White Paper SECURING THE FUTURE

Designing Security For

The Internet of Things
After a decade of rampant
growth, we see that the
Internet’s architecture has
been both a blessing and
a curse. It has evolved to
become the fundamental
platform for all intelligent
devices to share information.
The dliemma lies in the fact
that the network of networks
is still quite vulnerable to
security issues and the IT
community who we trust
are working to resolve these
challenges are still operating
with outdated models that
cannot serve the needs of
a truly connected world.

One company, Mocana

has developed a unique
approach to networked
device security that offers
a proven foundation for
the complexity of a global
information economy. Harbor Research, Inc.
SAN FRANCISCO | ZURICH
 Securing The Future - White Paper

W
Designing Security For The Internet of Things

2 hen it comes to preparing for the global

information economy of the 21st century, most
people assume that the existing IT community
and its army of technologists are taking care of
all the “details” – particularly securing the devices
and data that will continue to grow exponentially. They take it on faith
that the best possible tools and designs for securing transactions
and managing information are already in place. That is potentially a
huge unfounded assumption. This paper examines a new and unique
approach to securely enabling the growing number and diversity of
devices connecting to the Internet. Mocana demonstrates that it is
possible to migrate gracefully and securely to “the Internet of billions
upon billions of things” if we first accept that the tools available today
were not designed for the tasks they are now routinely performing.
IS OUR NETWORK GETTING TOO CROWDED
Our society is at the cusp of a “perfect storm” of network connectivity. The concept of
network effects states that the value of a network grows exponentially with the number
of nodes connected to it. Along with the value, however, so too grows the complexity of
managing the network, the difficulty of securing it, and the reliance of people and orga-
nizations on these networks functioning properly.

The Internet was designed in the 1960s to allow the incompatible data networks and
computing systems of the time to share information—to “talk to each other”. The In-
ternet is literally a “network of networks.” As we know it today, the public Internet is a
worldwide embodiment of those original data communications protocols—which are,
by design, extremely simple. The original designers made very few assumptions about
the data being sent and about the devices connecting to the network to send and receive
data.

It is this extensible, technology-neutral basis of the Internet that has allowed it to scale so
dramatically and gracefully since its inception, with minimal central administration. The
massive volume of data-points coming from the growing number and diversity of smart

© 2007-2008 Harbor Research, Inc. All rights reserved. http://harborresearch.com/

info@harborresearch.com
t

t

t





Securing The Future - White Paper
Designing Security For The Internet of Things

3
devices presents an unprecedented information management challenge. So too does the
evolution of IP devices to network platforms capable of delivering and consuming IP
applications and services. That data will require scrubbing, filtering, compression, ware-
housing, analysis, reporting, and perhaps more importantly, securing. The astronomical
growth of connected devices that continues today and is predicted well into the future
pushes the bounds of what the designers of the Internet had in mind.

The growth of devices on the Internet today is chiefly occurring in two distinct ways.
The first is that previously separate networks – such as video, voice, cellular, etc., - are all
migrating toward shared IP. As opposed to organic growth of devices on the periphery,
this trend requires the Internet to absorb wholesale transi-
tions of full-scale networks into its existing framework.
Device Growth Statistics
At the same time, new classes of devices are becoming net-
work enabled. The types of devices being connected today There are approximately 2.8 billion
extend far beyond the laptops and cell phones we have be- NPCJMF
QIPOFT
JO
VTF
UPEBZ
XJUI


million new ones added daily - Projected
come so accustomed to. Any manufactured object has the
UP
SFBDI

CJMMJPO
VTFST
CZ
ú
potential to be networked. Today, virtually all products
that use electricity - from toys and coffee makers to cars *U
JT
FTUJNBUFE
UIBU
JO
ú
ZFBST

and medical diagnostic machines - possess inherent data the global network will need to
processing capability. accommodate one trillion devices, most
of which will be wireless devices.
It thus follows that virtually all electronic and electro-me-
M2M communications are projected
chanical products are being designed with more and more
to surpass human-to-human
capabilities. The fact that many common devices have the DPNNVOJDBUJPOT
CFUXFFO
úú
BOE
ú
capability to automatically transmit information about sta-
tus, performance and usage and can interact with people 
CJMMJPO
3'*%
DIJQT
GPSFDBTU
UP
CF

and other devices anywhere in real time points to the in- TPME
JO
úú
VQ
GSPN

CJMMJPO
JO
úú
creasing complexity of these devices. For example, today 7FIJDVMBS
..
NBSLFU
JT
úú
CJMMJPO

the average mobile phone contains just over 2 million lines FYQFDUFE
UP
HSPX
BU
ú
BOOVBMMZ
of code; this is expected to rise to 10 million by 2010. An
automobile on average has 35 million lines of code; this is
predicted to grow to over 100 million by 2010.

Objects that operate completely independent of human interaction are being networked
as part of the growing trend in M2M (machine-to-machine) communication. Security
cameras transmitting digital video, electric meters sending regular usage readings, even

© 2007-2008 Harbor Research, Inc. All rights reserved. http://harborresearch.com/

info@harborresearch.com • 800.595.9368 • 415.615.9400 • +41 435 000 153

 Securing The Future - White Paper
Designing Security For The Internet of Things

4
simple sensors and circuit breakers are being IP-enabled so they can talk to us and to
each other.

