The Building Blocks of IoT Cyber Security
These Cyber Security Features are the Foundation for a Security by Design Approach
The building blocks of cyber security are the basic elements needed to make an IoT device secure. A defense-in-depth security architecture can be built on these elements and eventually lead to more elaborate security approaches. It all begins with the root of trust which, these days is commonly supported in hardware within embedded microprocessor and more traditionally, supported with Trusted Platform Modules (TPM).
Root of Trust:
In an embedded system a root of trust is typically a value stored in secure memory or generated by a Physically Unclonable Function (PUF). This value used in conjunction with secure boot, confirms that the code the processor executes, right after coming out of reset, is secure. From there a chain off trust can be built through the various layers of the software stack up to your application software.
Secured Embedded Boot:
Most embedded processors today offer secure boot features that builds on a root of trust that is based in hardware. The purpose is to make sure the code run by your IoT device has not been tampered with. To take advantage of a secure boot feature, keys need to be generated, your software signed with those keys, and the processor correctly configured. Typically both asymmetric and symmetric cryptography is used. An asymmetric algorithm is used to authenticate the signature attached to your software by using a public key (the private key, is kept secret and not stored on the IoT device). Symmetric cryptography is used to protect (e.g. encrypt / decrypt) code in external non-volatile memory that is relatively easy for an adversary to access. An example of a symmetric crypto-algorithm commonly used for secure boot is the Advanced Encryption Standard (AES).
Secured Over-the-Air Software Updates:
Over The Air (OTA) updates actually refers to software updates sent over a wireless or wired network. The reason software updates are so important is because no system is 100% secure. For example, even Mercedes Benz, a leader in automotive cyber security, has had vulnerabilities found in their vehicles. Details can be seen in a video given at the RSA Conference by Mercedes Benz and 360 Group and in the following document titled Security Research Report on Mercedes Benz Cars . OTA allows for fixes to be made quickly and inexpensively to vulnerabilities in software in devices in the field. Physical access to the device is not necessary with a well planned OTA update approach. In the Mercedes Benz case, they were able to send software fixes, wirelessly, to a large number of vehicles in a matter of hours. It is very important for OTA software update approaches to be very reliable. If a software update is not done correctly, the IoT device could end up non-functional (i.e. bricked).
Secure Data:
Secure data refers to encrypting valuable software Intellectual Property (IP), Personally Identifiable Information (PII) from your customers, data that can be used to compromise the security of your device, or any other sensitive data that maybe stored on the IoT device. There are multiple approaches to encrypting and decrypting data. This can be done by using crypto-accelerators in the microprocessor or TPM hardware. There are also a number of software libraries that can be used. Some libraries are open source and free to use such as OpenSSL and Mbed TLS. Others are available for purchase and offer particular features such as optimized implementations.
Encrypting code not only protects IP or PII, it also makes it more difficult for a hacker to compromise a system. One of the first steps an adversary takes is to try to access a listing of the code that a device is running. If they can get commented code, which believe it or not does happens, they are very happy. Code listings make the task of reverse engineering much easier, which in turn makes it easier to find flaws in the code. Adversaries will go to great lengths to get access to code including reading binaries from flash and reverse assembling them. Another approach is to trigger a software update in the hope that the update is not encrypted.
Secure Communications:
Because of its very high level of security (NSA approved for top secret communications) and its efficiency (low power consumption and small silicon area), AES hardware is commonly found in microprocessors and even in very low cost microcontrollers. Combined with a secure key, that is authenticated based on the root of trust, AES is a very good option for secure communications in IoT devices. It is in fact the most commonly used encryption algorithm in the world as it is used to secure browser to web site communications.
Leverage of Microcontroller and Microprocessor Features:
The building blocks of cyber security can be implemented in a way that takes full advantage of hardware features in low cost microcontrollers, microprocessors, and TPMs. This includes symmetric and asymmetric cryptographic engines, secure memory, and tamper detection features. Many microcontrollers and most microprocessors offer hardware that makes implementing the building blocks of cyber security very efficient and very secure.
BG Networks has the know how and expertise to develop software that implements the building blocks of security in your IoT devices. To sign up for a free cybersecurity consultation, clink the button below.