10 Lessons From an IoT Demo Lab
The Demo Lab at InteropITX 2018 was all about IoT and the traffic - legitimate and malicious - it adds to an enterprise network.
May 7, 2018
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/bltdc475ac03a98d1b4/64f0d6673fae8458e651f7f3/New_Image_1.jpeg?width=700&auto=webp&quality=80&disable=upscale)
Success in the enterprise Internet Of Things (IoT) is about connecting devices, securing, monitoring, and managing the processes in an intelligent way. It is, to a great extent, far more about the process than about any given technology, and security must be built into both the processes and each piece of technology used.
Significant opportunities are emerging for enterprises to create new and innovative processes around products and services, both on the enterprise premises and in the cloud. IoT has now developed to the point at which it has begun to disrupt many traditional manufacturing industries with new service propositions and has created new expectations and relationships with customers. Each of these processes, devices, and relationships must be secured and managed if it's to be successful.
As with any architecture built on a network, interoperability between IoT systems is critical. At InteropITX in Las Vegas, the Demo Showcase team provided practical demonstrations of some of the issues surrounding IoT. By design, the team utilized concepts discussed in the conference tracks of Security, Infrastructure, and Data Analytics. At each station and demonstration, members of Interop ITX’s volunteer engineering team explained the technology and process of putting it in the field, and led discussions with attendees individually and in small groups.
(Image: Curtis Franklin, Jr. for Dark Reading
For even the relatively simple IoT demonstration set up in the lab, data was flowing between sensor and actuator, to multiple cloud services, and through analytics engines. At InteropITX, one of the primary security messages was "visibility" and being able to see into the process and the data flowing through it was key to the operation of the Demo Lab.
"We have ActiveMQ running and we're sending MQTT messages to that broker. Then we have a Node Red server running," says Bill Jensen, a network engineer at the University of Wisconsin in Madison, and a long-time Interop volunteer. He explains that the Node Red server is also a broker, so the traffic could simply be sent there in some scenarios. "But we like sending our traffic to the ActiveMQ broker because it's easier to keep track of who's publishing and who's subscribing to topics," he says. "Node Red is really nice because it can help you visualize messages and reroute them as they're coming through from the ActiveMQ broker to the next thing in this path."
One of the benefits of the Demonstration Lab is that attendees can ask questions about the technology, workflow, and process of the staff that put it all together. While the discussions covered every aspect of the demonstration, Demo Lab volunteers were unanimous in their take on the issue at the top of mind for everyone: conversations always came back to security.
Here, Mark Sullivan of Informatic Group (left) talks with an InteropITX attendee about the reasoning behind some of the technology choices in the demo and how the components might play a role in the attendee's organization.
Demonstrating the key aspects of secure IoT doesn't require a complex application. "What we did was very simple and straightforward," says Mark Sullivan. "We created a simple device a temperature sensor that, once it achieves a certain temperature, rings the doorbell." While the application is simple, Sullivan explains, "The reality is it pretty much does what all the other IoT systems do. They take input and then they do something, and there's a back-end system in-between that performs some tasks and collects data."
In creating even a simple app for IoT, the Demo Lab team learned things about deploying, securing, and managing an IoT application that they were able to share with those who came into the booth. "It forced us to walk through all of those steps and have a better fundamental understanding of what what's happening behind the scenes, as well as some of the challenges that exist," says Sullivan.
"I wrote a lot of the code using Python, to have a Web display and to have some data transport to a central management server," says Robert Davis, founder of Cyberdog.co. He says that much of the IoT application he wrote securely glued together services in the cloud and apps on the devices. "A lot of IT devices have a central management component that they're phoning home to, and they often have some sort of a control platform on the device itself," he explains.
In addition, Davis says, many of the devices the team explored have interfaces that are used once, then abandoned. This is a common scenario that can have security implications when hackers are able to exploit ports and interfaces left open. "A lot of [IoT devices] have a Web interface that app on a phone is talking to just for initial setup," he says. But sometimes the Web interface comes into play for other purposes, so the team decided that management and security required them to sniff the entire traffic stream so they could see which protocols were talking and how.
When it comes to creating an interface for sensors to connect to the demonstration network, Raspberry Pi single-board computers (SBCs) are near-perfect matches for the job requirements. "We're running one-wire temperature probes into a couple of RasPis," says Bill Jensen. Raspberry Pi SBCs are common examples of edge devices that are used because they are easy to program and inexpensive, even though they may be vastly over-powered for the task at hand. The Demo Lab monitored traffic flowing from the SBCs to make sure that no malicious actor could make use of the "excess" processing power to act against the host organization or others.
