Harbor Research - Designing Security for the Internet of Things & Smart Devices

8/9/2019 Harbor Research - Designing Security for the Internet of Things & Smart Devices

1/25

SECURING THE FUTUREWhite Paper

Harbor Research, Inc.S A N F R A N C I S C O | Z U R I C H

After a decade of rampant

growth, we see that the

Internets architecture has

been both a blessing and

a curse. It has evolved to

become the fundamental

platform for all intelligentdevices to share information.

The dliemma lies in the fact

that the network of networks

is still quite vulnerable to

security issues and the IT

community who we trust

are working to resolve these

challenges are still operating

with outdated models that

cannot serve the needs ofa truly connected world.

One company, Mocana

has developed a unique

approach to networked

device security that offers

a proven foundation for

the complexity of a global

information economy.

Designing Security ForThe Internet of Things


2/25

When it comes to preparing for the global

information economy of the 21st century, mostpeople assume that the existing IT community

and its army of technologists are taking care of

all the details particularly securing the devices

and data that will continue to grow exponentially. They take it on faith

that the best possible tools and designs for securing transactions

and managing information are already in place. That is potentially a

huge unfounded assumption. This paper examines a new and unique

approach to securely enabling the growing number and diversity ofdevices connecting to the Internet. Mocana demonstrates that it is

possible to migrate gracefully and securely to the Internet of billions

upon billions of things if we first accept that the tools available today

were not designed for the tasks they are now routinely performing.

IS OUR NETWORK GETTING TOO CROWDED

ur society is at the cusp of a perfect storm of network connectivity e concept of

network effects states that the value of a network grows exponentially with the number

of nodes connected to itlong with the value however so too grows the complexity of

managing the network the difficulty of securing it and the reliance of people and orga

nizations on these networks functioning properly

e nternet was designed in the s to allow the incompatible data networks and

computing systems of the time to share informationto talk to each othere n

ternet is literally a network of networkss we know it today the public nternet is a

worldwide embodiment of those original data communications protocolswhich are

by design extremely simplee original designers made very few assumptions about

the data being sent and about the devices connecting to the network to send and receive

data

t is this extensible technologyneutral basis of the nternet that has allowed it to scale so

dramatically and gracefully since its inceptionwith minimal central administratione

massive volume of datapoints coming from the growing number and diversity of smart

2

Securing The Future - White Paper

Designing Security For The Internet of Things

2007-2008 Harbor Research, Inc. All rights reserved. http://harborresearch.com/

[email protected]


3/25

devices presents an unprecedented information management challengeo too does the

evolution of devices to network platforms capable of delivering and consuming

applications and services at data will require scrubbing filtering compression warehousing analysis reporting and perhaps more importantly securinge astronomical

growth of connected devices that continues today and is predicted well into the future

pushes the bounds of what the designers of the nternet had in mind

e growth of devices on the nternet today is chiefly occurring in two distinct ways

e first is that previously separate networks such as video voice cellular etc are all

migrating toward shared s opposed to organic growth of devices on the periphery

this trend requires the nternet to absorb wholesale transi

tions of fullscale networks into its existing framework

t the same time new classes of devices are becoming net

work enabled e types of devices being connected today

extend far beyond the laptops and cell phones we have be

come so accustomed to ny manufactured object has the

potential to be networked oday virtually all products

that use electricity from toys and coffee makers to cars

and medical diagnostic machines possess inherent data

processing capability

t thus follows that virtually all electronic and electrome

chanical products are being designed with more and more

capabilities e fact that many common devices have the

capability to automatically transmit information about sta

tus performance and usage and can interact with people

and other devices anywhere in real time points to the in

creasing complexity of these devices or example today

the average mobile phone contains just over million lines

of code this is expected to rise to million by n

automobile on average has million lines of code this is

predicted to grow to over million by

bjects that operate completely independent of human interaction are being networked

as part of the growing trend in machinetomachine communication ecurity

cameras transmitting digital video electric meters sending regular usage readings even

Device Growth Statistics

There are approximately 2.8 billion

million new ones added daily - Projected

the global network will need to

accommodate one trillion devices, most

of which will be wireless devices.

