UM-Labs
Advanced real-time communications security
IoT security: If AI is the answer, what is the question?
Since the widespread adoption of IP networks in the 1990s, securing connections to those networks and protecting data flows has been vital. In the early days, a well configured firewall could do a reasonable job of protecting the applications in use, Web, Email and others. Today, the applications using IP networks have evolved and there is a much greater focus on the Internet of Things (IoT). IoT applications cover the spectrum from simple environmental monitoring systems to complex industrial control applications. IoT is in use in all business sectors including transport and military where a security breach can pose a danger to life. IoT applications and the data-in-transit generated between sensors and actuators clearly need to be protected against cyber threats.
Judging by the number of conferences on Artificial Intelligence (AI) and the penetration of AI technology into virtually all branches of information technology, 2024 is shaping up to be the year of AI. Ask the question, how do I secure my IoT service from attack? Many commentators and vendors will reply “AI”. While AI has a role to play in IoT, is it not the complete answer. Take driver-less vehicles as an example, AI is an essential tool to enable the vehicle to recognise its environment, avoid obstacles and navigate, but if a cyber attack feeds false information to the AI software or overrides the instructions to the vehicle, then the accuracy and efficiency of the Large Language Model (LLM) driving the AI engine becomes irrelevant.
Effective cyber security controls for any application require an understanding of protocol layers supporting the application. The lower layers, IP and TCP, are common to most network applications, the higher layers tend to be application specific. Protecting IoT applications is complicated by the multiple different application-level protocols in use, there are at least twelve. To protect IoT applications effectively, information flows at all levels must be checked, authenticated and validated. This process must block known threats, ensure that information flows generated by requests and responses adhere to the protocol standards in use and correctly identify and authenticate the origin of all requests and responses. All of these can be achieved by following well defined practices without the use of AI. Where AI can play a role is analysing information flows and collating apparently unrelated events to help identify new threats. When applied to cyber security in general and IoT security specifically, AI needs a Large Event Model (LEM) rather than the usual LLM.
UM Labs R&D work is focused in providing effective cyber security for all real-time applications running on IP networks. Our technology for protecting voice and video communication is successfully deployed in multiple government and defence organisations. More recently, with the support of the UK’s Defence Science and Technology Laboratory (DSTL) we have developed technology to protect the IoT ecosystem. Our solution implements a layered security model protecting at multiple levels and combining proven security controls with AI. The AI modules analyse events to provide early warning for new threats. The flexibility built into our platform means that it can handle any application protocol.
While AI may be an answer, it is not the complete answer.
Author: Peter Cox, CEO and Founder UM-Labs
techUK and TechSkills at London Tech Week
techUK is proud to once again be a strategic partner of London Tech Week. The event is a fantastic showcase for UK tech, and we’re pleased that techUK members and colleagues are represented on the agenda.
We are pleased to be working with 20 techUK members at London Tech Week to highlight the positive impact of the tech industry in the UK.
You can find more details on the author of this blog, below:
London Tech Week: Fringe events
techUK is leading several fringe events across the week on topics as varied as Justice and Emergency Services, Local Public Services, Digital ID, and international trade. Visit the pages below to register:
