We spend a lot of time thinking about how to secure internet of things (IoT) services from end to end, and over the application lifetime. So for IBC 2017, we came up with a fun way to illustrate an industrial IoT business application that relies on device-to-cloud communication for both measurement and control – remote dispensing of beer from an otherwise traditional barrel and tap combination.
The demo, which was hosted on our booth, incorporated the key aspects of IoT security and exhibited the benefits of protecting a revenue stream that is significant from both the service provider and the consumer!
In this case, the primary client device in fact was an IP-connected tap, while the source stationed just below in a cupboard was a basic barrel, but with internal sensors to monitor beer level (and therefore volume remaining) as well as an IP-connected meter measuring flow through the connecting pipes. It paired to a mobile app that enabled a user to order beer and a monitoring screen displaying the metrics of beer consumption over time, allowing the service to display usage patterns and check beer level in the barrel.
The whole the setup illustrated Verimatrix Vtegrity, our advanced security solution that addresses the revenue threat landscape and lifecycle integrity management for IoT services. Vtegrity offers three core security elements that are required for any IoT application: device integrity, communications integrity, and service integrity. In a bar scenario, there are several types of threat that could potentially affect revenue and system operation:
Threat 1: An attacker can try to hack the beer value controller – basically hijacking the software and tampering with the integrity of the beer dispensing process. Perhaps a little more than an average pour for a special fiend or two? If an attacker can take over the controller and send messages to dispense beer when not expected – or keep the value open for a little longer than the bar would like – revenue is certainly going to be at risk. Maintaining the integrity of the device (aka beer tap/valve) is a key value proposition for an IoT security platform.
Threat 2: An attacker can try to hack the metering of beer flow, creating a series of false readings of measured volume dispensed by the system. By maintaining integrity of the measurement system and secure the measurement data originating from the system, revenue threats that try and thwart the statistics of delivery can be protected by the communications integrity of the security system. Communications integrity is achieved by authenticating the device to the IoT application and establishing a secure connection using device certificate and hardware-based credentials. Communications integrity enables secure remote control and usage monitoring of the end to end system.
Threat 3: An attacker can try to prevent normal operation of the bar using a denial of service (DoS) attack, for example, to keep the beer valve from opening as requested and disrupt the IoT application. Nothing affects bar revenue like being unable to serve beer! Service integrity protects against such threats by monitoring unusual device traffic patterns and ensuring patches and updates to IoT devices can be used to address such DoS vulnerabilities.
The analytics comes in by providing ongoing information about consumption patterns, which can help with planning supplies, as well as providing clues for marketing perhaps. It also acts as a final check against “shrinkage,” which is a major issue of conventional beer retailing, by reconciling consumption measured from the barrel against the record of supplies dispensed from the tap over time.
This demo was certainly not about announcing that Verimatrix is necessarily targeting the bar business for IoT security, but rather an interesting way to talk about industrial IoT applications in general. Think of securely managing the delivery of gasoline to connected pumps or irrigation systems for major agriculture businesses. The underlying point is the crucial role that security will play, quite transparently, both to users and suppliers. At the end of the day, the internet of things is services that rely on device-to-cloud communication to generate value for the customer and revenue streams for the service provider.
We hope that the demo enabled visitors to enjoy a beverage and reflect – in this IoT age – how much the world will rely on companies like Verimatrix to secure revenue and ensure you don’t go thirsty! Let us know what you thought about the demo and our Vtegrity launch.