M2M communications are projectedto surpass human-to-human

3




[email protected] 800.595.9368 415.615.9400 +41 435 000 153


4/25

simple sensors and circuit breakers are being enabled so they can talk to us and to

each other

is phenomenon is not just about the dichotomy between people communicating with

people or machines communicating with machines it also includes people communicat

ing with machines eg a networked and machines communicating with people

eg automated stock ticker alerts on your e nternets most profound potential

lies in its ability to connect billions upon billions of smart sensors devices and ordinary

products into a global digital nervous system that will allow every business the ability

to achieve undreamedof efficiency optimization and profitabilityowever the nature

and behavior of a truly distributed global information system are concerns that have yet

to take center stage not only in business communities but in most technology com

munities too

WHY WE NEED TECHNOLOGY TO SAVE US FROM TECHNOLOGY

fter more than a decade of rampant growth we see that the nternets inherent archi

tecture has been both a blessing and a curseith the rapid growth of wireless networks

from cellular to ii to igee connecting these devices to the nternet has never

been easier hat we need is a remarkably agile global network that can comfortably

scale to trillions of nodessome of them hardware some software some purely data

many of them coming into and out of existence or changing location constantlybvi

ously

such a network cannot bedesigned

in any ordinary sense

ertainly

it cannotbe designed topdown

ome basic design principles must be put in place to guide the growth of this vast distrib

uted technological organism t demands that we design not only devices and networks

but also information interaction in ways not addressed by current e reader may

ask dont we already have a vast public information space called the orld ideeb

idnt the eb completely revolutionize human communicationnd isnt the eb

working and scaling quite handsomely

lmost everyone will answer with a resounding esut consider this analogy from

uckminster ulleruppose you are traveling on an ocean liner that suddenly begins tosinkf you rip the lid offthe grand piano in the ballroom throw it overboard and jump

on it the floating piano lid may well save your lifeut if under normal circumstances

you set about to design the best possible life preserver are you going to come up with the

lid of a grand piano

4




[email protected]


5/25

e growing scale of interactions between devices with more and more features and the

antiquated clientserver architecture of the web is like that piano lidn a period of great

change and tumult it workedin the sense that it kept us afloatut that does not make

it the best possible design or qualify it to be something that we should plan to live with

forever

et in the course of one mere decade the world has become so dependent upon the eb

that most people inside and out cannot bring themselves to think about it with any

critical detachmentven hightech business people use the terms theeb and the nter

net interchangeably without giving it a thought

ut the eb is not the nternete nternet itself is a simple elegant extensible scalable

technologyneutral networking system that will do exactly what it was designed to do forthe indefinite futuree same cannot be said of the eb which is essentially an applica

tion running on top of the nternett is hardly the only possible nternet application nor is

it the most profound one conceivable

Moores Law - Transistors Per Intel Chip Drive Growing Complexity

5




[email protected] 800.595.9368 415.615.9400 +41 435 000 153


6/25

e chilles heel in this story does not originate in browser software or markup lan

guages or other superficial aspects that most users touch directly ose inventions are

not necessarily ideal but they are useful enough for today and they can be replaced overtime with better alternatives

ather the growing bottleneck lies in the relationship and interactions between ever

more complex devices and the antiquated clientserver architecture of the web ith

memory and processor capabilities getting cheaper by the day product designers are em

bedding feature upon feature into their designshat may finally bring oores law to

its knees is the sheer complexity of software driving infinite interactions

e growing disparity of devices on networks is diluting the ability of technicians to ef

fectively manage them t is extremely difficult to keep up with the unique requirements

of each new device and all its advanced features ncreasingly what is needed is a means

of creating an abstraction layer that unifies common tasks and manages the complex

ity of implementation down to the device ustomers expect networked devices to be

functional ubiquitous and easytouse ithin this construct however the first two

expectations run counter to the third n order to achieve all three the network must be

loaded with intelligence

hen telephones first came into existence all calls were routed through switchboards

and had to be connected by a live operator t was long ago forecast that if telephone

traffic continued to grow in this way soon everybody in the world would have to be a

switchboard operator f course that has not happened because automation was built

into the network to handle common tasks like connecting calls

e are quickly approaching analogous circumstances with the proliferation of connected

devices or device networking ach new device that comes online now requires custom

ization and maintenance just to exist safely on the network and perform the same basic

tasks securing provisioning reporting etc as most otherse must develop methods

to automate and facilitate these common functions otherwise the lack of technical ex

pertise will only get worse and will continue to hold back device networking from the

truly astronomical growth that many have forecast

6




[email protected]


7/25

THE INTERNET OF THINGS: HOW MANY THINGS & WHERE ARE THE THINGS?

