We use cookies to give you a better experience. Carry on browsing if you're happy with this, or read our cookies policy for more information.

Skip main navigation

Mischa’s experience

A few years back, I was tasked to develop the security documentation of an IoT alliance, and a little later, I contributed to the security specifications of the standardisation body ETSI machine to machine. I had some intriguing and unexpected insights while developing this documentation. As you know, security between two devices is established by encrypting the data packets where the specific encryption key is prior agreed by both sides for an exchange of keys. The entire process of handling this exchange of keys is often referred to as key management.
Now before I started the security work, I was convinced that the real problem with security IoT is the actual process of encryption– that is a very sound framework for encrypting the IoT data packets. What I found out, however, was that the actual encryption methods were already really good. The problem was rather the key management. And since key management involves complex systems and often humans, this becomes the weakest link in the IoT ecosystem. For example, while very strong security was available on the smart metering radios I dealt with back then, the default security configuration was set to zero– that is no encryption. The argument was it would enable quick testing of the solution during deployment.
In reality, field engineers often forgot to change this setting on all smart meters to full security, which in turn left the entire network very vulnerable. The human in the loop proved to be the actual security problem– something standards and security manuals should definitely cater for.
Mischa shares his experiences with security and privacy in the Internet of Things. Mischa again shares more of his experience in Week 4.
This article is from the free online

The Internet of Things

Created by
FutureLearn - Learning For Life

Our purpose is to transform access to education.

We offer a diverse selection of courses from leading universities and cultural institutions from around the world. These are delivered one step at a time, and are accessible on mobile, tablet and desktop, so you can fit learning around your life.

We believe learning should be an enjoyable, social experience, so our courses offer the opportunity to discuss what you’re learning with others as you go, helping you make fresh discoveries and form new ideas.
You can unlock new opportunities with unlimited access to hundreds of online short courses for a year by subscribing to our Unlimited package. Build your knowledge with top universities and organisations.

Learn more about how FutureLearn is transforming access to education