Home Technology Cybersecurity A New Mindset to Think about Security for IoT

A New Mindset to Think about Security for IoT

One of the main concepts in the field of computer security is the concept of class break. Class break refers to a particular security vulnerability in the sense that an entire class of systems is broken because an attacker can take remote control of every computer running on the system software. This kind of computer systems’ failure can further be exacerbated by the features of computer as it takes only one smart person to figure out how to attack the system. As the attacker can do it over the Internet there is no need to be near the victim. The attacker can also automate the attack, so it works while he sleeps and he can pass the ability to someone else without the skill. This changes the nature of security and how we need to defend against such attackers.

Class Breaks in our Daily Lives

For example, picking a mechanical door lock requires skill and time. Each lock is a new job, and success at one lock does not guarantee success with another of the same design. Electronic door locks in hotel rooms have different vulnerabilities and if one can find a flaw in the design allowing him to create a key card, all doors can be opened. This would count as an example of class break.

Although class breaks might describe how computer systems could fail, they don’t tell us about how we think about such failures. We still think about car security in terms of individual thieves manually stealing cars; we don’t think of hackers remotely taking control of the cars.

Thinking in Class Breaks

We can think of class breaks in the following ways: Imagine the difference between burglary or fires which happen occasionally to different houses in the neighborhood and floats or earthquakes which either happen to everyone or to no one. Inherently, these are different types of risks. The increasing computerization is moving us towards a different model in which a given threat either affects everyone in town or does not happen at all. Yet, there is a key difference between floods/earthquakes and class breaks in computer systems. The former are random natural phenomenon whereas the latter are human-directed. Floods don’t change to behavior to maximize the damage based on types of defenses we built; attackers do that. As they examined the systems looking for class breaks once one break is found this will be exploited again and again until the vulnerability is fixed.

The World of IoT

As we move into the world of Internet of Things where computers permeate our lives at every level, class breaks will become increasingly important. The combination of automation and action-at-a-distance will give attackers more power and leverage than they ever had before. Security notions like the precautionary principle – where the potential of harm is so great that we err on the side of not deploying the new tech without proof of security- will be more important in a world where an attacker can open all door locks. It is not an inherently less secure world but it’s a different secure world. It is a world where driverless cars are much safer than human-driven cars, until suddenly they are not. We need to develop systems that assume the possibility of class breaks and maintain security despite them.
Previous articleAnomaly Detection with Z-Score: Pick The Low Hanging Fruits
Next articleThousand Years of Hedging History, Part 2
Ayse Kok
Ayse completed her masters and doctorate degrees at both University of Oxford (UK) and University of Cambridge (UK). She participated in various projects in partnership with international organizations such as UN, NATO, and the EU. She also served as an adjunct faculty member at Bosphorus University in her home town Turkey. Furthermore, she is the editor of several international journals, including those for Springer, Wiley and Elsevier Science. She attended various international conferences as a speaker and published over 100 articles in both peer-reviewed journals and academic books. Having published 3 books in the field of technology & policy, Ayse is a member of the IEEE Communications Society, member of the IEEE Technical Committee on Security & Privacy, member of the IEEE IoT Community and member of the IEEE Cybersecurity Community. She also acts as a policy analyst for Global Foundation for Cyber Studies and Research. Currently, she lives with her family in Silicon Valley where she worked as a researcher for companies like Facebook and Google.


Please enter your comment!
Please enter your name here