ntelligent device networking is a global and economic phenomenon of unprecedented

proportions t will radically transform customer service resource allocation and pro

ductivity

arbor esearch expects that by there could be anywhere from million to

over one billion devices communicating continuously ese devices will drive new net

worked applications and services such as status monitoring usage tracking consum

able replenishing automated repairing and new modes of entertainment whose value

together could reach beyond billion in valueadded revenues from servicesese

new services are based upon the convergence of networks embedded computing control

and content

casual but informed observer may say that is preposterous particularly considering

some of the fluffy prognostications from the e era ell consider that depending on

your definition of a sensor there are already more sensors on earth than people o the

Global Device Networking Market Growth is Exponential

7




[email protected] 800.595.9368 415.615.9400 +41 435 000 153


8/25

well informed the potential scale of device connectivity and value added network services

is less a question about whether it will happen and more often a question about when

oon any device that is not networked will rapidly decrease in value creating even great

er pressure to be onlineevices will blend into every venue and vast opportunities will

arise for companies delivering managing and responding to the rich media and data

being generated

is is not an isolated phenomenon by any means o matter what means are used to

segment markets growing device networks have applications in every venue across the

global economy

nything that operates over cell phones computerso phones car navigationsystems is capable of intercommunicating with other devices is is relatively easy

to conceive of in the familiar contexts of consumer and business devices like these but

the chart helps illustrate some of the devices being connected in other less familiar areas

ophisticated expensive devices are among the first to get connected so that they may

be closely monitored and report information about their status indmills pipelines

Any Thing On A Network Can Communicate With Other Things Across Global Venues

8




[email protected]


9/25

construction equipment oil rigs harvesters mass spectrometers and mass production

equipment any piece of highvalue capital built within the past twenty years has somekind of embedded electronics and the newer it is the greater the intelligence

ven in developing areas new networking technologies are keeping up with and even

outpacing growth here in orth merica ey have latemover advantage which

allows them to design infrastructures with new requirements and capabilities in mind

eveloping regions tend to skip steps that seem standard in firstworld countries

or examplemany developing countries use cell phones as their dominant means of com

munication as the wireless infrastructure is easier to set up than running telephone lines

to every house onsequently data communications must also operate predominantly

wirelessly raising the importance of developing technologies like iax and cellularbroadband acking many preconceived notions for how certain products and devices

have functioned in the past these markets may well be among the most receptive to new

servicecentric offerings from networked product manufacturers and their partners

soores law persists and the price of embedding intelligence and connectivity into de

vices continues to fall networked devices push further and further into the mainstream

is process is somewhat selfreinforcing as low prices are driven by high quantities and

vice versamaking these devices increasingly prevalent in our lives and businesseshile

the growth is spread through all areas of our lives it is concentrated on the same global

network e immense growth that is just now beginning will continue to acceleratecreating new strains on existing infrastructure and skill sets

A DAY IN THE NEW NETWORKED LIFE

ust consider the number of devices that exist with the potential to be networkedalk

through a typical day and note the variety of electronic devices with which you interact

ach devices uses and functions have the potential to be expanded with networking

ach of these devices can benefit from connected services and this is just the tip of the

iceberg is phenomenon has farreaching effects the likes of which have never before

been seen in business or our everyday lives e nternet versions and had broad

implications on how people and businesses interact with computers and other new in

formation devices but did not necessarily change every aspect of our lives evice et

working represents version of the nternet and it will be felt in everything that we

9




[email protected] 800.595.9368 415.615.9400 +41 435 000 153


10/25

touch and do o matter who you are what industry or what job function this tidal

wave of change will be inescapable

Network Devices In Everyday Life Will All Drive New Services

THE STAKES ARE HIGH FOR BOTH INDIVIDUALS AND THE ENTERPRISE

odays enterprises are evolving at a pace unseen before in human or business history

hile they grow they fall subject to an intriguing paradox as they become ever more

connected they also get more dispersed and visa versa lobalization and outsourcing

penetration of broadband networking and pressures to be financially lean have all con

tributed to the trend of distributing organizational resources hether it is managing

a workfromhome sales force or teleconferencing with clients on a different continentorganizations are relying on networks to keep them connected as they grow ever more

diffuse

s their prey evolves so do the predators so as enterprises improve and expand their

networks hackers are constantly developing new tools for breaking into themot only

10




[email protected]


