The oBIX Committee has started meeting again. We are still feeling our way, and getting to know the new participants. One part of this work is deciding what is in oBIX 2.0.

Security is very much on our minds. Now that we are calling buildings,  systems and sensors the Internet of Things, we can find commonalities between them. One thing we know is that the Internet of Things does not have a useful model for security.

One problem is that there is no practical way to secure a point. What would such security mean? Does each sensor have its own password? Is there any way to audit the ACLs (access control lists) applied to each of 10,000 points in a building? If each point is separately accessible using an IPV6 address, we need a model of security.

During the last week of February, the RSA has been meeting and my news feeds are full of stories like those below.

Vint Cerf: 'The internet of things needs to be locked down'
Register
RSA 2013 Device manufacturers who are sticking internet connections into everything from TVs to toasters need to lock down their systems with strong authentication, Google's chief internet evangelist Vint Cerf warned the RSA keynote audience. Cerf said ...

RSA Conference: Age of internet of things is upon us
SC Magazine UK
The challenge of hyper-connected devices and the 'internet of things' will see billions of devices connected by the end of this decade, and all need to be secured. Speaking at the RSA Conference in San Francisco, Philippe Courtot, chairman and CEO of ...

RSA 2013: Vint Cerf Issues Challenge To Secure Internet Of Things
TechWeekEurope UK
Founding father of the Internet Vint Cerf has issued a challenge for security researchers to ensure that the surge of devices hooking up to the Web in the so-called “Internet of Things”. Cerf, who is now an evangelist at Google, said an identity-led ...

Many are beginning to realize that we need to get serious about security and control systems. But security is about access. If we didn’t want access, we wouldn’t network them in the first place.

In oBIX 1.0, we did some good things and some bad things in regards to security.

First the good: we didn’t do it. We did not create some absolutely required greatest security of 2005, which would now be regularly hacked by script kiddies using scripts easy to find since 2008, and mandatory on all implementations. Security should be composable, i.e., added into the standard as needed. Some scenarios have large risks, and large sums of money at risk, or put strong implications for privacy, and others do not. Users of the [oBIX] specifications should be able to compose in the appropriate security for their needs. That is the good news, that we did nothing.

The bad news is that we did nothing. There is no framework for security in the current oBIX. We do not distinguish between points know only to the integrator, points settable by the tenant, and points visible to the passer-by. This is true of other schemes as well. Other specifications that share the oBIX “space” have a similar weakness.

Groups of points, which somehow share something in common, can be secured together if there is the proper framework. Such frameworks must move beyond mere control blocks. Policy-based security, declarative security can be applied to groups of points that are somehow similar, but only if the similarity can be described in business terms. Business terms are not the same as control terms and control systems. Today, oBIX today has no standard way to support such declarations.

[an error occurred while processing this directive]Security always requires a context. We have no means to set context. Does an oBIX building have 20 tenants? Is each of these tenants able to view their own energy usage, and set their own thermostats? Is it a school, and the various tenants are competing on energy use, and can see all, but only manage their own space? Is the ability to discover that certain systems are in a building a security risk? (Universities and Research Facilities like to keep quiet about their animal care facilities.) We must have a way to distinguish between different types of points that concern different people.

This year, we have been discussing the intersection of BIM and oBIX. Once the building is built, BIM is about space. People and business process inhabit space. Building systems are installed in space. Space is the semantic middleware between the oBIX Points and the services they provide. Perhaps BIM, when known, where present, can provide part of a semantic framework for policy-based security. “Tenants can set all thermostats in space that they lease” can lead to automated unraveling of what space does this tenant lease to what control points are in that space in the control systems.

BIM should be part of the security framework for any building system. Actual security details are to be composed later. BIM can provide the hooks. There are other frameworks. For example, Integrator, Maintenance, Tenant, Auditor, Guest might be a role framework. Real security for building systems and the internet of things requires not only identity management (account and password), but needs policy based assertions.  That must come from a common framework.

Write me if you want to get involved in defining the next generation of oBIX.

http://www.newdaedalus.com/articles/bouncer-or-prison-guard.html

[an error occurred while processing this directive]
[Click Banner To Learn More]

[Home Page]  [The Automator]  [About]  [Subscribe ]  [Contact Us]