Jensen explains that the temperature probe continuously sampled the air temperature in the Demo Lab, but that it wasn't a terribly exciting application. "We also thought, well hey, let's threshold that and when it hits a certain temperature we'll publish another message over to another RasPi that has a relay board on it," he says. That, in turn, ran a script to ring a doorbell.
While everyone on the team recognized that this particular set of actions was not one often called upon in the enterprise world, Jensen said that it did demonstrate the basic action flow at the heart of all IoT implementations and showed the nature of data gathering and remote processing from intelligent edge devices that must securely communicate to management consoles in the cloud.
Temperature sensors and intelligent outlets weren't the entirety of the demonstration. There was also a connected coffee maker that integrated with the rest of the control network via several radio connections. With all of this, security was a primary concern for the engineers setting up the demonstration. And within the security realm, there were some surprises.
One of the biggest surprises came in the way one of the devices dealt with encryption of its control messages. The engineers assumed that any of the devices, once their initial setup was complete, would encrypt traffic streams using TLS or SSL to encrypt the tunnel. In the case of one device, though, "what it's doing is actually pre-encrypting the data and sending it encrypted data across the Internet in clear text," says Sullivan.
While that seems an unusual way to do things, Sullivan says that he can imagine the logic behind the decision. "First of all, a lot of environments might proactively block SSL traffic for some some reason. There may be various entities that might choose to not allow encrypted tunnels to pass across them," he says. "In this case, this is a perfectly legitimate way that allows you to pass encrypted traffic in a non-encrypted way and it can still hit its destination."
The Demo Lab team used WireShark to study details of the traffic on the IoT network. "When we look at the HTTP and we log in with the default log-in, we can see that default logging in is plain text," Davis says. He points out that this isn't terribly surprising in and of itself: "Except that it's not something people think of, especially with something that might just be an outlet that's underneath someone's desk. But it's always connected, and it's a computer, and we're seeing the traffic that's going out to its home base."
One of the other things the team noted in the traffic is the way that a number of devices bypass firewall rules for connections to unknown external services. The local IoT device opens the connection from inside the network and then maintains the connection so that traffic freely flows in both directions. "We discovered that the IoT devices are programmed to periodically send a keep-alive messages to the management platform and then the management platform acknowledges that, and this allows the conversation to continue uninterrupted," Sullivan says. "And if for some reason the transport goes away, the keep alive just has a set of instructions to keep trying consistently until it's able to reach its management platform."
When InteropITX attendees talked with those in the Demo Network booth, they found that, while each could answer questions about the network as a whole, each had an area of specialization that they brought to the effort. Here, (from left to right) Davis, Jensen, and Demo Network architect Glenn Evans discuss issues that they're seeing in the traffic on the first day of the expo.
"What we like to do when we engage attendees is ask them what they are interested in knowing more about," Sullivan says. "It's funny, you know, it always tends to come back to security." He says that everyone wants to know about how the network operates, but the lab staff wants to learn from the attendees, as well. "We want to know what they already have in place or whether they have devices in their environment that they need to segregate, and what some of the techniques are for doing that," Sullivan says. And for two days of the InteropITX expo, the conversation continued.
When InteropITX attendees talked with those in the Demo Network booth, they found that, while each could answer questions about the network as a whole, each had an area of specialization that they brought to the effort. Here, (from left to right) Davis, Jensen, and Demo Network architect Glenn Evans discuss issues that they're seeing in the traffic on the first day of the expo.
"What we like to do when we engage attendees is ask them what they are interested in knowing more about," Sullivan says. "It's funny, you know, it always tends to come back to security." He says that everyone wants to know about how the network operates, but the lab staff wants to learn from the attendees, as well. "We want to know what they already have in place or whether they have devices in their environment that they need to segregate, and what some of the techniques are for doing that," Sullivan says. And for two days of the InteropITX expo, the conversation continued.
Success in the enterprise Internet Of Things (IoT) is about connecting devices, securing, monitoring, and managing the processes in an intelligent way. It is, to a great extent, far more about the process than about any given technology, and security must be built into both the processes and each piece of technology used.
Significant opportunities are emerging for enterprises to create new and innovative processes around products and services, both on the enterprise premises and in the cloud. IoT has now developed to the point at which it has begun to disrupt many traditional manufacturing industries with new service propositions and has created new expectations and relationships with customers. Each of these processes, devices, and relationships must be secured and managed if it's to be successful.
As with any architecture built on a network, interoperability between IoT systems is critical. At InteropITX in Las Vegas, the Demo Showcase team provided practical demonstrations of some of the issues surrounding IoT. By design, the team utilized concepts discussed in the conference tracks of Security, Infrastructure, and Data Analytics. At each station and demonstration, members of Interop ITX’s volunteer engineering team explained the technology and process of putting it in the field, and led discussions with attendees individually and in small groups.
(Image: Curtis Franklin, Jr. for Dark Reading
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024