11/25

does this growth mean more endpoints for organizations to secure but even devices

thought to be protected are increasingly susceptible to attackskilled hacker can easily circumvent security measures that are old weak or not properly configured

orporations invest millions of dollars on physical perimeter security for their offices

but what is the point if the information flowing constantly to and from the building is

not secureith the increasing use of streaming media over networks like elecon

ferencing andomore and more valuable and potentially sensitive information is be

ing transmitted often unprotected et with these realtime communication services

latency is misguidedly the main concern not security or fear that security measures

will slow down transmissionsmany are not secured properly if at allffectively secur

ing these devices requires a solution that is highly optimized and can operate effi

cientlywithout introducing latency and disruption to the communications process

hile corporations face security concerns over evergrowing corporate networks simi

larly individuals must deal with concerns over their increasing vulnerabilities onve

niences like wireless credit cards cellphone payments online banking and more leave

us increasingly exposed to information interception and identity thefthether for

home or for enterprise no matter what type of business security is a common concern

and one that will be discussed in detail later in this paper

STRANGE BEDFELLOWS THE RISKS OF CONNECTEDNESS AND OPENNESS

etworked devices providing and consuming realtime data and services will be the

hallmark of our newetworked ocietyese new devices will become portals into

other network resources in which device users will gain utility not only from the devices

themselves but from a variety of adjacent value added service providers s it evolves

this infrastructure will amount to nothing less than a global digital nervous system

for commerceindeed for society itself

onsider the implications of pervasive networked devices not just on the user experi

ence but on the organization of businesses aligned to deliver value to these users e

value chain for a nonnetworked device has remained relatively consistent for hundreds of yearsrom raw materials to components to finished products the obligations

of the manufacturer and their relationship with their customer essentially began and

ended at the point of sale

ost businesses have been built around this productcentric paradigm it is ingrained

in their culture and organizational structure to focus all of their efforts on selling a

11




[email protected] 800.595.9368 415.615.9400 +41 435 000 153


12/25

physical product ut now device connectivity is changing the entire structure of value

delivery threatening longstanding business models and forcing all companies to con

sider how to participate in service delivery and building ongoing relationships with their

customers

ather than owning decliningprofit commodities companies will aggressively need to

seek innovation in value added services and ensure that they maintain some control over

access to their devices in the field and the stream of device data coming in through them

ost importantly thanks to that device data companies will own their relationships to

customers in ways never before imaginedhat happens after that point depends upon

the strategy adoptedcompany could for example lease part of its stream of customer

informationand thus part of the customer relationshipto another company wishing

to provide value that is not part of the first companys businessther relationship own

ers could lease relevant parts of their own customer information back or share informa

tion in a joint venture or some other contractual arrangement

ew capabilities will bend the traditional linear value chain into a loop of complex in

terdependencies that will demand new thinking and will require new alliances with the

many new participants in the chain

usinesses that create the best ecosystem of alliance partners from complementary de

vice manufacturers to third party application software providers will be the most suc

cessfulevice manufacturers network service providers new software and value addedservices players will all combine to create significant business and customer service value

or devolve into an environment of strange bedfellows

ven if a device manufacturer decided that it did not want to build an ecosystem and

instead wanted to vertically integrate and own all aspects of device networking for a

particular class of devices it must still embrace the concept of value added services and

recognize that it is the combination of hardware software and value added online ser

vices that define the ultimate value to end customersou need look no further than

pples iod device and iunes service for a present day examplen a very short period

of timepple has rocketed to become the third largest music retailer in the world whilealso creating a billion dollar revenue device business all with a device that connects to

a networked service

12




[email protected]


13/25

ow with the introduction of the ihonepple is entering a market that many would

consider saturated the cell phone market whose structure is the definition of linking de

vices and services ot only must a cell phone plan match the capabilities of the device

often the ongoing service fee is used to offset the upfront cost of the device n pples

case they feel they can be successful here both for the revolutionary capabilities of their

device and for the range of new services it will allowor the first time the ihone al

lows uncompromised access to web content from a cell phonehile not fully open the

ihone will allow third party developers to write webbased applications for the device

is is sure to cause significant disruption to the market as a broad range of new partici

pants start gravitating towards delivering new functions and services to cell phones all of

which will deliver enhanced value to users of the devicesaken to the extreme this all

has the potential to redefine the definition of a cell phone

Expanding Constituents In The Networked Value Chain Create New Value & New Risks

13




[email protected] 800.595.9368 415.615.9400 +41 435 000 153


14/25

ith all of this cooperation and collaboration not just around cell phones but all net

worked devices it is a foregone conclusion that the device networking community must

agree upon universally accepted open communication standards hile historicallyproprietary protocols have dominated in some arenas the pervasive nature of is

eroding these proprietary boundaries will over time be the dominant transport for

device networking

s revolutionary and farreaching as the devicenetworking paradigm shift is this does

not change everything and the eternal truths remain eternalhen you open yourself

to relationships and connect to other people or devices you can get hurtnd the

greatest opportunities usually involve the greatest riske realworld risks of open

technology and asset connectedness include possible breaches of secure systems that canhave catastrophic impact

