Security in the IoT world involves more than just a processor.
Whether it is the remote hacking of cars or the rise of the IoT botnet we have all read the scary headlines: security for the IoT is a growing issue. But how exactly do you stop your company and your product appearing on the front page, as part of the latest security violation story? Security in IoT is more than just the processor, it requires an approach that protects the entire system and allows secure connectivity all the way from the device to the cloud. Here are five tips to get you started…
1. No shared secrets (hackers love them)
If you design an IoT product and ship it with default credentials (username = admin, password = admin) then your connected product is likely to be part of the next IOT botnet and making headlines across the globe. IoT products need unique, un-guessable identities and keys that help them connect securely to cloud based services.
Deciding on a keys and trust architecture sounds complicated but can be simplified by adopting a platform approach. For example, ARM provides ARM mbed OS and mbed Cloud to help even the lowest cost microcontrollers connect securely to the cloud and GlobalPlatform provides standards for the remote management of security domains on applications processors. Alternatively, new protocols such as Open Trust Protocol (OTrP) combine a PKI and Certificate Authority based trust architecture with a simple OTA management protocol. Ask your design team if any shared credentials or shared private keys are used and if the answer is yes, investigate how they can be removed.
2. Use hardware-based security
As the amount of software grows in your product so does the number of security vulnerabilities. By using hardware mechanisms such as ARM TrustZone critical assets and sensitive software can be protected behind a hardware wall. TrustZone was first adopted in mobile markets on application processors but is available on the latest ARMv8-M MCUs that will be entering the market in 2017. If you are using an applications processor you can use a TrustZone based GlobalPlatform Trusted Execution Environment (TEE). There are both open source and commercial offerings available on the market from organizations such as Linaro and Trustonic. Ask your silicon provider if they support TrustZone and what software is available for you to use (e.g. key store, hardware attestation etc).
TrustZone enables defense in depth and the creation of multiple isolated security domains for your critical code and data. The code that runs there might be from different sources and it is a useful feature that you can isolate code that might be distrusted from other parts of the system. TrustZone extends beyond the processor across the whole chip enabling secure peripherals, secure interrupts and secure memory – it is a holistic approach to system security. ARM provides system IP and example subsystems to silicon partners to help them build security into the chip.
The first step in building in trust into a system is the initial Root of Trust which provides essential security services (you can think of it as a security toolbox) that can be relied on no matter what else is happening on the device i.e. even if the device is being attacked.
3. Keep it agile
While on one hand it’s important to design systems with a strong security foundation, it’s equally important to be able to fix problems after deployment, because security holes will be found over the life of the product. Over the air (OTA) updates can patch vulnerabilities, but they require a proper security foundation to ensure that the update can be applied without compromising the system. When choosing an IOT platform investigate how firmware can be updated OTA and the security mechanisms employed. Some examples of protocols that might be used include OMA LWM2M, GlobalPlatform TMF and OTrP.
A related topic is lifecycle management where the state of a device (in manufacture, deployed, etc.) can be carefully managed and used to affect the functionality of the product. A robust security mechanism is needed to store and control the lifecycle state.
4. Protect data in flight – e.g. use TLS (aka SSL)
Transport Layer Security (TLS) is likely to be familiar to you from the padlock symbol when you are using a browser to do your online banking – it protects data between the client and a remote server. It is equally applicable to protecting the data flowing between the IOT device and the cloud offering the security properties of secrecy, integrity and authentication. Fortunately there are well proven TLS software providers offering both open source and commercial implementations such as mbed TLS. End-to-end security starts with good end point (hardware based) security and needs a robust protocol such as TLS to protect the information in flight.
5. Pay for a third party company to expose the security flaws in your design
Having designed your IoT device it is likely to be a good investment to pay a security researcher to expose security vulnerabilities before a hacker does. Typically this is done as a “Crystal box” exercise where the security expert has access to the source code and reference hardware. They will be able to do a source code review and optionally penetration testing to help you improve the design before it is released. They may be able to help you improve your internal processes and training so that security engineering becomes better integrated with your product development. Security is never finished and becomes part of the quality of the design. It is worthy of investment and executive oversight as the reputation of your products and company may depend on it.