IoT (Internet of Things) security flaws are well known — device weaponization, hacking, Replay Spoofing, Interception (man-in-the-middle), Modification (man-in-the-middle tampering) are prevalent forms of cyber attacks. Creating a secure end-to-end environment based on identity for devices, as well as a secure core transport to the edge, is necessary for IoT to gain widespread adoption.

Neustar, as a founding member of the Linux Foundation’s EdgeX Foundry project, is demonstrating two solutions to help secure IoT messaging during IoT Solutions World Congress (IOTSWC) 2017 in Barcelona, Spain, this week. The challenges to prevent weaponization of devices via man-in-the-middle takeovers, and securing endpoint-to-endpoint communications and connectivity are significant.

The Neustar IoT solutions team has used the EdgeX gateway project to provide a secure, firmware-updated service that can tie-in both device management and user-policy management to ensure that the payload being delivered has been validated from a known and trusted sending origin and is user-rights access validated. If the package or user has been tampered with, or the path has been deemed invalid, the package will not get delivered to the device. This offers protection against man-in-the-middle attacks and guarantees package integrity.

By collaborating with Tata NetFoundry, Neustar is able to use NetFoundry's platform service with Neustar TDI to eliminate core transport concerns. The NetFoundry platform enables Neustar to integrate application-specific networking into their solutions (“AppWANs”) with no restrictions on network providers, VPNs or custom CPE.

Each AppWAN is driven by the context of the application, such as identity, compliance and performance needs, enforcing application-level micro-segmentation across any set of networks and clouds, with superior performance and security results, while enabling complete, centralized control and visibility of each AppWAN.

Neustar has developed a next-generation approach to trusted identity management, offering the scale and security required for the Internet of Things. By taking a new approach to traditional PKI and providing multi-factor device authentication, we’ve developed a trusted platform to authenticate and revoke identities in real-time.

The combination of NetFoundry providing a secure transport layer throughout the core, terminating in an edge gateway, coupled with Neustar’s cloud and gateway TDI servers, provide an unbeatable way to securely transport and communicate with apps-to-endpoint, endpoint-to-endpoint, and human-to-endpoint, and vice versa over local LANs and WANs, and the Internet.

When a compromise does occur, permissions are easily revoked, restoration can occur, and operation can be returned. Complex policy-based rules based on permissions and rights can be implemented such that an impaired device does not have to be completely revoked, but its ability to communicate can be restricted to a set of known and desired behaviors.