This phenomenon is not just about the dichotomy between people communicating with
people or machines communicating with machines: it also includes people communicat-
ing with machines (e.g. a networked ATM), and machines communicating with people
(e.g. automated stock ticker alerts on your PDA). The Internet’s most profound potential
lies in its ability to connect billions upon billions of smart sensors, devices, and ordinary
products into a global “digital nervous system” that will allow every business the ability
to achieve undreamed-of efficiency, optimization, and profitability. However, the nature
and behavior of a truly distributed global information system are concerns that have yet
to take center stage - not only in business communities, but in most technology com-
munities, too.

WHY WE NEED TECHNOLOGY TO SAVE US FROM TECHNOLOGY

After more than a decade of rampant growth, we see that the Internet’s inherent archi-
tecture has been both a blessing and a curse. With the rapid growth of wireless networks
– from cellular to WiFi to ZigBee – connecting these devices to the Internet has never
been easier. What we need is a remarkably agile global network that can comfortably
scale to trillions of nodes—some of them hardware, some software, some purely data,
many of them coming into and out of existence or changing location constantly. Obvi-
ously, such a network cannot be “designed” in any ordinary sense. Certainly, it cannot
be designed “top-down.”

Some basic design principles must be put in place to guide the growth of this vast, distrib-
uted technological organism. It demands that we design not only devices and networks
but also information interaction in ways not addressed by current IT. The reader may
ask, don’t we already have a vast public information space called the World Wide Web?
Didn’t the Web completely revolutionize human communication? And isn’t the Web
working and scaling quite handsomely?

Almost everyone will answer with a resounding “Yes!” But consider this analogy from
Buckminster Fuller: Suppose you are traveling on an ocean liner that suddenly begins to
sink. If you rip the lid off the grand piano in the ballroom, throw it overboard, and jump
on it, the floating piano lid may well save your life. But if, under normal circumstances,
you set about to design the best possible life preserver, are you going to come up with the
lid of a grand piano?

© 2007-2008 Harbor Research, Inc. All rights reserved. http://harborresearch.com/

info@harborresearch.com
t

t

t





Securing The Future - White Paper
Designing Security For The Internet of Things

5
The growing scale of interactions between devices with more and more features and the
antiquated client/server architecture of the web is like that piano lid. In a period of great
change and tumult, it worked—in the sense that it kept us afloat. But that does not make
it the best possible design, or qualify it to be something that we should plan to live with
forever.

Yet, in the course of one mere decade, the world has become so dependent upon the Web
that most people, inside IT and out, cannot bring themselves to think about it with any
critical detachment. Even high-tech business people use the terms “the Web” and “the Inter-
net” interchangeably without giving it a thought.

Moore’s Law - Transistors Per Intel Chip Drive Growing Complexity

But the Web is not the Internet. The Internet itself is a simple, elegant, extensible, scalable,
technology-neutral networking system that will do exactly what it was designed to do for
the indefinite future. The same cannot be said of the Web, which is essentially an applica-
tion running on top of the Internet. It is hardly the only possible Internet application, nor is
it the most profound one conceivable.

© 2007-2008 Harbor Research, Inc. All rights reserved. http://harborresearch.com/

info@harborresearch.com • 800.595.9368 • 415.615.9400 • +41 435 000 153

 Securing The Future - White Paper
Designing Security For The Internet of Things

6
The Achilles heel in this story does not originate in browser software, or markup lan-
guages or other superficial aspects that most users touch directly. Those inventions are
not necessarily ideal, but they are useful enough for today, and they can be replaced over
time with better alternatives.

Rather, the growing bottleneck lies in the relationship and interactions between ever
more complex devices and the antiquated client/server architecture of the web. With
memory and processor capabilities getting cheaper by the day, product designers are em-
bedding feature upon feature into their designs. What may finally bring Moore’s law to
its knees is the sheer complexity of software driving infinite interactions.
The growing disparity of devices on networks is diluting the ability of technicians to ef-
fectively manage them. It is extremely difficult to keep up with the unique requirements
of each new device and all its advanced features. Increasingly what is needed is a means
of creating an abstraction layer that unifies common tasks and manages the complex-
ity of implementation down to the device. Customers expect networked devices to be
functional, ubiquitous, and easy-to-use. Within this construct, however, the first two
expectations run counter to the third. In order to achieve all three, the network must be
loaded with intelligence.

When telephones first came into existence, all calls were routed through switchboards
and had to be connected by a live operator. It was long ago forecast that if telephone
traffic continued to grow in this way, soon everybody in the world would have to be a
switchboard operator. Of course that has not happened, because automation was built
into the network to handle common tasks like connecting calls.

We are quickly approaching analogous circumstances with the proliferation of connected

devices, or device networking. Each new device that comes online now requires custom-
ization and maintenance just to exist safely on the network and perform the same basic
tasks (securing, provisioning, reporting, etc.) as most others. We must develop methods
to automate and facilitate these common functions, otherwise the lack of technical ex-
pertise will only get worse, and will continue to hold back device networking from the
truly astronomical growth that many have forecast.