WAITING FOR THE WAKE UP CALL YOU HOPE WILL NEVER COME

espite a growing awareness of the presence of connected devices and their importance

as a phenomenon there is quite little understanding within most device manufacturers

service providers and enterprises as to how best to secure them and the services they

enableevice security is usually handled on an adhoc basis surrounding a device or

network specific projectarely are there horizontal organizationwide security solu

tions from which a device manufacturer and device network might benefit nstead

security design and implementation decisions occur deep within organizationsften

times individual developers are left to port software designed originally for andserver security to their burgeoning devices and device networksesides being labor

intensive this is not a scalable solution nor does it provide adequate functionality or an

acceptable level of protection

any companies today have let their connectivity outpace their securitye focus

of most companies security efforts is on devices with which humans interact directly

ey fail to realize that each newly connected device represents another potential point

of weakness through which hackers can gain unauthorized access to sensitive informa

tionese customers must demand more complete security from their device manu

facturersften device manufacturers will do the bare minimum claiming securitysupport that is in reality very narrow and only provides protection along a very limited

dimensione practical consequences of the resulting underinvestment and trivializa

tion of security can be devastating

14




[email protected]


15/25

ecently the major retail chaino operator of such stores as axxarshalls

and obs incurred a security breach that reportedly resulted in the exposure of at least

million customers debit and credit card informationeportedly hackers accessedthe network wirelessly while parked outside using a laptops a consequence the com

pany is facing backlash and lawsuits that according to some estimates have potential to

cost nearly billion and may jeopardize the entire company itself

ccording to some reports nearly percent of laws that include personal information

have an express encryption standard written into the definitioney define personal in

formation under the law as data being unencrypted or they use a harm standard stating

that if there is an encryption there is no probability of identity theft or harm to the vic

timt started with house bill in alifornia approximately five years agoow

states have similar laws and there are provisions as well for financial institutions whichare federally administeredn those industries where the level of connectedness and the

value of the data are both high such as financial services the costs of security breaches

have proven to be so substantial that many of these enterprises are already carrying data

breach insurance ese same dynamics will absolutely play out in device networking

perhaps even to a greater degreehile the example above illustrates the huge potential

for financial liability associated with security breaches device networking has potential

to take this one step furtherdevice network security breach can have devastating real

world life and death consequences

e problem with securing todays device networks is one of human nature one of motivation and incentivesnvesting in security is sometimes viewed as buying insurance

and unfortunately many companies do not face up to the risk until after theyve already

experienced the impactust as airport security increased after or a household will

finally invest in an alarm system after a breakin it often takes some kind ofwakeup

call to get motivated to upgrade device network security

urther corporate structures and the segregation of expertise therein means that usu

ally the person in charge of investment decisions related to security is not the person with

the keenest understanding of the present risks and protection level technician who

calls for a security upgrade out of the blue is easily ignoredn engineering manager in adevice manufacturer is only concerned with satisfying minimally specified requirements

regardless of how nave those specified requirements aren the absence of any problems

managers are quick to assume that present measures are working adequatelyet that

reasoning is inherently flawed and dangerousy that logic it could be claimed that this

15




[email protected] 800.595.9368 415.615.9400 +41 435 000 153


16/25

white paper is coated in tigerrepellentnd because there arent currently any tigers

around to prove otherwise we can assume the tigerrepellent is workinge days of

leaving wellenough alone have passed and it is imperative now more than ever notjust to fix problems but to preempt them

hen evaluating any type of risk there are two main considerations that must be

weighede first is the likelihood or chance that a particular undesired outcome

would occurn the security context this comes down to an assessment of a device or

networks vulnerability or protection levele second consideration is the size of the

impact that would occur if such a risk were to materializen the realm of security

the potential consequence could be just a few hours of network downtime or it could

be millions of dollars worth of credit fraud or a device that is rendered inoperable

and must be returned to the manufacturer all of which can cause irreparable damageto the brand and customer confidence

oth of these dimensions weigh into a persons decision of how to approach risk

mitigations they relate to device networking one must also realize that both risk

