The Amazon-owned smart home product manufacturer Ring recently announced that it’s strengthening the security of its Internet of Things (IoT) motion-detecting doorbell cameras by offering end-to-end encryption (E2EE) for streaming video footage. There’s a catch, though. Users who opt to turn on E2EE will find that they need to make major tradeoffs. Convenience and usefulness drop if they want to enjoy the privacy benefits of E2EE. That highlights one of the problems with IoT security — balancing privacy with the device’s purpose.
That tradeoff is familiar for the people tasked with protecting IoT environments, especially in industrial settings. Today, manufacturers gather new data streams (such as audio and video content) on the factory floor. They can also insert new control tools (such as voice control and wireless headsets) into processes. As they do so, they need to keep this data close at hand for processing. But it must also be kept safe.
Ring Doorbell Highlights IoT Risks
Ring has a long history of IoT security and privacy issues. In some of those incidents, threat actors used the camera’s two-way talk function to harass customers. In the best-known of these incidents, a widely-shared video shows a faceless man taunting an eight-year-old girl from the Ring security camera that her family had installed in her bedroom.
The company insisted that these incidents were the result of customers’ credential re-use. Ring stated that bad actors used username and password pairs from third-party data breaches, not from a breach of Ring’s own network. Nonetheless, the company later added two-factor authentication to its account sign-in procedures after security experts found that it had no way of preventing so-called brute force attacks — in which attackers simply test out large numbers of possible passwords in an attempt to guess correctly. It also rolled out a new Control Center feature that enables users to better manage their privacy and security settings within the Ring app.
Now, Ring is putting E2EE in place for streaming video data.
Why IoT Security Comes at a Cost
According to Ring, the company’s new E2EE option is an “additional security- and privacy-centric feature [designed to provide] users with even more peace of mind”. To protect their customers’ streaming video data, Ring uses a technology called asymmetric key encryption. In this type of cryptography, the streaming data is encrypted when the device creates it. To decrypt it, you need a unique private key. This key works only on the local mobile device where the customer can view their video. In this case, the paired phone app generates the key, a unique 10-word passphrase. The system randomly selects each word of the passphrase from 7,776 words. To further protect the video stream, the phone app doesn’t store the passphrase locally. Instead, the user must enter it each time they want to view their videos.
What does relying on asymmetric key encryption mean for the user? Surprising few, the answer is nothing good.
First, customers using E2EE need to retype their 10-word passphrase every time they want to check their video stream. The phrase won’t make any sense, making it harder to remember. What if a user should happen to forget their passphrase? They’ll lose access to their device’s video content — forever. After all, the Ring doesn’t retain the decryption key or store it elsewhere.
Balancing Safety and Function
Secondly, because asymmetric key decryption is somewhat computationally intensive, it can’t be performed on any device. Only mobile phones running recent versions of iOS or the Android operating system can run Ring’s E2EE encryption feature.
And, crucially, the asymmetric key encryption that Ring relies on is a one-to-one encryption protocol. This is typical of the cryptographic techniques that have been used most often in computing to date. However, it doesn’t work well for securing cyber-physical systems and IoT devices. Smart buildings, smart factories and smart cities rely on geographically distributed sensor networks. Their data flows between systems that interact via multiple intermediaries. This means that IoT streams often have more than one recipient. Therefore, the device must encrypt, decrypt and re-encrypt the data multiple times if they are to remain secure.
For Ring customers who turn on E2EE, one-to-one encryption means a loss of function. E2EE users can no longer share their videos with other users. Nor can they view them online, or through Ring’s Windows and Mac desktop apps. What’s more, any Ring features that rely on external processing and analysis of video content will no longer work. So E2EE users can no longer access features such as automatic Motion Verification or People-Only mode.
Tomorrow’s IoT Security Solutions Need Many-to-Many Encryption
Ring’s E2EE is an opt-in feature. By default, the device comes with this feature turned off unless users opt to use it. Many users won’t. Large numbers of Ring customers bought their devices because they wanted to be able to view their videos from multiple devices, to share their data with others or to use popular social networking sites like Ring’s own Neighbors forum. For these users, the benefits of the enhanced privacy that E2EE brings aren’t worth the drawbacks.
For IoT security leaders tasked with protecting streaming sensor data in smart factories, the tradeoff is even more challenging. Making IoT data available for analysis both in the cloud and at the edge is the primary purpose of industrial IoT solutions. If the user can’t use streaming sensor data because it can’t be decrypted, the devices involved lose their value.
At the same time, leaving streaming sensor data unencrypted (and thus vulnerable to compromise) isn’t an option, particularly in the face of today’s more prevalent threats against manufacturing and critical infrastructure. Instead, it’s crucial that the industry adopt lightweight many-to-many E2E encryption algorithms as an industry-wide standard. While emerging tech such as Attribute-Based-Encryption (ABE) and object security frameworks show promise, many-to-many encryption must become the norm if IoT security issues are to be resolved in industrial settings.