© 2007-2008 Harbor Research, Inc. All rights reserved. http://harborresearch.com/

info@harborresearch.com
t

t

t





Securing The Future - White Paper
Designing Security For The Internet of Things

THE INTERNET OF THINGS: HOW MANY THINGS & WHERE ARE THE THINGS?
Intelligent device networking is a global and economic phenomenon of unprecedented
proportions. It will radically transform customer service, resource allocation and pro-
7
ductivity.
Global Device Networking Market Growth is Exponential

Harbor Research expects that by 2010 there could be anywhere from 500 million to
over one billion devices communicating continuously. These devices will drive new net-
worked applications and services such as status monitoring, usage tracking, consum-
able replenishing, automated repairing, and new modes of entertainment whose value
together could reach beyond $500 billion in value-added revenues from services. These
new services are based upon the convergence of networks, embedded computing, control,
and content.

A casual but informed observer may say that is preposterous, particularly considering
some of the fluffy prognostications from the ‘e’ era. Well, consider that depending on
your definition of a sensor, there are already more sensors on earth than people. To the

© 2007-2008 Harbor Research, Inc. All rights reserved. http://harborresearch.com/

info@harborresearch.com • 800.595.9368 • 415.615.9400 • +41 435 000 153

 Securing The Future - White Paper
Designing Security For The Internet of Things

8 well informed, the potential scale of device connectivity and value added network services
is less a question about whether it will happen and more often a question about when.

Soon, any device that is not networked will rapidly decrease in value, creating even great-
er pressure to be online. Devices will blend into every venue and vast opportunities will
arise for companies delivering, managing and responding to the rich media and data
being generated.
Any ‘Thing’ On A Network Can Communicate With Other ‘Things’ Across Global Venues

This is not an isolated phenomenon by any means. No matter what means are used to
segment markets, growing device networks have applications in every venue across the
global economy.

Anything that operates over IP – cell phones, computers, VoIP phones, car navigation
systems – is capable of intercommunicating with other IP devices. This is relatively easy
to conceive of in the familiar contexts of consumer and business devices like these, but
the chart helps illustrate some of the devices being connected in other less familiar areas.
Sophisticated, expensive devices are among the first to get connected, so that they may
be closely monitored and report information about their status. Windmills, pipelines,

© 2007-2008 Harbor Research, Inc. All rights reserved. http://harborresearch.com/

info@harborresearch.com
t

t

t





Securing The Future - White Paper
Designing Security For The Internet of Things

construction equipment, oil rigs, harvesters, mass spectrometers, and mass production
equipment – any piece of high-value capital built within the past twenty years has some
kind of embedded electronics, and the newer it is the greater the intelligence.
9
Even in developing areas, new networking technologies are keeping up with and even
outpacing growth here in North America. They have “late-mover advantage,” which
allows them to design infrastructures with new requirements and capabilities in mind.
Developing regions tend to skip steps that seem standard in first-world countries.

For example, many developing countries use cell phones as their dominant means of com-
munication, as the wireless infrastructure is easier to set up than running telephone lines
to every house. Consequently data communications must also operate predominantly
wirelessly, raising the importance of developing technologies like WiMax and cellular
broadband. Lacking many preconceived notions for how certain products and devices
have functioned in the past, these markets may well be among the most receptive to new
service-centric offerings from networked product manufacturers and their partners.

As Moore’s law persists and the price of embedding intelligence and connectivity into de-
vices continues to fall, networked devices push further and further into the mainstream.
This process is somewhat self-reinforcing as low prices are driven by high quantities, and
vice versa, making these devices increasingly prevalent in our lives and businesses. While
the growth is spread through all areas of our lives, it is concentrated on the same global
network. The immense growth that is just now beginning will continue to accelerate,
creating new strains on existing infrastructure and skill sets.

A DAY IN THE NEW NETWORKED LIFE

Just consider the number of devices that exist with the potential to be networked. Walk
through a typical day and note the variety of electronic devices with which you interact.
Each device’s uses and functions have the potential to be expanded with networking.

Each of these devices can benefit from connected services, and this is just the tip of the
iceberg. This phenomenon has far-reaching effects the likes of which have never before
been seen in business or our everyday lives. The Internet versions 1.0 and 2.0 had broad
implications on how people and businesses interact with computers and other new in-
formation devices, but did not necessarily change every aspect of our lives. Device Net-
working represents version 3.0 of the Internet, and it will be felt in everything that we

© 2007-2008 Harbor Research, Inc. All rights reserved. http://harborresearch.com/

info@harborresearch.com • 800.595.9368 • 415.615.9400 • +41 435 000 153

 Securing The Future - White Paper
Designing Security For The Internet of Things

10 touch and do. No matter who you are, what industry, or what job function, this tidal
wave of change will be inescapable.

Network Devices In Everyday Life Will All Drive New Services

THE STAKES ARE HIGH FOR BOTH INDIVIDUALS AND THE ENTERPRISE
Today’s enterprises are evolving at a pace unseen before in human or business history.
While they grow, they fall subject to an intriguing paradox: as they become ever more
connected, they also get more dispersed, and visa versa. Globalization and outsourcing,
penetration of broadband networking, and pressures to be financially lean have all con-
tributed to the trend of distributing organizational resources. Whether it is managing
a work-from-home sales force, or teleconferencing with clients on a different continent,
organizations are relying on networks to keep them connected as they grow ever more
diffuse.

