Q: With the ever-increasing emphasis on the Internet of Things, what challenges remain for security with embedded devices?
By Robert Webber, field applications engineer, Harwin
In the coming years there will be tens of billions of IoT nodes put into operation. Combined together, the huge numbers of these devices involved will represent a major attack surface for potential hackers to target. As well as the obvious network protection aspect of IoT security, there is a mechanical dimension that also needs to be considered. Due to the nature of the applications for which they will be used, a large proportion of IoT nodes will be deployed in remote locations that are simply not that easy to safeguard from malicious parties. Not only can this result in physical damage to the nodes themselves, with the associated costs of sending engineers out into the field to undertake repairs and the inconvenience of system downtime, it could also allow access to be gained to cryptographic keys. This may subsequently lead to the network being compromised, with denial of service attacks being launched or sensitive data being put at risk. To avoid such situations, nodes need to be constructed using robust and reliable board level hardware. Furthermore, the interfaces that were utilized during programming, testing and debugging procedures at the production facility should be removed (or disabled) before the node is actually deployed to prevent easy access being obtained to the firmware.
By Scott Jones, managing director, Embedded Security, Maxim Integrated
With the ever-increasing emphasis on IoT, a variety of challenges remain in the area of embedded device security. One of the main challenges up front is to convince design engineers to build security into their products from the start. Too often, security is overlooked or addressed when it is too late and a damaging breach has already occurred. Cost, of course, is often a factor in these considerations. While there is an expense associated with security, there’s a larger cost when counterfeiting or cloning eats into the revenue stream or when the loss of sensitive information damages the company’s brand reputation. For less than $1, a secure authenticator can provide crypto-strong protection against cloning, protect intellectual property, and authenticate peripherals, IoT devices, and endpoints.
Another key embedded design challenge involves staying ahead of increasingly sophisticated hackers. Fortunately, security ICs have also evolved. The latest generation of secure authenticators is designed with the strongest cryptography algorithms available (SHA-3) and physically unclonable function (PUF) technology to protect against fault injection, side-channel analysis, and other invasive attack techniques. In addition, while it’s advantageous to design security in from the beginning, there are security ICs available that are easy to integrate into an existing design. So, a lot of the challenges involve convincing design engineers that technologies are available for them to safeguard their designs without having to be cryptography experts and without undue cost or time. Given the proliferation of smart, connected devices, as well as the sensitive data that these devices handle, there really needs to be a greater sense of urgency around the importance of security. People need to be able to trust the intelligent things around them.
By Dominik Ressing, Global VP Technology, Avnet Integrated
Security plays an important role in modern embedded systems, which are becoming increasingly complex and more extensively networked. For many years this has been the case in the field of security for COM-based embedded systems. The goal is to combine numerous individual security features and thus achieve the best possible protection. This is based on the prerequisite that it must be clear at all times how the hardware behaves and the software that runs on the device.
There are several starting points to consider for the highest degree of security. For example, consider a combination of checks defined in “Root of Trust” and “Chain of Trust” by the industry standardization organization Trusted Computing Group (TCG). The “Chain of Trust” provides that only steps which have gone through a valid security check are executed. The system is securely integrated into the network—from boot-up to booting the operating system through to loading the relevant application software. “Chain of Trust” includes the BIOS, the bootloader, the kernel of the operating system, as well as other functional and security-relevant elements of the operating system.
All measured results are stored in a Trusted Platform Module (TPM), which is also specified by the TCG. In addition to logging execution of a boot process, the TPM is used for random number generation and secure storage of keys.
By Xavier Bignalet, security product marketing manager, Microchip Technology, Inc.
With the recent acceleration of IoT hacks well-publicized, IoT device weaknesses have become more and more visible. In the world of security, a Kerchoff principle says, “A cryptosystem should be secure even if everything about the system, except the key, is public knowledge.” Protecting the private key immediately becomes the first focus you need when implementing a secure system, even basic ones. Best practices are required for defending against this threat, which include going beyond encryption (which simply protects confidentiality) to incorporate the even more critical strong authentication piece of the puzzle. Widely used IoT security approaches have failed as attacks—and especially software attacks—have increased, and today’s top cloud service providers are now increasingly talking about hardware-based security that relies on proven industry-standard cryptographic keys, a secure element like the ATECC608A for isolating them, and a secure boundary so the keys are never exposed. With this approach, each device has a trusted, verified and protected “true” (not spoofed) identity, and the client and host can establish the authenticity of this identity before any IoT devices communicate, exchange data or transact. The security of the approach has been measured using third-party ratings test labs following Common Criteria Joint Interpretation Library (JIL) practices, which rated the device JIL “High”—the highest rating possible for key storage.
