Are your IoT devices secured? IITKGP develops light weight IoT Security technology

shreyoshi's picture
It often happens with us that we reach home to darkness or an empty refrigerator. But with Internet of Things (IoT), the world is changing so fast that you can switch on your home lights or get reminders to refill your refrigerator and buy groceries on your way back from work. And these are the least of what a smart IoT infrastructure can do. IoT today is significantly used in healthcare, logistics, transportation, fin-tech, telecom, smart cars etc. Through IoT, doctors can remotely monitor the pacemaker is a patient’s heart and modify its pace. So can a route be redefined for a truck already on road carrying cold storage to reduce power consumption or that of smart cars being guided of road traffic. In nutshell your world is at the control of your fingertips.
What would look as ‘the future is here’ is not without a nemesis - manipulation of command control by malicious adversaries. The IoTs run on a command being sent out from one device to another through a network, and these commands are often non-encrypted which makes electronic devices vulnerable to hacking and manipulations in command. A hacker can monitor the communication data traffic of IoT devices through any wired or wireless connection, and replace them with manipulated commands. This can lead to severe damages. Think of a patient’s pacemaker or the fintech devices being accessible to hackers. Or recall the movies where the CCTV cameras are hacked and made to display selective videos covering for burglaries. Even business houses may incur huge losses for change in logistic plans through unauthorized use of IoT. But this is typical to any electronic device connected to internet and like anti-virus, scientists have figured how to secure these connections.
The popular approach to protect against these kind of security and confidentiality threats is encryption. But encryption is not practically feasible for IoTs as it requires huge computation and power consumption. For example, in case of an implanted pacemaker it is not feasible to repower it repeatedly at short intervals of time, as that would require multiple cardiac surgeries. This issue has now been addressed by scientists at IIT Kharagpur in the Dept. of Computer Science and Engineering (CSE). A team of scientists have indigenously built ‘Physically Unclonable Functions’ (PUF) for securing unencrypted networks. “The PUFs consumer very less power and are light weight, hence can be installed in any IoT device. PUFs are fingerprint generator circuits for electronic objects which uniquely identify each object, and help in authenticating the commands sent to connected IoT devices. The receiving device shall read the command, verify the authenticity of the sender and then operate” explained Prof. Rajat Subhra Chakraborty, who is one of the two main faculty members leading the research efforts associated with the IoT Laboratory of the CSE department, the other faculty member being Prof. Debdeep Mukhopadhyay. PUF would ensure security protocol for device authentication, light-weight key exchange and secure communication.
A prototype has already been developed by the team which is currently being tested on commercially available devices at the IoT Lab. The project has already been funded by Wipro, a major IT multinational company based in India. “The team is also working towards designing and fabricating a PUF based integrated circuit and making it available as part of a printed circuit board (PCB) which could be used by commercial IoTs” added Prof. Chakraborty. The team has also developed the capability to remotely rectify or upgrade IoT devices.
“Testing has already been successfully completed for wireless smart lighting system and wireless IP CCTV camera. The team equipped the devices with PUF and tested them for unauthorized usage which was prevented through PUF” said Urbi Chatterjee, research scholar at the CSE department.
With the smart technologies of 21st century are significantly changing our lives, PUFs will find wider use in smart energy metres, medical devices, smart surveillance controlling temperature, humidity, CCTV and even smart cars. In India the technology would find typical application in preventing disruptions in smart logistics systems, tracking counterfeit medicines, tracking public distribution system, etc.
A patent with the Indian Patent Office is in the process of filing and the research has been published in several international journals of repute such as ACM, IEEE etc.