As their prey evolves, so do the predators, so as enterprises improve and expand their
networks, hackers are constantly developing new tools for breaking into them. Not only

© 2007-2008 Harbor Research, Inc. All rights reserved. http://harborresearch.com/

info@harborresearch.com
t

t

t





Securing The Future - White Paper
Designing Security For The Internet of Things

does this growth mean more endpoints for organizations to secure, but even devices
thought to be protected are increasingly susceptible to attack. A skilled hacker can eas-
ily circumvent security measures that are old, weak, or not properly configured.
11
Corporations invest millions of dollars on physical perimeter security for their offices,
but what is the point if the information flowing constantly to and from the building is
not secure? With the increasing use of streaming media over IP networks, like Telecon-
ferencing and VoIP, more and more valuable and potentially sensitive information is be-
ing transmitted, often unprotected. Yet with these real-time communication services,
latency is misguidedly the main concern, not security. For fear that security measures
will slow down transmissions, many are not secured properly, if at all. Effectively secur-
ing these devices requires a solution that is highly optimized and can operate efficiently
without introducing latency and disruption to the communications process.

While corporations face security concerns over ever-growing corporate networks, simi-
larly individuals must deal with concerns over their increasing vulnerabilities. Conve-
niences like wireless credit cards, cell-phone payments, online banking and more, leave
us increasingly exposed to information interception and identity theft. Whether for
home or for enterprise, no matter what type of business, security is a common concern,
and one that will be discussed in detail later in this paper.

STRANGE BEDFELLOWS - THE RISKS OF CONNECTEDNESS AND OPENNESS

Networked devices providing and consuming real-time data and services will be the
hallmark of our new “Networked Society.” These new devices will become portals into
other network resources in which device users will gain utility not only from the devices
themselves, but from a variety of adjacent value added service providers. As it evolves,
this infrastructure will amount to nothing less than a “global digital nervous system”
for commerce—indeed, for society itself.

Consider the implications of pervasive networked devices not just on the user experi-
ence but on the organization of businesses aligned to deliver value to these users. The
“value chain” for a non-networked device has remained relatively consistent for hun-
dreds of years. From raw materials to components to finished products, the obligations
of the manufacturer and their relationship with their customer essentially began and
ended at the point of sale.

Most businesses have been built around this product-centric paradigm – it is ingrained
in their culture and organizational structure to focus all of their efforts on selling a

© 2007-2008 Harbor Research, Inc. All rights reserved. http://harborresearch.com/

info@harborresearch.com • 800.595.9368 • 415.615.9400 • +41 435 000 153

 Securing The Future - White Paper
Designing Security For The Internet of Things

12
physical product. But now device connectivity is changing the entire structure of value
delivery, threatening long-standing business models, and forcing all companies to con-
sider how to participate in service delivery and building ongoing relationships with their
customers.

Rather than owning declining-profit commodities, companies will aggressively need to

seek innovation in value added services, and ensure that they maintain some control over
access to their devices in the field, and the stream of device data coming in through them.
Most importantly, thanks to that device data, companies will “own” their relationships to
customers in ways never before imagined. What happens after that point depends upon
the strategy adopted. A company could, for example, lease part of its stream of customer
information—and thus part of the customer relationship—to another company wishing
to provide value that is not part of the first company’s business. Other relationship own-
ers could lease relevant parts of their own customer information back, or share informa-
tion in a joint venture or some other contractual arrangement.

New capabilities will bend the traditional linear value chain into a loop of complex in-
terdependencies that will demand new thinking and will require new alliances with the
many new participants in the chain.

Businesses that create the best ecosystem of alliance partners - from complementary de-
vice manufacturers to third party application software providers – will be the most suc-
cessful. Device manufacturers, network service providers, new software and value added
services players will all combine to create significant business and customer service value
or devolve into an environment of strange “bedfellows.”
Even if a device manufacturer decided that it did not want to build an ecosystem and
instead wanted to vertically integrate and own all aspects of device networking for a
particular class of devices, it must still embrace the concept of value added services and
recognize that it is the combination of hardware, software and value added online ser-
vices that define the ultimate value to end customers. You need look no further than
Apple’s iPod device and iTunes service for a present day example. In a very short period
of time, Apple has rocketed to become the third largest music retailer in the world, while
also creating a billion dollar revenue device business -- all with a device that connects to
a networked service.

© 2007-2008 Harbor Research, Inc. All rights reserved. http://harborresearch.com/

info@harborresearch.com
t

t

t





Securing The Future - White Paper
Designing Security For The Internet of Things

Now with the introduction of the iPhone, Apple is entering a market that many would
consider saturated: the cell phone market, whose structure is the definition of linking de-
vices and services. Not only must a cell phone plan match the capabilities of the device,
13
often the ongoing service fee is used to offset the upfront cost of the device. In Apple’s
case, they feel they can be successful here both for the revolutionary capabilities of their
device, and for the range of new services it will allow. For the first time the iPhone al-
lows uncompromised access to web content from a cell phone. While not fully open, the
iPhone will allow third party developers to write web-based applications for the device.
This is sure to cause significant disruption to the market, as a broad range of new partici-
pants start gravitating towards delivering new functions and services to cell phones, all of
which will deliver enhanced value to users of the devices. Taken to the extreme, this all
has the potential to redefine the definition of a cell phone.

Expanding Constituents In The Networked Value Chain Create New Value & New Risks

© 2007-2008 Harbor Research, Inc. All rights reserved. http://harborresearch.com/

info@harborresearch.com • 800.595.9368 • 415.615.9400 • +41 435 000 153

 Securing The Future - White Paper
Designing Security For The Internet of Things

With all of this cooperation and collaboration, not just around cell phones but all net-

14 worked devices, it is a foregone conclusion that the device networking community must
agree upon universally accepted, open communication standards. While historically,
proprietary protocols have dominated in some arenas, the pervasive nature of IP is
eroding these proprietary boundaries. IP will over time be the dominant transport for
device networking.

