review #: CR146811 (2003-0042)
Bookmark and Share
 
Security and Protection (C.2.0 ... )
 
 
Real-Time And Embedded Systems (C.3 ... )
 
 
Security and Protection (D.4.6 )
 
Would you recommend this review?
yes
no
Other reviews under "Security and Protection": Date
Introduction to data security and controls (2nd ed.)
Edward R. I., QED Information Sciences, Inc., Wellesley, MA, 1991. Type: Book (9780894353864)
Aug 1 1992
Security for computer networks: an introduction to data security in teleprocessing and electronic funds transfer
Davies D., Price W., John Wiley & Sons, Inc., New York, NY, 1984. Type: Book (9780471900634)
Oct 1 1985
The development and proof of a formal specification for a multilevel secure system
Glasgow J., Macewen G. ACM Transactions on Computer Systems 5(2): 151-184, 1987. Type: Article
Oct 1 1987
more...

E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright 1999-2024 ThinkLoud®
Terms of Use
| Privacy Policy