How containers can help tackle IoT security issues

How containers can help tackle IoT security issues

One of the greatest concerns of IoT adopters is security. Recently, attackers managed to launch the greatest-ever DDoS attack using IoT devices. With such news coming to fore, people are getting cautious in using these devices in homes as well as in enterprises.

Many proposals have been suggested to solve security issues pertaining to IoT: from using trusted hardware to deploying intelligent middle-boxes, there are many techniques to enhance the security of internet of things. Here we discuss how containers can be used for the betterment of IoT.

 

Background on containers

2

The idea of containers has been around in Linux-based operating systems for quite a long time. But few years ago, LXC and Docker exploited this idea to provide isolated execution to applications. In containers, applications can run in isolation from other applications allowing them to efficiently utilize the underlying hardware. Since containers run natively on the host, they do not suffer from performance issues like virtual machines. Furthermore, it is easier for the host OS to manage and allocate resources. Resultantly, containers rapidly became popular in the cloud ecosystem as cloud providers started using them in place of virtual machines.

 

Containers for IoT

barrel-373040_1920

IoT devices are evolving with time. Intel introduced the Atom E3900 “Apollo Lake” SoCs which are specialized processors for IoT gateways. For IoT endpoints, ARM announced Cortex-M23 and Cortex-M33 cores featuring ARMv8-M and TrustZone security.

With increased processing capabilities in IoT devices, developers can now run multiple applications on a single device. Doing so poses several new challenges e.g. if one application fails and requires a reboot, this may affect other applications that were running correctly. However, if the application is running inside a container, that particular container can be switched off, debugged, and booted again without affecting other applications.

Consider the example of a gateway that runs multiple IoT applications. Using containers, we can run each application completely isolated from other applications and from the OS as well. The application can be updated securely after performing necessary authorization steps. Also, the application code is read-only that further enhances security. Canonical’s Snappy Ubuntu Core is an example of a IoT-oriented OS that uses containers for package management and provides similar benefits as discussed.

In addition to security, containers also reduce the development time because the developers can write code once, package it in a container and push several copies of it to any number of devices. In parallel, these devices can run another application in a separate container that may perform security-related checks on other applications.

The container community is coming up with new ways to enhance security of containers. Docker will soon support signed images and attestation that will ultimately enhance the security of IoT applications. Furthermore, since most of the container services are built over Linux, the applications can benefit from any efforts made for kernel hardening.

As fog computing comes to fore, IoT devices will need to perform complex tasks which will increase code complexity. It is safe to say that containers are going to play an important role in the IoT landscape just as they have in cloud. Alexandros Marinos, CEO of Resin.io, which is a Docker-based OS for IoT, had this to say about containers: “We believe that Linux containers are even more important for embedded than for the cloud. In the cloud, containers represent an optimization over previous processes, but in embedded they represent the long-delayed arrival of generic virtualization.”

 

About Mazhar

Mazhar Naqvi is a CS grad student with research interests in computer networks and security. He can be reached at mazhar.naqvi@hotmail.com and you can follow him on linkedin athttps://www.linkedin.com/in/mazharnaqvi

Learn how Unified Inbox’s UnificationEngine™ platform enables communications with complex systems through IoT Messaging at http://unificationengine.com!

By | 2017-05-29T15:02:22+00:00 December 16th, 2016|Categories: IoT|Tags: , , , , , |0 Comments

About the Author:

Mazhar Naqvi
CS grad student Mazhar researches and writes about computer networks and security.