As revolutionary and far-reaching as the device-networking paradigm shift is, this does
not change everything, and the eternal truths remain eternal. When you open yourself
to relationships, and connect to other people or devices, you can get hurt. And the
greatest opportunities usually involve the greatest risk. The real-world risks of open
technology and asset connectedness include possible breaches of secure systems that can
have catastrophic impact.

WAITING FOR THE WAKE UP CALL YOU HOPE WILL NEVER COME
Despite a growing awareness of the presence of connected devices and their importance
as a phenomenon, there is quite little understanding within most device manufacturers,
service providers and enterprises as to how best to secure them and the services they
enable. Device security is usually handled on an ad-hoc basis surrounding a device or
network specific project. Rarely are there horizontal, organization-wide security solu-
tions from which a device manufacturer and device network might benefit. Instead,
security design and implementation decisions occur deep within organizations. Often
times, individual developers are left to port software designed originally for PC and
server security to their burgeoning devices and device networks. Besides being labor-
intensive, this is not a scalable solution, nor does it provide adequate functionality or an
acceptable level of protection.

Many companies today have let their connectivity outpace their security. The focus
of most companies’ security efforts is on devices with which humans interact directly.
They fail to realize that each newly connected device represents another potential point
of weakness through which hackers can gain unauthorized access to sensitive informa-
tion. These customers must demand more complete security from their device manu-
facturers. Often, device manufacturers will do the bare minimum, claiming security
support that is in reality very narrow and only provides protection along a very limited
dimension. The practical consequences of the resulting under-investment and trivializa-
tion of security can be devastating.

© 2007-2008 Harbor Research, Inc. All rights reserved. http://harborresearch.com/

info@harborresearch.com
t

t

t





Securing The Future - White Paper
Designing Security For The Internet of Things

15
Recently the major retail chain, TJX Co., operator of such stores as TJ Maxx, Marshall’s,
and Bob’s, incurred a security breach that reportedly resulted in the exposure of at least
45.7 million customers’ debit and credit card information. Reportedly, hackers accessed
the network wirelessly while parked outside using a laptop. As a consequence the com-
pany is facing backlash and lawsuits that, according to some estimates, have potential to
cost nearly $1 billion, and may jeopardize the entire company itself.

According to some reports, nearly 98 percent of laws that include personal information
have an express encryption standard written into the definition. They define personal in-
formation under the law as data being unencrypted or they use a harm standard stating
that if there is an encryption there is no probability of identity theft or harm to the vic-
tim. It started with house bill 1386 in California, approximately five years ago. Now 35
states have similar laws and there are provisions as well for financial institutions, which
are federally administered. In those industries where the level of connectedness and the
value of the data are both high, such as financial services, the costs of security breaches
have proven to be so substantial, that many of these enterprises are already carrying “data
breach insurance.” These same dynamics will absolutely play out in device networking,
perhaps even to a greater degree. While the example above illustrates the huge potential
for financial liability associated with security breaches, device networking has potential
to take this one step further. A device network security breach can have devastating real
world, life and death consequences.

The problem with securing today’s device networks is one of human nature – one of mo-
tivation and incentives. Investing in security is sometimes viewed as buying insurance,
and unfortunately many companies do not face up to the risk until after they’ve already
experienced the impact. Just as airport security increased after 9/11, or a household will
finally invest in an alarm system after a break-in, it often takes some kind of “wake-up
call” to get motivated to upgrade device network security.

Further, corporate structures, and the segregation of expertise therein, means that usu-
ally the person in charge of investment decisions related to security is not the person with
the keenest understanding of the present risks and protection level. A technician who
calls for a security upgrade out of the blue is easily ignored. An engineering manager in a
device manufacturer is only concerned with satisfying minimally specified requirements,
regardless of how naïve those specified requirements are. In the absence of any problems,
managers are quick to assume that present measures are working adequately. Yet that
reasoning is inherently flawed and dangerous. By that logic, it could be claimed that this

© 2007-2008 Harbor Research, Inc. All rights reserved. http://harborresearch.com/

info@harborresearch.com • 800.595.9368 • 415.615.9400 • +41 435 000 153

 Securing The Future - White Paper
Designing Security For The Internet of Things

white paper is coated in tiger-repellent. And because there aren’t currently any tigers

16 around to prove otherwise, we can assume the tiger-repellent is working. The days of
leaving well-enough alone have passed, and it is imperative now more than ever not
just to fix problems but to preempt them.

When evaluating any type of risk, there are two main considerations that must be
weighed. The first is the likelihood or chance that a particular undesired outcome
would occur. In the security context, this comes down to an assessment of a device or
network’s vulnerability or protection level. The second consideration is the size of the
impact that would occur if such a risk were to materialize. In the realm of security,
the potential consequence could be just a few hours of network downtime, or it could
be millions of dollars worth of credit fraud, or a device that is rendered inoperable
and must be returned to the manufacturer, all of which can cause irreparable damage
to the brand and customer confidence.