factors grow quickly with the size of the network that must be protected larger

network means more nodes and endpoints and more potential points of weaknesst

also means more information that has a higher value being transmitted on the net

work and consequently a greater impact if that network is compromiseds networks

grow so too must the focus on security and as they begin encompassing new types

of devices that becomes increasingly difficulte net of this analysis is that a functional and elegantly simple security solution for

devices and device networks becomes the silver bullet of sorts the catalyst that

will allow organizations to comfortably deploy large device networks while also al

lowing them to operate safely catalyst like this may be all that is needed to spur

the enormous growth that has been forecast

THE ANSWER LIES IN A DEVICE SECURITY FRAMEWORK

solution that effectively manages the security requirements of disparate devices

must have two main qualities automation and homogeneity t must handle common tasks without human intervention and it must provide a single platform and

interface for interaction with a wide range of devices hat is needed is new infra

structure software plus centralized business processes for dealing with security within

and across device manufacturers and service providersis software solution would

16




[email protected]


17/25

be a combination of resident software embedded in the devices plus capabilities deliv

ered as applications across the network

s this is describing the unique needs of an entirely new type of network it stands to

reason that this solution does not fall within the specialties of any current mainstream

software companies n fact the evice ecurityramework being described is best

viewed as an entirely new market category

ith the disjointed patchwork security solutions presently in place and the lack of

general market understanding particularly among larger software players of what is

needed for device security the field is wideopen for any viable solution evertheless

Mocana Device Security Framework 17




[email protected] 800.595.9368 415.615.9400 +41 435 000 153


18/25

this solution must not be a stopgap measure t must create a platform that is extensible

and will be able to solve tomorrows problems as well as todays

t a minimum a evice ecurityramework should address the following security

centric demands across any connected device

4ecure remote device access4ecure data communications between devices4evice identity management4uthentication of devices and device applications on the network including

wireless networks

4echanism for simplified key management4dvanced connection handling capabilities4ird party validated cryptography library4e ability to fully leverage advancements in silicon including multicore pro

cessors and hardware acceleration

ENTER MOCANA

ne company fully understands the needs of these networks and has begun creating a

solution that meets the needs described above an rancisco based ocana orpora

tion has positioned itself as one of the lone players in this new market and while theycould rest on their foresight and the advantage of being the first to recognize the needs

of this market the company continues to develop its evice ecurityramework so

that it meets the aforementioned requirements and more

ocanas solution is fully compliant with validated cryptography algo

rithms meaning it will interoperate with all applicable standardsocanas evice

ecurityramework contains software that gets embedded into devices at the time of

manufacture as well as capabilities delivered across the network known as etwork

pplications

hile philosophically a major supporter of open standardsocana realizes that many

companies build their devices on proprietary operating systems using a wide variety

of chipso scale across these disparate platforms all components ofocanas evice

ecurityramework leverage a common abstraction layer that has two integration axes

one dealing with integration and the other with integration

18




[email protected]


19/25

implistically if chips and are supported along with # then a port to

# will inherit support for chips and automatically by only modifyingthe abstraction axisonversely if # and are supported along with chip

then a port to chip will immediately inherit support for this chip on all threes by

only modifying the chip abstraction axis

is approach provides maximum coverage of and combinations and maxi

mum flexibility for device manufacturers and service providers to make and

decisions independent ofocanas evice ecurityramework

ocanas ramework has another major benefit it can meet the extremely diverse

needs of disparate wired and wireless operating environments ome end devices such

as those involving voice and video require high performance ther devices on theperiphery may have intense restraints on power consumption to prolong battery life

till others have constraints on memory and processing capabilitiesocanas solution

can meet the needs of all of these devices because it possesses three distinct qualities

e etworkpplications are themselves network and device independent

e embedded software is designed to leverage the capabilities being builtinto new chips such as hardware acceleration and multicore asynchronous

