How do you prevent this, you might ask. well, you could unplug the toaster, move to a cave, and promise to never get a newfangled internet toaster again. the second, and probably less drastic, is to protect your toaster from external influences. this is called (wait for it) security.
Security is the act of protection, whether it be aggression (i'm going to attack now, to prevent you from atatcking me later) to passive (padlocks on the doors, bars on the windows) to monitoring (i know someone broke in, and here's a picture). we're going to focus more on the later items, those of authentication, authorization, and logging.
Authentication is the act of figuring out who someone is. in the real world you can do this in many ways, such as look out the peephole to see whoe is at your door, ID badges in the work place, or keys for locks. the first of these, looking out the peephole, is a form of positive identification. you have to know who they are before you open the door. the second is also a form of this, but with the addition of a token, you can identify someone that you don't know. think of the phone guy coming to your door. he's got a badge, but he's also not your aunt martha. the final is a key for a lock. here the user of the key is anonymous, in that you don't have to know who the holder of the key is, but it is sufficient to know that they are allowed because they are holding the key.
in the computer world ther eare plenty of ways to authenticate people. passwords, number tokens, and fingerprint sensors help to do this. there is some element of trust to setting up the authentication in the first place, but once its done, you are golden. Now this can be done in many different places, and in many different forms. A lot of applications handle the authentication on their own, keeping track of users and passwords internally, while others will make use of various third party authentication services from Google, FaceBook, Twitter, and plenty of others.
Authorization is what you are allowed to do after we know who you are. Our hypothetical toaster might let anyone in the family toast bread, but only one person change the level of brownness. One way to look at this is a list of users, a list of capabilities, and a bunch of lines connecting the people to what they can do. This is a simplified way of looking at things, but thats ok at this time.
Logging allows you to see what is going on, by tracking who is doing what activity, as well as other properties on the system. Logging would tell us that someone is cooking toast, and possibly when it is being done, and who is doing it.
When we start applying security to our internet of things we start seeing that there are a couple of places that we may need to apply it. first is at the device, since we don't want unauthorized people cooking toast. second is on a hub or server that the toaster may be communicating with. in this case think of the device as the thing that needs to be authenticated and authorized.
I'll stop here for today. there are plenty of ways of do these tasks, and i'll beat them to death later on.
No comments:
Post a Comment