Both of these dimensions weigh into a person’s decision of how to approach risk
mitigation. As they relate to device networking, one must also realize that both risk
factors grow quickly with the size of the network that must be protected. A larger
network means more nodes and endpoints, and more potential points of weakness. It
also means more information that has a higher value being transmitted on the net-
work and consequently a greater impact if that network is compromised. As networks
grow, so too must the focus on security, and as they begin encompassing new types
of devices, that becomes increasingly difficult.

The net of this analysis is that a functional and elegantly simple security solution for
devices and device networks becomes the “silver bullet” of sorts – the catalyst that
will allow organizations to comfortably deploy large device networks while also al-
lowing them to operate safely. A catalyst like this may be all that is needed to spur
the enormous growth that has been forecast.

THE ANSWER LIES IN A DEVICE SECURITY FRAMEWORK

A solution that effectively manages the security requirements of disparate devices
must have two main qualities: automation and homogeneity. It must handle com-
mon tasks without human intervention, and it must provide a single platform and
interface for interaction with a wide range of devices. What is needed is new infra-
structure software plus centralized business processes for dealing with security within
and across device manufacturers and service providers. This software solution would

© 2007-2008 Harbor Research, Inc. All rights reserved. http://harborresearch.com/

info@harborresearch.com
t

t

t





Securing The Future - White Paper
Designing Security For The Internet of Things

17
be a combination of resident software embedded in the devices, plus capabilities deliv-
ered as applications across the network.

Mocana Device Security Framework

As this is describing the unique needs of an entirely new type of network, it stands to
reason that this solution does not fall within the specialties of any current mainstream
software companies. In fact, the Device Security Framework being described is best
viewed as an entirely new market category.

With the disjointed, patchwork security solutions presently in place and the lack of
general market understanding, particularly among larger software players, of what is
needed for device security, the field is wide-open for any viable solution. Nevertheless,

© 2007-2008 Harbor Research, Inc. All rights reserved. http://harborresearch.com/

info@harborresearch.com • 800.595.9368 • 415.615.9400 • +41 435 000 153

 Securing The Future - White Paper
Designing Security For The Internet of Things

18 this solution must not be a stopgap measure. It must create a platform that is extensible
and will be able to solve tomorrow’s problems as well as today’s.

At a minimum, a Device Security Framework should address the following security-

centric demands across any connected device:
4 Secure remote device access
4 Secure data communications between devices
4 Device identity management
4 Authentication of devices and device applications on the network, including
wireless networks
4 Mechanism for simplified key management
4 Advanced connection handling capabilities
4 Third party validated cryptography library
4 The ability to fully leverage advancements in silicon, including multi-core pro
cessors and hardware acceleration

ENTER MOCANA

One company fully understands the needs of these networks and has begun creating a
solution that meets the needs described above. San Francisco based Mocana Corpora-
tion has positioned itself as one of the lone players in this new market, and while they
could rest on their foresight and the advantage of being the first to recognize the needs
of this market, the company continues to develop its Device Security Framework so
that it meets the aforementioned requirements and more.
Mocana’s solution is fully RFC-compliant with FIPS validated cryptography algo-
rithms, meaning it will interoperate with all applicable standards. Mocana’s Device
Security Framework contains software that gets embedded into devices at the time of
manufacture, as well as capabilities delivered across the network, known as Network
Applications.

While philosophically a major supporter of open standards, Mocana realizes that many
companies build their devices on proprietary operating systems, using a wide variety
of chips. To scale across these disparate platforms, all components of Mocana’s Device
Security Framework leverage a common abstraction layer that has two integration axes,
one dealing with OS integration, and the other with CPU integration.

© 2007-2008 Harbor Research, Inc. All rights reserved. http://harborresearch.com/

info@harborresearch.com
t

t

t





Securing The Future - White Paper
Designing Security For The Internet of Things

Simplistically, if chips W, X, Y and Z are supported, along with OS # 1, then a port to

OS #2 will inherit support for chips W, X, Y and Z automatically by only modifying
the OS abstraction axis. Conversely if OS #1, 2 and 3 are supported, along with chip X,
19
then a port to chip Y will immediately inherit support for this chip on all three OS’s by
only modifying the chip abstraction axis.

This approach provides maximum coverage of OS and CPU combinations and maxi-
mum flexibility for device manufacturers and service providers to make OS and CPU
decisions independent of Mocana’s Device Security Framework.

Mocana’s Framework has another major benefit – it can meet the extremely diverse
needs of disparate wired and wireless operating environments. Some end devices, such
as those involving voice and video, require high performance. Other devices on the
periphery may have intense restraints on power consumption to prolong battery life.

The Real World - Operating System & CPU Independence

Still others have constraints on memory and processing capabilities. Mocana’s solution
can meet the needs of all of these devices because it possesses three distinct qualities:

1) The Network Applications are themselves network and device independent.

2) The embedded software is designed to leverage the capabilities being built

into new chips, such as hardware acceleration, and multicore asynchronous

© 2007-2008 Harbor Research, Inc. All rights reserved. http://harborresearch.com/

info@harborresearch.com • 800.595.9368 • 415.615.9400 • +41 435 000 153

 Securing The Future - White Paper
Designing Security For The Internet of Things

20
processing, providing a higher level of performance and scalability than
much of today’s mainstream software making it ideal for voice, video and
data applications.

3) The embedded software has a very small footprint, making it ideal for any IP
connected device – even resource constrained ones.