The Real World - Operating System & CPU Independence

19




[email protected] 800.595.9368 415.615.9400 +41 435 000 153


20/25

processing providing a higher level of performance and scalability thanmuch of todays mainstream software making it ideal for voice video and

data applications

e embedded software has a very small footprint making it ideal for anyconnected device even resource constrained ones

dditionallyocanas evice ecurityramework is capable of extending to address

emerging threats as well e ramework takes full advantage of network connectivity

and the benefits this brings in being able to have additional intelligence reside in the net

work versus only in the connected device t provides a holistic approach to security and

can also enable an entirely new class of end customer network and device independent

applications and services as described below

INITIAL BEACHHEAD: DEVICE SECURITY

nce a evice ecurityramework is in place it can be used to perform a number of

functions necessary for securing and operating device networks ocana provides not

only the ramework itself but also several initial applications necessary for nearly all de

vice network deploymentsmong the first of these network applications is a solution for

ertificate anagement allowing its customers to provide certificatelevel security and

identification for devices on their networks

o understand the value ofertificatebased security takes a brief description of the pro

cedure itselff a theoretical entitylice wants to receive secured communications overa network she uses her own unique algorithm to create both a ublic ey and a rivate

eyhile these two encryption devices are related one cannot be used to determine

the others an analogy iflice wanted to receive a secure object in the mail from her

friend ob she might first send him an open padlock the key to which she kept herself

ob could then use that lock to secure his message before sending it knowing that only

lice using her key can open itn this analogy the keylice kept is her rivateey and

the lock she sent out is her ublic eylice could make these open locks available for

anyone who wants to send her a message knowing that the messages once locked will

only be readable by herhile this structure seems secure it creates another problem how does ob know for

sure that the lock hes using to secure his message is actuallylices n the digital realm

where ublic eys abound it is even more conceivable that a malicious hacker could

publish a ublic ey claiming it to belices when in fact it is noto solve this problem

20




[email protected]


21/25

requires a rusted ird arty or ertificate uthority known and acknowledged by

bothlice and obis third party would know exactly whatlices ublicey should

look like and by confirming with its own igital ignature that the ublic eyob is

receiving matches that which they have on record for lice could verify her identity so

that the secure transaction may proceedis is exactly what a ertificate does it is an

electronic document containing the digital signature of a trusted third party that links a

public key with an identity

ertificates are typically issued with expirations dates in the range of about one year so

they do not need to be issued for each transaction they can be reused for a period of

time as long as the identification information of either party has not changedhile cer

tificatebased security is among the most effective methods for securing communications

on a network it also leads to several accompanying tasks that are often labor intensive

raditionally certificate management including enrollment renewal revocation

expiration query etc is a manual processut with the size and growth of device

networks manually managing these tasks does not scaleuilt on the imple ertificate

nrollmentrotocol an evolution of the protocol developed for traditional non

devicecentric networks byerisign and isco ystemsocanas ertificate anage

ment application allows for automation of these and other common tasks

ertificatebased security for networked devices completely shifts the paradigm of how

manufacturers and users may conceive of their devicesrom an information perspective

once a device and its identity are trusted so too is any other information it might convey

about itself and its environmentis might range from location information to usage

data to information about or from other devices near itimilarly once a users identity

can be tied to a device in a secure fashion user names and passwords become unneces

sarye ability to incorporate and transmit this accompanying information opens the

door for the creation of a whole new class of services to endusersn addition to basic

services required for device network operation such as certificate management a tidal

wave of yet inconceivable applications is just over the horizon

DEVICE SECURITY FRAMEWORK FUTURESalling this new platform a evice ecurityramework is somewhat restrictive hile

security is its first and most important capability the ramework allows for the secure

delivery of any services or applications to devices on the network n a broader context

21




[email protected] 800.595.9368 415.615.9400 +41 435 000 153


22/25

this trend of linking devices with accompanying services has been in the marketplace for

some time nowust consider the previously mentioned iod and iunesio service

and the io boxlackberry handhelds with data service plansese are all

examples of traditional product manufacturers that have distinguished themselves by

pairing their devices with highvalue servicesarbor esearch has been tracking this

market trend for several years and while it has been gaining recognition devicecentric

services have not yet seen the explosive growth that has been predicted

ow it is apparent that difficulties with security and identification of devices on a net

work and the secure scalability of those networks themselves have thus far hampered

their growth both in a literal sense and in the broader marketith the combination of

its technology and its relationship with device makers and chip manufacturers ocana

is in the unique position to remove this significant obstacle from the equation and spur

the growth of this burgeoning service industryy doing thisocana has the potential

to capture enormous value for itself and its ecosysteme success of the iod created a

billiondollar side industry for accessories while keeping its network services proprietary

n the near future we will see an abundance of devices on open networks allowing the

creation of an enormous new side industry that of third party device centric service

providers

ocana has a keen awareness of this potential as demonstrated by their ongoing efforts

to build partnerships within the device networking community eir support of open

standards shows that the company realizes that the real value of device networks will

only be revealed upon arrival of those pervasive device applications and services hile

security is most certainly a prerequisite to that and a catalyst for much initial growth

it will be the applications delivering tangible value to device users that will bring device

networking to the mainstream e difficulty here is that these future device services

will not be uniformhile there are a large number of horizontal etworkpplications

each device type each customer segment each industry will demand its own end cus

tomer facing device applications and services e requirements are so farreaching that

no single company could ever anticipate and meet everybodys needs ike the networks

themselves the customer facing applications provided over them will be fragmentedhatocana does is provide the platform on which a whole new class of secure identity

based device and network independent applications and services can be builtocana is

getting the ball rolling by providing some initial necessaryetworkpplications rom

here they are open to partnering with thirdparty software developers wishing to build

these applications of the future

22




[email protected]


23/25

MOCANA NOW

espite the futuristic overtones to much of this analysis it is most important to realize

that this device networking trend is happening right now owhere is this exemplifiedbetter than by the fact that ocana has already built a substantial base of customers

some of which are listed below including several ortune companies and many

others of equal significance in their functional areas

rom major device manufacturers to communications companies to chip vendors

ocanas evice ecurityramework is already being embedded into many of the de

vices we see every day ese customers range from consumer and industrial device

manufacturers to makers of network infrastructure products to communication provid

ers ithin this mix also sits several extremely significant adopters of components of

ocanas evice ecurityramework and its components including ortel etworksoneywellhilipsiemens and more

y adopting ocanas software or even incrementally exploring the option all of these

companies are demonstrating to customers investors and the broader market that they

have a grasp on the coming wave of device networkingot only do they understand the

phenomenon but they are showing their commitment to securing the communication

of these devices and to doing so in an open extensible fashion that will allow them to

Sample Adopters of Mocanas Technology Are Diverse

23




[email protected] 800.595.9368 415.615.9400 +41 435 000 153


24/25

be active participants in the growing corporate communities providing smart products

and services

WHERE IT IS VERSUS WHERE ITS HEADED

is white paper has discussed the evolution of device networking and the phenome

nons scale upon arrival t has highlighted some of the benefits of our newetworked

ociety but also its potential dangers t has explained the details of how these networks

will operate technically architecturally and organizationally e net of this analysis

brought to light the need for creating a evice ecurityramework in order to scalably

manage effectively secure and reliably identify devices on our shared global network

ut management security and identification are just the tip of the iceberg ese are

the absolutely necessary prerequisite functions that must be in place in order for our

etworked ociety to begin to bloom nce established a wide range of new applica

tions will begin to be developed ome will run behind the scenes addressing emerging

bottlenecks around efficiency and scalability thers will be more visible delivering a

new level of personalized information to us and to our devices x

hile most of this value will be created by a vast ecosystem of companies and develop

ers making their way into the realm ofevice etworkingocana will continue to

develop and add to the evice ecurityramework enabling it all hether by giving

us confidence through continuing to strengthen security or by creating new uses for the

certainty of device identificationocana will continue to be a catalyst for development

ofevice etworking and a driving force behind one of the most disruptive yet benefi

cial phenomena of ours or anyones lifetime

24




[email protected]


25/25

About Harbor Research, Inc.

Harbor Research Inc. has more than twenty years of experience providing strategicconsulting and research services to high technology clients. Harbors strategy and

business development work is organized around emergent and disruptive opportu-

nities, with a unique focus on the impact of the Pervasive Internetthe use of the

Internet to accomplish global device networking that will revolutionize business by

unleashing entirely new modes of system optimization, customer relationships, and

service delivery.

Harbor Researchs clients are leaders in communications, computing, control, and

content. Harbor Research has built extended relationships with larger multi-line

companies including AT&T, ABB, Agilent, General Electric, Danaher, Eaton, Emerson,Hewlett Packard, Hitachi, Honeywell, Hughes, IBM, Intel, Invensys, Motorola, Rock-

well, Siemens, and Texas Instruments, as well as with growth companies such as EMC,

Cisco Systems and Qualcomm. We also work with a broad array of emergent start-

ups and pre-IPO technology ventures. We have built relationships with a number of

signicant Pervasive Internet players, including Ember Corporation, Questra Corpo-

ration, GridAgent, DeepStream Technologies and Dust Networks, to name a few.

CONTACT

Glen Allmendinger, President

Harbor Research, [email protected]

25




info@harborresearch com 800 595 9368 415 615 9400 +41 435 000 153

Harbor Research - Designing Security for the Internet of Things & Smart Devices

Documents