June 13, 2017

Dark Web – A surprising solution to secure IoT?

Vesa Luukkonen

Security Solutions Architect, Tieto

Dark Web, and the Tor network, is normally considered only something criminal. But if we take an objective look, it can offer positive uses as well. One such such use could be more secure IoT networking.

Anything unknown is often considered a threat. For instance, in the Game of Thrones series people called “wildings” were first seen just as hostile barbarians. Later, they became a valuable ally for Jon Snow, one of the most prominent characters.

If we think of the world of networks, Tor is one such unknown, as its notorious nickname Dark Web clearly shows. Commonly, Tor is thought of as a service used to access something bad and illegal, such as sites selling drugs or stolen identities. While there is some truth in this, it only covers a fraction of possible and real uses.

The Tor network can be utilized for good and legal purposes as well. Remember, Tor was originally not created for or by the bad guys. It originated from the necessity of providing secure communications for dissidents.

Securing connections in IoT

When we talk about IoT, security – or lack of it – is one of the biggest topics around. Securing communications between devices and their back-end systems is one of the most difficult problems.

In general, secure connectivity principles urge us to follow the holy trinity: integrity, confidentiality and authenticity. In some specific IoT cases, VPN can handle the secure connection, but VPN is not always possible. In those cases we need alternatives. Could one such alternative be Tor?

It might be good enough to fulfill the requirements.

By default, all traffic in the Tor network is encrypted, and the identities and locations of traffic sources is very effectively concealed. Thanks to this, someone intercepting traffic from Tor networks is neither able to identify the sender nor view or alter the messages. These features would be useful when securing an IoT system.

Pros and cons of Tor

Normally, people use the Tor network for browsing the Dark Web. Thus, using Tor for IoT connectivity would deviate from the norm. However, done right, it could well prove to be an affordable, lightweight and secure solution for IoT communication.

To start with, Tor can run on very cheap hardware, requiring only some sort of Linux operating system and a low-end ARM chip. Many IoT devices fulfill this requirement. Also, being widely and freely available for multiple platforms, Tor clients can be readily added to even cheap IoT devices.

On the downside, high latency is a well-known issue of the Tor network. This means that real time communication between the IoT device and backend is not possible. In many use cases, however, it’s enough to transmit small amounts of data between two points with no time pressure.

Tor-based connectivity would be perfectly suitable for purposes such as transmitting occasional telemetry information or for short commands and status checks.

Additionally, if Tor is used for IoT, there would probably be shortage of expertise if technical problems arise. But that seems to be a common issue with any IoT security solution at the moment, including using VPN.

From smart homes to industries

Usage of Tor could well start in the typically non-time critical domain of home IoT. Nasty network attacks against home appliances can lead to breaches of privacy and even cause serious damage. You have certainly read about breached home webcams and baby monitors.

If device control connections were based on Tor, it would hide the presence of the devices from the visible internet. That would make our homes much better protected. As a practical example, the Guardian Project, concentrating on network privacy for dissidents and whistleblowers, has already created a Tor-based proof-of-concept smart hub for homes.

Moving forward, Tor technology would be suitable in many industrial IoT use cases as well, such as gathering non-time critical metering data from simple sensors.

To sum up, using seemingly suspicious Dark Web technology could significantly reduce the security risks related to networking IoT devices. Every now and then, clearing our heads of unnecessary prejudices can pay off. Tor could be something unknown and threatening that in the end becomes our ally.

Read more how Tieto Security Services can help you manage your online security.

Stay up-to-date

Get all the latest blogs sent you now!