Additionally, Mocana’s Device Security Framework is capable of extending to address

emerging threats as well. The Framework takes full advantage of network connectivity
and the benefits this brings in being able to have additional intelligence reside in the net-
work versus only in the connected device. It provides a holistic approach to security, and
can also enable an entirely new class of end customer, network and device independent
applications and services, as described below.

INITIAL BEACHHEAD: DEVICE SECURITY

Once a Device Security Framework is in place, it can be used to perform a number of
functions necessary for securing and operating device networks. Mocana provides not
only the Framework itself, but also several initial applications necessary for nearly all de-
vice network deployments. Among the first of these network applications is a solution for
Certificate Management, allowing its customers to provide certificate-level security and
identification for devices on their networks.

To understand the value of Certificate-based security takes a brief description of the pro-
cedure itself. If a theoretical entity, Alice, wants to receive secured communications over
a network, she uses her own unique algorithm to create both a Public Key and a Private
Key. While these two encryption devices are related, one cannot be used to determine
the other. As an analogy, if Alice wanted to receive a secure object in the mail from her
friend Bob, she might first send him an open padlock, the key to which she kept herself.
Bob could then use that lock to secure his message before sending it, knowing that only
Alice using her key can open it. In this analogy, the key Alice kept is her Private Key, and
the lock she sent out is her Public Key. Alice could make these open locks available for
anyone who wants to send her a message, knowing that the messages, once locked, will
only be readable by her.

While this structure seems secure, it creates another problem: how does Bob know for
sure that the lock he’s using to secure his message is actually Alice’s? In the digital realm
where Public Keys abound, it is even more conceivable that a malicious hacker could
publish a Public Key claiming it to be Alice’s, when in fact it is not. To solve this problem

© 2007-2008 Harbor Research, Inc. All rights reserved. http://harborresearch.com/

info@harborresearch.com
t

t

t





Securing The Future - White Paper
Designing Security For The Internet of Things

requires a Trusted Third Party, or Certificate Authority, known and acknowledged by

both Alice and Bob. This third party would know exactly what Alice’s Public Key should
look like, and by confirming with its own “Digital Signature” that the Public Key Bob is
21
receiving matches that which they have on record for Alice, could verify her identity so
that the secure transaction may proceed. This is exactly what a Certificate does – it is an
electronic document containing the digital signature of a trusted third party that links a
public key with an identity.

Certificates are typically issued with expirations dates in the range of about one year, so
they do not need to be issued for each transaction; they can be re-used for a period of
time as long as the identification information of either party has not changed. While cer-
tificate-based security is among the most effective methods for securing communications
on a network, it also leads to several accompanying tasks that are often labor intensive.
Traditionally, certificate management – including enrollment & renewal, revocation,
expiration, query, etc. – is a manual process. But with the size and growth of device
networks, manually managing these tasks does not scale. Built on the Simple Certificate
Enrollment Protocol (SCEP), an evolution of the protocol developed for traditional (non-
device-centric) networks by Verisign and Cisco Systems, Mocana’s Certificate Manage-
ment application allows for automation of these and other common tasks.

Certificate-based security for networked devices completely shifts the paradigm of how
manufacturers and users may conceive of their devices. From an information perspective,
once a device and its identity are trusted, so too is any other information it might convey
about itself and its environment. This might range from location information, to usage
data, to information about or from other devices near it. Similarly, once a user’s identity
can be tied to a device in a secure fashion, user names and passwords become unneces-
sary. The ability to incorporate and transmit this accompanying information opens the
door for the creation of a whole new class of services to end-users. In addition to basic
services required for device network operation, such as certificate management, a tidal
wave of yet inconceivable applications is just over the horizon.

DEVICE SECURITY FRAMEWORK FUTURES

Calling this new platform a Device Security Framework is somewhat restrictive. While
security is its first and most important capability, the Framework allows for the secure
delivery of any services or applications to devices on the network. In a broader context,

© 2007-2008 Harbor Research, Inc. All rights reserved. http://harborresearch.com/

info@harborresearch.com • 800.595.9368 • 415.615.9400 • +41 435 000 153

 Securing The Future - White Paper
Designing Security For The Internet of Things

22 this trend of linking devices with accompanying services has been in the marketplace for
some time now. Just consider the previously mentioned iPod and iTunes, TiVo service
and the TiVo box, RIM Blackberry handhelds with data service plans. These are all
examples of traditional product manufacturers that have distinguished themselves by
pairing their devices with high-value services. Harbor Research has been tracking this
market trend for several years, and while it has been gaining recognition, device-centric
services have not yet seen the explosive growth that has been predicted.

Now it is apparent that difficulties with security and identification of devices on a net-
work – and the secure scalability of those networks themselves – have thus far hampered
their growth, both in a literal sense and in the broader market. With the combination of
its technology and its relationship with device makers and chip manufacturers, Mocana
is in the unique position to remove this significant obstacle from the equation and spur
the growth of this burgeoning service industry. By doing this, Mocana has the potential
to capture enormous value for itself and its ecosystem. The success of the iPod created a
billion-dollar side industry for accessories, while keeping its network services proprietary.
In the near future, we will see an abundance of devices on open networks, allowing the
creation of an enormous new side industry – that of third party device-centric service
providers.