By Chris Rouland, CEO, Phosphorus Cybersecurity
We have only begun to scratch the surface in addressing the challenges surrounding security in IoT embedded devices.
For now at least, the onus is on manufacturers to secure their devices. Embedded systems are the heart of the IoT. However, the emphasis for manufacturers surrounds the bottom line including time-to-market, margin pressures and device features. Security, as it was in the early days of the Internet, is an afterthought. With no true security regulations in place, manufacturers can legally do the bare minimums to address (or not address) security.
These billions of tiny machines now exceed the global number of PC’s, Macs, servers, and mobile phones, combined; yet there is currently no security platform for IoT that an enterprise or consumer can purchase for protection.
With thousands of vendors putting out hundreds of new devices weekly, it is impossible with manual techniques to keep them all up to date by installing the latest security fixes and changing default credentials. How long would it take one person to patch every device at CES 2019? They wouldn’t be done by CES 2020 in my opinion.
By Kim Dinsmore, staff engineer, Renesas Electronics Europe GmbH
The Internet of Things (IoT) has many challenges that have foiled predictions of trillions of connected devices deployed overnight. Some of them could have been predicted early, such as infrastructure deployment and practical use cases. Although security might not have appeared on many people’s lists of concern, it’s a fundamental concept that affects all areas of IoT, consumer and industrial alike.
Security is usually ignored until something bad happens. If you’ve never had your house broken into, you might not worry about always locking the back door. But security is a balance. A lock on the back door is a good idea, but bars on all the doors and windows might be a bit excessive unless you have something extremely valuable to protect. But what defines valuable? For consumer applications, some answers are relatively obvious—a user’s personal information, access to their home network. But for Industrial IoT, it’s often a service or the deployment itself, depending on if the attacker is motivated by money or by a personal agenda. One hacker might attack a Smart Grid to obtain free energy. Another might target a Smart Factory to bring down a company for perceived ethics violations. The scope of the attack can vary from nuisance to catastrophe. But until that catastrophe occurs, the need for security will not be acknowledged. At this point, governments and industrial organizations will most likely, and necessarily, impose regulation and standardization, which will then create the additional problem of managing the coexistence of devices and infrastructure during the transition to the new standards.
By Doug Patterson, VP of Global Marketing, Aitech Group
As IoT becomes more deeply embedded and deployed into mission-, safety-, and life-critical applications, system and data cybersecurity is paramount. We know that bad actors are out there attempting to, and many times successfully, hacking into our cyber infrastructure every day. To pretend it’s not happening or ignore it only invites future disaster. Those who deploy embedded systems tied to the cloud, without data encryption and multiple levels of authentication, are extremely misguided.
By Dan Cusick, strategic business development, Laird Connectivity
From a medical standpoint, privacy and security are critical in wireless designs and should always be top concerns to protect patient information including medical records. Health Promotion and Protection Act (HPPA) regulations and Federal Information Processing Standards (FIPS) dictate strict requirements for privacy and security of critical medical data. Allowing medical devices to connect to the internet opens them up to a number of serious vulnerabilities if they are not properly protected.
In recent years, the industry has seen an increase in the development of IoT ransomware targeting wireless devices and the data stored on the cloud. This type of malware locks the file access by encrypting the data with the objective of selling access back to the user via a decryption key. As a result, IoT and wireless connectivity companies are being tasked with enhancing wireless and cloud security to better protect data.
Unfortunately, there is not a one-size-fits-all security solution. Some companies offer end user device security, while others concentrate on securing the network or the cloud. On the device side, companies ensure proper image management to enhance device security. This is implemented via constant updates to software via source code, software patches and authentication protocols. However, one fatal flaw in IoT device security is the lack of regular software maintenance like updates. Not updating code through regular maintenance opens up the device and/or network to viruses and ransomware.
To ensure proper security of all IoT devices, Chain of Trust Architecture (CoT) starts with secure communications modules. The CoT is designed with multiple layers of verification, encryption, signing to ensure the device operates with trusted software loaded. The CoT secure module isolates the host application from intrusion attempts. The CoT can also be set-up with automatic downloads of security software updates. This automated web based update solution eliminates the human error element to better protect medical IoT devices.