Defense Against Network-based Attacks

Tuesday, May 14, 2019 @ 02:05 PM gHale

Integrated device security provider, Mocana Corporation, released a cyber protection solution for massive IoT, smart cities and distributed intelligence networks.

The solution is based on new device admission control capabilities for Mocana’s TrustPoint on-device security software solution.

RELATED STORIES
Waterfall, Dragos Partner for IIoT Security
Siemens, TÜV SÜD Partner on Safety-Security
Mocana, RTI Team to Secure IIoT Platforms
Supply Chain Security Task Force Launches

Used by major industrial and IoT device manufacturers, TrustPoint is used in more than 100 million devices. The new controls allow TrustPoint-enabled devices with limited memory and processing power, such as process sensors and IoT devices, to use certificate-based authentication and network filtering embedded into the device’s software to defend against network-based cyber attacks. These new capabilities are especially important for securing smart city, smart lighting, industrial and massive IoT applications.

Mocana’s new capabilities are used in conjunction with features of Mocana TrustPoint and TrustCenter to protect and manage the device security lifecycle.

Mocana TrustPoint includes a FIPS 140-2 validated cryptographic engine and software to make devices tamper-resistant while securing device storage, communications and applications. Mocana TrustCenter enables zero-touch, automated device enrollment and in-field provisioning of credentials and authenticated updates on headless devices.

Network access control (NAC) technologies are used extensively on servers, laptops and smart devices. Implementing access controls on IoT devices has proven to be more difficult because of the limited memory and processing power of such devices. Mocana has solved this problem with the introduction of its new device admission controls.

Mocana’s solution authenticates or validates the identity of the device before it is allowed to communicate with the rest of the network. Unlike insecure network access methods such as unauthenticated Dynamic Host Configuration Protocol (DHCP) that provision network access before requiring authentication, Mocana’s solution provides a secure method to use certificate-based, mutual machine-to-machine authentication.

Mocana’s device admission control capabilities enable sensors and IoT devices to defend against a number of attack scenarios, including:
• Dictionary attacks that determine a user’s password
• DHCP denial of service (DoS) attacks in which a device attempts to lease all available DHCP IP addresses
• Replay attacks in which a device appears to be functioning correctly when it has been compromised
• Spoofing attacks in which a device attempts to impersonate another device by using a false MAC address or IP address

“Ensuring the safety and reliability of systems is of paramount importance for mission critical systems,” said Dean Weber, CTO at Mocana. “In order to defend against modern network-based cyber attacks, companies need to ensure that their IoT devices are trusted and have not been compromised. Our on-device security controls are designed to operate within a tiny software footprint to enable the smallest of devices to protect themselves.”



Leave a Reply

You must be logged in to post a comment.