DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports
Events Video Library
Refcards
Trend Reports

Events

View Events Video Library

Zones

Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks

The software you build is only as secure as the code that powers it. Learn how malicious code creeps into your software supply chain.

Apache Cassandra combines the benefits of major NoSQL databases to support data management needs not covered by traditional RDBMS vendors.

Generative AI has transformed nearly every industry. How can you leverage GenAI to improve your productivity and efficiency?

Modernize your data layer. Learn how to design cloud-native database architectures to meet the evolving demands of AI and GenAI workloads.

Related

  • 5 Data Models for IoT
  • Building an IoT Security Camera With Raspberry Pi and Render
  • 4 Best Practices for IoT OTA Updates
  • IoT Applications Are Headed for Edge

Trending

  • Endpoint Security Controls: Designing a Secure Endpoint Architecture, Part 1
  • Kullback–Leibler Divergence: Theory, Applications, and Implications
  • Simplifying Multi-LLM Integration With KubeMQ
  • Optimizing Integration Workflows With Spark Structured Streaming and Cloud Services
  1. DZone
  2. Data Engineering
  3. Big Data
  4. How to Protect IoT Applications With Role-Based Access Control (RBAC)

How to Protect IoT Applications With Role-Based Access Control (RBAC)

Learn more about role-based access control for IoT applications.

By 
Mike Mackrory user avatar
Mike Mackrory
·
Updated Apr. 29, 19 · Tutorial
Likes (1)
Comment
Save
Tweet
Share
7.1K Views

Join the DZone community and get the full member experience.

Join For Free

The Internet of Things, or IoT, is what allows us to take the power of computing beyond desktops, servers, and smartphones. The goal of IoT is to integrate all the “things” in the world and enable them to send or receive information, or both. If you use devices like Amazon Alexa or Google Home, you’re already interacting with IoT on a basic level. But IoT extends well beyond household devices: International Data Corporation (IDC) estimates that by 2022, global expenditure on IoT devices will exceed $1 trillion.

In this article, we’re going to look at some of the IoT systems in use within our world. We’ll talk about the security considerations with these systems, and finally, we’ll look at how CyberArk’s Conjur can be used to create more secure and well-managed IoT applications.

Managing and Understanding the World With IoT

IoT applications allow us to send and receive information from devices. For example:

  • Agriculture: Particularly for crops which have specific irrigation needs, an array of hygrometers can report the moisture content within the soil. The monitoring system can automatically signal IoT devices which control the irrigation system and ensure that water is applied appropriately.
  • Office Buildings: Motion sensors, light sensors, and temperature sensors report on conditions within a building, including whether the buildings are occupied, and can adjust the temperature control and lighting system to optimize occupant comfort and energy savings.
  • Smart Energy Grids: As power grids can draw from multiple systems, including hydroelectric, wind and solar, IoT devices can manage how much energy is required, adjusting for temperature, weather conditions, and the needs of the service area. Expanding the connections between different grids can further optimize resource usage.

Other examples include city infrastructure monitoring, personal devices known as “wearables,” and transportation applications. Our adoption and reliance on IoT applications are in their infancy and continue to increase over time.

Security Concerns

When we consider security for IoT applications, we need to consider it from multiple angles. The most obvious danger is that with large-scale projects to develop smart infrastructures, such as power grids and transportation systems, we need to consider the potential danger of these systems being compromised by foreign agents with malicious intent.

On October 12th, 2016, a DDoS attack against Dyn, a DNS provider, resulted in massive Internet outages across the United States. The source of the attack was a botnet of IoT devices with lackluster security and default access credentials. The attackers built the botnet by marshaling thousands of small, seemingly insignificant devices and using them to orchestrate a large-scale assault against commercial interests.

IoT devices can be hacked to gain control of the systems they are a part of, or to divulge personal information. Moreover, as IoT applications and systems expand, their attractiveness to entities with evil intent grows as well.

Protecting Your IoT Application

Protecting your application from intrusion, exploitation, and data theft requires a comprehensive approach.

  • Secure all devices with strong, unique, and regularly rotated passwords.
  • Encrypt all data before transmitting between devices and application controllers.
  • Control access to the network and application through role-based access controls.

At the heart of your strategy should be a security service which can integrate with all aspects of your application to provide access control, data encryption, and identity management. Conjur from CyberArk is an example of such a system and provides a policy-based approach to implementing and managing your security strategy.

Using Conjur RBAC to Secure Your Application

Role-based access control allows you to define roles, assign entities to those roles, and define the resources which a role can access, and the nature of that relationship. The entities which fulfill each of the roles are the users of your system, devices, and components of the infrastructure. A central system simplifies security management, making it easy to onboard new resources and remove expired resources as needed.

Identity management is particularly crucial with IoT networks, as keeping track of multiple devices could become an administrative nightmare, especially with large-scale systems. Conjur uses a service known as a Host Factory, which simplifies the process of adding new devices to the systems in a secure manner.

Conjur policies collect devices or hosts into a logical grouping, known as a layer. A host factory for the layer generates tokens for new devices for the layer. A provider process passes the token to a new device, which, in turn, can authenticate the token with Conjur before being securely added to the layer. This process allows the system to be configured and scaled automatically.

When another entity such as a user or another system needs to interact with a device within a layer, it submits a request to Conjur via its API. Conjur uses the RBAC policies in effect to determine whether the entity is eligible for access to devices in the target layer. A successful transaction allows the requesting entity to acquire information about the target layer, including access to provided secrets, labels, and other metadata relating to the devices which belong to it.

Conjur is also invaluable in creating and assigning strong and secure passwords for resources within your application and ensuring that only those with validated credentials have access to those resources. Additional functionality enables users to set password and encryption key rotation requirements.

IoT applications are here to stay and are becoming an integral part of almost every industry. As the adoption of these applications accelerates, we need to ensure that the networks are built to be secure and resilient. Conjur provides the tools to build resilient and secure networks. If you would like to evaluate Conjur as a solution for your projects, you can sign up for a free, temporary Conjur account to try it out.

application IoT Role-based access control

Published at DZone with permission of Mike Mackrory, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

Related

  • 5 Data Models for IoT
  • Building an IoT Security Camera With Raspberry Pi and Render
  • 4 Best Practices for IoT OTA Updates
  • IoT Applications Are Headed for Edge

Partner Resources

×

Comments

The likes didn't load as expected. Please refresh the page and try again.

ABOUT US

  • About DZone
  • Support and feedback
  • Community research
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Core Program
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 3343 Perimeter Hill Drive
  • Suite 100
  • Nashville, TN 37211
  • support@dzone.com

Let's be friends: