The OCF Security Working Group is raising the bar for IoT security standards
The rapid growth of the Internet of Things has made connected devices an integral part of our daily lives, but this increased connectivity also comes with security risks due to the massive amount of data being collected and analyzed by these devices. The Open Connectivity Foundation Security Work Group (SecWG) reflects the fact that security is becoming top-of-mind for manufacturers of IoT products.
Products certified by OCF include security by design as part of the OCF Specification, rather than added later as an afterthought, says SecWG chair Brian Scriber. Scriber recently discussed the current state of security in the IoT industry and the work OCF is undertaking to bring it to the forefront. “We haven’t yet brought a lot of the lessons that we’ve learned in the PC era into the constrained device world,” Scriber says. “At OCF, we are trying to bridge that gap. We are trying to apply known and practiced security techniques and bring that into the devices that we’re going to trust and rely on in our homes, cars, and workplaces.”
The Security Work Group’s recent work has centered on identity and confidentiality of devices. It has also addressed hardening of the devices so consumers can be more assured that the technology they have is more laborious to compromise, he said. The group is also working to develop a public key infrastructure (PKI) that allows centralized management of devices and grants interoperability for certificates that are issued by individual manufacturers.
OCF’s unique approach
Scriber says OCF’s approach to security is unique in the IoT ecosystem because it is part and parcel of the open-source specification.
“We are not necessarily the first to do this, but we are certainly one of the first to say we’re going to do this and be interoperable in our certificates across all manufacturers,” he says.
All OCF-Certified devices are required to undergo testing to make sure they not only meet the interoperability standards set by OCF, but the security requirements as well. Scriber is careful to point out, however, that this doesn’t guarantee the device is secure, but it has met the minimum bar set by OCF for security. Consumers can learn how their devices get hacked, and take measures of their own to make their IoT devices more secure, which is especially important in a smart home environment.
Some challenges remain
There are still some challenges in implementing an industry-wide IoT security framework. Among these is the apprehension among producers of IoT devices that security is expensive, Scriber says. Fortunately, for OCF members, the security framework is packaged with the rest of the interoperability design, removing the need for the question of how much security will cost.
“It is a dangerous conversation to have – what’s the cost of security?” he says. “With OCF, it doesn’t cost anything because our framework is part of the design.”
Ultimately, the end users of IoT devices will see the benefits of security and the peace of mind from knowing their personal information is safe. With 400-plus members and growing, the Foundation is in a unique position to bring security to the forefront of an industry that is primed to grow exponentially in the coming years.
“I think at OCF, we’ve done a great job of keeping user experience in the forefront and using technology to both make it more secure and make the best experience possible for the users of the devices and the manufacturers who adopt this Specification,” Scriber says.
Learn more about the Security Work Group and the benefits of the OCF Security Framework here.