Article Preview
Top1. Introduction
The ongoing advance of computer technologies has already resulted in almost total civilization dependence on exponentially growing amounts volume of produced and stored data and the means of processing it. Modern hardware and software capabilities are generally both affordable and user-friendly to the general public. The simplicity of operation has already resulted in the fact that manufactured devices with WAN access are outnumbering human population. The growing network of such standardized communication nodes is usually termed as “Internet of things” (IoT).
However, the simple and comfortable way of operating portable devices doesn’t imply appropriately high level of security. On the contrary, the security measures are usually subdued to increase usability and achieve more cost reduction. Therefore, the remaining unresolved issue of most concern is the vulnerability of majority of devices, lacking any plausible means to provide reliable authentication of incoming connections. The range of the devices spans from network-accessible digital modules with MQTT-protocol for primitive sensors (e.g. house-hold Wi-Fi digital thermometers) to embedded single-board computers (e.g. Raspberry Pi) for more sophisticated consumer electronics like refrigerators, washing machines and TV-sets. Due to standardization of both machine architecture and communication protocols every node can serve as a breaching point for malicious cyber activity. Thus, the modern technologies gave rise to wide diversity of threats to device-stored data with multiple vectors of attack.
The overall problem of data security already gained a planetary scale. According to the recent Breach Level Index by Gemalto (Gemalto, 2017) the volume of the reported data breaches exceeded 1.9 billion of records only in the first half of 2017. The primary sources of the breaches where identified as malicious outsiders (74 percent), accidental loss (18 percent) and malicious insiders (8 percent). Narrow focused Bitglass report on financial services breaches (Bitglass, 2016) shows that the major proportions of breaches in the financial services sector where attributed to lost or stolen devices (25.3 percent) and hacking (19.2 percent), while malicious insiders where considered a source in 13.1 percent of cases. These facts indicate that device theft poses a serious threat to data security, and is a major factor contributing to large scale data breaches. The survey of Kensington IT Security Systems (Kensington, 2016) demonstrate that, despite such circumstances, more than a third (34 percent) of IT personnel lacks any physical security policy for corporate electronic assets, over half (54 percent) of survey participants do not consider physical locks for IT equipment, and 80 percent of survey respondents disregard use of locks for accompanying auxiliary equipment. Thus, 52 percent of the devices are stolen from the offices, and 24 percent from the conferences. The Recipero report on US Cell Phone Crime Statistics in 2016 (Recipero, 2016) addresses the issue of personal thefts, and reveals that 31 percent of devices reported stolen were NOT blocked by operators. Moreover, 7 percent of devices that are blocked when an insurance claim is made for loss or theft were unblocked within 30 days.