IoT security

Our team researches moving target techniques to solve the new breed of security problems associated with IoT devices, and introduce a radically new way of providing end-point security. These techniques move the security paradigms from tool-based reactive models into deceptive, adaptive, and immune approaches. With these solutions in place, security will be provided by compilers and device management platforms, rather than dedicated security tools.

What’s Different Here

The security industry has been focusing on adapting classic security solutions to IoT security, and solving network security and authentication problems—while ignoring IoT end-point security problems. It is predicted that, within a few years, around 250,000 IoT applications will be deployed. Clearly, it is not scalable to adapt the classic security paradigm that is based on acquiring expert knowledge of the device SW and translating it into tools that are installed on the device. The majority of IoT devices have very strict power consumption, CPU power, and memory limitations. This makes standard encryption impossible, and allows many attack surfaces.

IoT characteristics present a rare opportunity to break the attackers’ scale-up model. Creating one attack on a specific device is expensive for attackers, so they count on launching the same attack on a huge number of devices. Our moving target defense renders each device unique, so the attacks are unscalable, hence not profitable.

Since most IoT devices are not general-purpose devices, and do not need to support software from third-party vendors, it is possible to create each device in a unique manner without interfering with the device functionality.

Moving Target defense


Fady Copty, Emerging Security & Quality Technologies, IBM Research - Haifa