Blogs

Designing a secure and scalable Internet of Things ecosystem using multiagent systems

IoT Evangelist, University of San Diego

The Internet of Things (IoT) introduces both security and epistemic challenges having to do with data ontology, network science and system engineering. Because the loosely coupled architectures of the IoT ecosystem enable seamless connectivities that span heterogeneous industries and networks—often using public networks and application programming interfaces (APIs)—the ever-expanding IoT ecosystem introduces architectural, operational and security challenges.

Architecture

Securing the Internet of Things is an integral part of addressing business process disruptions, whose nature often depends on the nature of the enterprise IoT ecosystem affected. A rise in data breaches has made organizations keenly aware of the business risks posed by threats to data security and has spurred them to invest heavily in securing IoT infrastructure using conventional security and monitoring applications. However, despite the growing popularity of monitoring applications, such applications do not always incorporate agents in their design from the outset. Accordingly, building on the idea of thematic pillars for securing the IoT ecosystem, this article proposes that the Internet of Things adopt an advanced scalable security architecture using multiagent systems.

Multiagents

Multiagents are designed as unique industry gears developed on the basis of severity and threat levels for IoT applications. Increased discussion has brought about an industry consensus toward developing trust and security matrix standards and identifying severity and threat levels in the IoT ecosystem for different business domains. Indeed, the trust and security matrix is a prerequisite for designing industry-specific agents, which can incorporate multiple instances—agent gears—whose natures are largely decided by the particular industry involved as well as by the criticality of specific business operations.

Agent gears’ complexity depends on industry type, application scale and business necessity, and IT compliance plays an important role in defining the attributes of a particular agent gear. Moreover, domain-specific knowledge is required to design such agent gears. Although agents are hierarchical in nature, they are completely autonomous, and they are highly scalable.

Figure 1 shows an agent’s matrix of hierarchy and scalability, with agents’ colors indicating degrees of scalability and autonomous states in corresponding hierarchy, symbolic of specific agent attributes corresponding to domain-specific knowledge, industry compliance and agent state. Agent scalability is determined largely by the scale of the IoT framework and the security needs of business applications.

Network

The Internet of Things’ unique aspect is ubiquitous computing that provides seamless connections among diverse systems and subsystems using networks, whether private or public. However, as the network expands beyond private networks, end-to-end network connectivity is often loosely coupled, with enterprise network encryption and security often limited to the organizational periphery. Thus the networking element in security breaches can see devastating breaches that compromise not only enterprise application stacks, but also monitoring applications running on those stacks.

Because network components are not isolated, a new security data plane is required. This new plane, used primarily for multiagent communications, is designed to help secure the enterprise network during a data breach by protecting multiagent applications from compromise.

 

Figure 2 shows the scalability of network components in both physical and logical stacks. Physical isolation of network components—most commonly routers, firewalls and load balancers—makes possible a highly scalable network infrastructure and largely depends on threat levels of business applications. The combination of physical and logical isolation enhances overall system security. Moreover, major network components’ high degree of scalability can help in addressing specific industry needs.

Systems-level architecture

Many system-level architectural improvements help in securing a system and in ensuring that agent communications remain uncompromised even during data breaches. For highly specialized and secure IoT applications, an exokernel operating system can be used that multiplexes hardware resources among the applications running on the system while giving agent applications direct low-level access. Using multiple TCP/IP stacks can help ensure that such stacks are independent from one another while directly giving network access to specific multiagent applications. Indeed, isolating TCP/IP stacks and the security data plane is an integral part of securing the IoT framework.

 

Figure 3 describes the scalability of system architecture from an operating system’s perspective. Depending on the severity of the application and the maturity of the IoT framework, a distributed operating system having kernel-level isolation can be highly desirable as a means of securing an agent application. Indeed, such distributed operating systems have already been developed and have undergone testing. Conversely, lower-severity multiagent applications may require merely that TCP/IP stacks be isolated. Regardless, many enterprise IoT frameworks feature virtualization and container layers that can aid the deployment of multiagent applications.

Challenges

Although network, multiagents and systems architecture are all fundamental building blocks helping secure the IoT framework, each component can be designed independently as part of the enterprise infrastructure. Scale will largely depend on application threat level, IT risk assessment and the enterprise maturity of the IoT framework.

But deploying a highly scaled security infrastructure brings many challenges, foremost among them that adoption of a security infrastructure adds a security layer, increases total cost of ownership (TCO) and introduces operational complexity into IoT ecosystems. Indeed, the cost of deploying an added layer of security and building agent applications may challenge the resources of not only small but medium-sized enterprises. However, deployment scale can be highly customized to decrease total cost of ownership. What’s more, as IT security managed services gain momentum, deployment cost seems likely to decrease for enterprises of all types.

Thus I propose the use of highly scalable multiagent systems to secure the IoT ecosystem. Accordingly, in this blog, I have identified major design components of such systems while discussing challenges to implementing an infrastructure of this type on a large scale. Indeed, I expect just such security applications as I have described to begin emerging as a means of addressing the security challenges faced by IoT infrastructure.