Wireless networks are still suspect and can be easier to breach than a wired communication solution. But precautions can be taken to ensure security and dependability. These 11 international heavy hitters in the IoT domain suggest how machine builders and users can design and use wireless technology for data communications. Learn more about IoT and what it means to manufacturing at Smart Industry.
How would you describe wireless communication’s security and dependability?
Samuel Bucholtz: Consumer-grade. Wireless security is sufficient for the inconsequential or low-risk communications. It is not sufficient for high-security, high-risk applications. And, remember, in an industrial environment, there's really no such thing as a low-risk system. Attackers can use almost anything to get a foothold and spread into other more sensitive systems.
Dwayne Dixon: By its broadcast nature, wireless communication is harder to secure. It places even more emphasis on designing or using secure protocols from the systems inception. The dependability is not just a matter of how fast the radio can transmit data. It's a matter of how and where it will be used, antenna design, application specific testing and good driver and firmware design.
Jonathan Pollet: Our philosophy concerning wireless communications is to assume that it will be hacked. Yes, it is important to leverage the best wireless security industry practices, such as incorporating the highest and most recent version of encryption, avoiding using static password keys and rotating certificates faster than the wireless keys can be cracked. However, do not trust these wireless best practices to protect from wireless hackers. If the communications going over wireless contains sensitive data, then tunnel the wireless communications through an external SSL VPN or IPSEC VPN, so the data is encrypted and protected from end to end through the wireless portion of the communications.
If the systems behind the wireless systems are performing a critical role, such as controlling or monitoring a mission-critical function, then firewall technology that supports two-factor authentication should be integrated into the connection process. This helps to ensure that even if the wireless signal is hacked, the user would still need to supply two factors of authentication in order to be allowed to connect to the network behind the wireless infrastructure.
Peter Waher: A wireless solution has an issue that prevents it from being the infrastructure component it could be for zero-configuration IoT solutions. Either it must be completely open, which, needless to say, in itself is a great security concern, or it must be protected by a user name and password, requiring manual configuration on the spot, which prevents successful zero-configuration devices to be installed and ready to use without some kind of manual intervention. It also makes it very complicated to install devices that have no display, like sensors and actuators. The effort to install such devices in a wireless network therefore requires both time and knowledge on the part of the installer and makes it difficult to sell IoT products to a larger consumer market off the shelf.
Wi-Fi had a solution to this problem, with WPA2-PSK. WPA2-PSK allowed seamless installation of devices on the network through the use of an installation key. The installer simply pressed the button on the gateway and a similar button on the device within a window of a few seconds, and the device would be informed about the network credentials it needed to use to enter next time. The method is both simple and safe, since no device could use this unless a person with physical access to the gateway pressed the button. The problem with WPA2-PSK was that it also included another method to install devices in a simple fashion, through the use of PIN codes. The number of digits used however allowed hackers to gain entry to the network by simply trying out all possible codes in rapid succession. Because of this flaw, the entire WPA2-PSK has been made obsolete and removed from Wi-Fi gateways. It would have been better to only remove the PIN-code part and leave the installation-device button part.
As it is now, integration of devices into Wi-Fi networks is too complicated. I personally hope the installation button finds its way back into Wi-Fi gateways. Concerning dependability of Wi-Fi networks, needless to say, the quality of Wi-Fi networks greatly vary over time and depend on factors normally not under the control of the network operator. The network performance can depend on such things as neighboring Wi-Fi networks and other sources of interference. In critical applications, Wi-Fi is not an option for this reason. But for wide area sensor networks, Wi-Fi might be a good choice in cases where individual sensors are not critical, but an overall picture, or a certain percentage of sensors, is available.
Nicola De Carne: Enforcing security is an ever-evolving subject. Every security mechanism can be breached with appropriate tools in some time. An effective mechanism is one that needs expensive tools, depending on the secret’s value, or that takes too long, depending on the secret’s duration, to be breached. There is the belief that the wireless and especially the Wi-Fi would be less safe than other communication technologies, perhaps proprietary and less known, but this is a partially wrong perception. Just because a technology is less known than Wi-Fi, it doesn’t mean it is more secure. Don’t mistake an obscure technology for a secure one. The wireless and in particular the Wi-Fi is a pervasive technology; this makes it a very attractive technology to attack. The more it is attacked, the more it gains strength as breaches are investigated and flaws are fixed.