Mocana has a keen awareness of this potential, as demonstrated by their ongoing efforts
to build partnerships within the device networking community. Their support of open
standards shows that the company realizes that the real value of device networks will
only be revealed upon arrival of those pervasive device applications and services. While
security is most certainly a prerequisite to that, and a catalyst for much initial growth,
it will be the applications delivering tangible value to device users that will bring device
networking to the mainstream. The difficulty here is that these future device services
will not be uniform. While there are a large number of horizontal Network Applications,
each device type, each customer segment, each industry will demand its own end cus-
tomer facing device applications and services. The requirements are so far-reaching that
no single company could ever anticipate and meet everybody’s needs. Like the networks
themselves, the customer facing applications provided over them will be fragmented.
What Mocana does is provide the platform on which a whole new class of secure, identity
based, device and network independent applications and services can be built. Mocana is
getting the ball rolling by providing some initial necessary Network Applications. From
here they are open to partnering with third-party software developers wishing to build
these applications of the future.

© 2007-2008 Harbor Research, Inc. All rights reserved. http://harborresearch.com/

info@harborresearch.com
t

t

t





Securing The Future - White Paper
Designing Security For The Internet of Things

23
MOCANA NOW
Despite the futuristic overtones to much of this analysis, it is most important to realize
that this device networking trend is happening right now. Nowhere is this exemplified
better than by the fact that Mocana has already built a substantial base of customers,
some of which are listed below, including several Fortune 500 companies, and many
others of equal significance in their functional areas.

From major device manufacturers, to communications companies, to chip vendors,

Mocana’s Device Security Framework is already being embedded into many of the de-
vices we see every day. These customers range from consumer and industrial device
manufacturers, to makers of network infrastructure products, to communication provid-
ers. Within this mix also sits several extremely significant adopters of components of
Mocana’s Device Security Framework and its components, including Nortel Networks,
Honeywell, Philips, Siemens, and more.

Sample Adopters of Mocana’s Technology Are Diverse

By adopting Mocana’s software, or even incrementally exploring the option, all of these
companies are demonstrating to customers, investors, and the broader market that they
have a grasp on the coming wave of device networking. Not only do they understand the
phenomenon, but they are showing their commitment to securing the communication
of these devices, and to doing so in an open, extensible fashion that will allow them to

© 2007-2008 Harbor Research, Inc. All rights reserved. http://harborresearch.com/

info@harborresearch.com • 800.595.9368 • 415.615.9400 • +41 435 000 153

 Securing The Future - White Paper
Designing Security For The Internet of Things

24
be active participants in the growing corporate communities providing smart products
and services.

WHERE IT IS VERSUS WHERE IT’S HEADED

This white paper has discussed the evolution of device networking, and the phenome-
non’s scale upon arrival. It has highlighted some of the benefits of our new Networked
Society, but also its potential dangers. It has explained the details of how these networks
will operate technically, architecturally, and organizationally. The net of this analysis
brought to light the need for creating a Device Security Framework in order to scalably
manage, effectively secure, and reliably identify devices on our shared global network.

But management, security, and identification are just the tip of the iceberg. These are
the absolutely necessary prerequisite functions that must be in place in order for our
Networked Society to begin to bloom. Once established, a wide range of new applica-
tions will begin to be developed. Some will run behind the scenes, addressing emerging
bottlenecks around efficiency and scalability. Others will be more visible, delivering a
new level of personalized information to us and to our devices 24x7.

While most of this value will be created by a vast ecosystem of companies and develop-
ers making their way into the realm of Device Networking, Mocana will continue to
develop and add to the Device Security Framework enabling it all. Whether by giving
us confidence through continuing to strengthen security, or by creating new uses for the
certainty of device identification, Mocana will continue to be a catalyst for development
of Device Networking, and a driving force behind one of the most disruptive yet benefi-
cial phenomena of ours or anyone’s lifetime.

© 2007-2008 Harbor Research, Inc. All rights reserved. http://harborresearch.com/

info@harborresearch.com
t

t

t





Securing The Future - White Paper
Designing Security For The Internet of Things

About Harbor Research, Inc.

Harbor Research Inc. has more than twenty years of experience providing strategic
consulting and research services to high technology clients. Harbor’s strategy and
25
business development work is organized around emergent and disruptive opportu-
nities, with a unique focus on the impact of the Pervasive Internet—the use of the
Internet to accomplish global device networking that will revolutionize business by
unleashing entirely new modes of system optimization, customer relationships, and
service delivery.

Harbor Research’s clients are leaders in communications, computing, control, and

content. Harbor Research has built extended relationships with larger multi-line
companies including AT&T, ABB, Agilent, General Electric, Danaher, Eaton, Emerson,
Hewlett Packard, Hitachi, Honeywell, Hughes, IBM, Intel, Invensys, Motorola, Rock-
well, Siemens, and Texas Instruments, as well as with growth companies such as EMC,
Cisco Systems and Qualcomm. We also work with a broad array of emergent start-
ups and pre-IPO technology ventures. We have built relationships with a number of
significant Pervasive Internet players, including Ember Corporation, Questra Corpo-
ration, GridAgent, DeepStream Technologies and Dust Networks, to name a few.

CONTACT
Glen Allmendinger, President
Harbor Research, Inc.
gallmendinger@harborresearch.com
úú
FYU

úú
FYU

PVUTJEF
64

© 2007-2008 Harbor Research, Inc. All rights reserved. http://harborresearch.com/

info@harborresearch.com • 800.595.9368 • 415.615.9400 • +41 435 000 153