The digital transformation of urban areas is in full swing, with some cities embracing smart technology faster than others. Built correctly, a smart city allows more efficient management of public services, from transportation and waste disposal to energy supply, traffic, parking, and street lighting. The technology can help control the entire infrastructure of a city and offer better information when problems occur.
Researchers, however, draw attention to the security problems looming over smart equipment, which could turn it against the citizens it serves. The risk is far from theoretical, as attacks have already occurred: ransomware in computers handling public transit, data interception from traffic-control sensors, unauthorised access to public utilities and sirens wailing throughout the city.
At the DefCamp security conference in Bucharest, Ralf Staudemeyer, science and technology coordinator for the RERUM project, pointed out some security challenges that need to be addressed in smart cities. RERUM’s objective was to develop, evaluate and test an architectural framework that incorporates the concept of security and privacy by design, for building networks with a diverse array of connected objects that support smart city applications.
Among the problems the researcher has identified is integration of fault-tolerance and fail-safe behavior, which ensures that the infrastructure continues to function if one of its nodes goes down. These precautions allow data to keep flowing at all times between other network components and the operations center.
Information collected from sensors around the city often activates real-time, sometimes automated, responses, as is the case with the traffic light system – to ease congestion, or video feeds and other sensors – to make citizens safer. A threat actor capable of intercepting smart city network communication could use it for crime, if the data runs unprotected. A solution to ensure confidentiality is to encrypt the information efficiently, not only when it is sent to the analysis center but also in transit from node to node, which would make it unusable to a third party.
Staudemeyer also stressed that a smart city could affect residents’ privacy, since city governance usually partners with private companies to store information from sensors, to enable it to reach the operations center or to provide actionable analytics services. The researcher says companies involved should be obliged to keep as little data as possible to safeguard individual privacy. A Wi-Fi-enabled trash can that informs the municipality about its fill level also picks up the broadcast signal from any Wi-Fi device that passes by.
Most IoT security challenges security are well known, the researcher noted, and the limited resources on the equipment makes the challenges difficult to overcome. However, technical and cryptographic solutions are available that could make network node activity indistinguishable from network noise and prevent message correlation. The Datagram Transport Layer Security (DTLS), for instance, prevents eavesdropping, tampering and forging of messages, while the DC-net aims for anonymity.
Image credit: Community Safety Glasgow
tags
November 14, 2024
September 06, 2024