Experts at the table, part 1: Side-channel attacks, botnets, ransomware all loom as attacks become more sophisticated on connected devices.
Semiconductor Engineering sat down to discuss security issues with Asaf Shen, vice president of marketing for security IP in ARM‘s Systems & Software Group; Timothy Dry, principal staff marketing manager for the Industrial IoT segment at GlobalFoundries; Chowdary Yanamadala, senior vice president of business development at GlobalFoundries; and Eric Sivertson, CEO of Quantum Trace. What follows are excerpts of this discussion.
SE: Security is long overdue for hardware and software, in light of the recent Dyn distributed denial of service attacks, which was perpetrated by amassing IoT devices with Mirai malware. Where are we?
Yanamadala: There is a new paradigm in security. It isn’t a new challenge, but it is being seen in a new context. There are two ways of looking at hardware security. One is data being delivered because of human interaction with a device. The second is machine-to-machine. It’s the machine-to-machine that’s presenting a serious challenge, because a lot of time these machines are distributed and not physically secure. So how do you secure data processing and transfer between machines?
Sivertson: The traditional technology we’re used to is ‘guards, guns and gates.’ It’s the enterprise model, where you have a centralized repository that’s either in the cloud or a private data center. There are a lot of trust technologies that have been built for that. There is a trusted platform model. But now you have easy access to this data from all these untrusted devices. You don’t know who’s going to get their hands on these devices. Many of them are available. We saw just a touch of that with the Mirai thing. There is a lot more coming.
Yanamadala: The IoT is somewhat of a newer field, and security is something that we’re grappling with. It underscores the need for layering security between hardware and software. They need to play well together. Some of the layers include lifecycle security. Threats are evolving. There needs to be a mechanism for the system to take security updates. That’s something the mobile sector has shown can be incorporated into the IoT world, but that’s still not enough. The communication between a node and the cloud needs to be secured. TLS (Transport Layer Security) is an example of what can be used. And ultimately, it comes down to the device itself. It starts with a root of trust, and then builds out with a chain of trust. Once the chain of trust is established to have a good crypto platform that is hardened against side channel attacks is definitely important. And then, with the architecture, there are trusted resources on chip, off chip, and there are assets that are not as trusted. The ability to keep these trusted assets and non-trusted assets, while allowing them to communicate, is critical.
Sivertson: You need a trusted area that you feel is relatively secure. You can build out your structures from there. With IoT, we really are looking at the silicon device. That will have to be the guns, guards and gates. You have to harden these devices. That is the only way you will have protected, secure environments. You want to start at the root with something that is unclonable—something to identify the silicon chip itself. We do PUFs. But you have to have that trusted root and know that it’s not going to be cloned or copied. Then, on top of that, you build cryptography, and that also needs to be solid to be side-channel immune. Bad guys are going to have access to these devices. They will need a very clear, deterministic interface. We think this whole structure will fit in well with the ARM infrastructure. And then the device manufacturer puts in its critical functionality. And finally, the OS and application layer, which is where most of the attacks take place today, can sit at the top. But if you’ve built the rest adequately, it will be harder for that to be a successful attack.
Yanamadala: There are two reasons the foundry is important in the chain of trust. First, all of the stakeholders of the system—chipmakers, IP providers—all converge at the foundry level. The foundry has a unique advantage of providing an ecosystem for how these things can come together. You can start TrustZone with hardened IP combined with unclonable unique ID PUF solutions. The foundry can nurture that ecosystem. The other part the foundry has to provide for a secure system involves secure and trusted manufacturing facilities, like ISO 15408 and DoD-certified facilities. Having this trusted and secure environment where chips can be manufactured is just as important as other aspects. Last, I want to add one additional threat. Any system that is not secure against side-channel attacks can compromise an entire system. If the hardware-level security is compromised, there is a chance the system-level security can be compromised. The vulnerability of the system that is not protected against side-channel attacks is very high. And side channel attacks have become very easy to mount these days. You just need a couple thousand dollars of equipment.
SE: So where are the biggest immediate threats?
Shen: The type of assets that are associated with infrastructure will always be more valuable than home-automation devices. If my home camera gets compromised, it’s no big deal compared with a blackout across an entire region. But the Mirai-based attack on Dyn showed us that devices we assume to be harmless can be abused in unexpected ways. They can take down Tier 1 services. Mirai malware was used in mid-September, too. There is nothing new about these kinds of attacks. What was new in this case was the scale of this attack. There were about 1.5 million devices—home cameras, routers, home appliances—involved in this attack. So what is a potential threat? Everything.
Dry: In 2008, there was a lot of fearmongering about bringing the grid down and national security. But there are some very serious risks that do need to be addressed, such as bringing down the smart grid, destroying generators, or targeting medical devices. If you think about autonomous big trucks driving down the freeway, if they get hacked the damage will be significant. These attacks can result in mass injuries if we’re not careful. So there will be visible attacks, and annoyance attacks, which is what these denial of services attacks are becoming. But there’s another side to these ‘inconvenience’ attacks like the Mirai hack that also need to be considered. This all undercuts consumer confidence in technology. It can inflict serious damage on our business and other businesses that rely on technology we all develop.
SE: This is the first year we’ve started to see IoT devices showing up in the market with smart sprinkler systems, home robots for vacuuming. So what will be the most likely vectors for attack? Will it be side channel attacks, physical breaches, or will the attackers come in from the network, the software, or viruses that compromise entire systems like Stuxnet’s offspring?
Yanamadala: You need to have multiple layers of security. It’s like building a house and not locking a few windows. Side channel attacks are particularly concerning to me because it impacts all implementations of technology if they’re not protected. And it’s so easy to mount with scale, and the fact that it’s attacking the hardware can easily put an entire system at risk. Side channel is one of the very important attacks that needs to be addressed. Physical attacks are important, as well. But those require a higher level of sophistication and more expensive equipment. Someone who wants to break a system would probably try side channel attacks before attempting physical attacks. Yet you can’t just say you’ve protected your system against side channel attacks and you’re done.
Shen: As devices get more complex and do more and protect more valuable assets, the software stacks get bigger and bigger. The number of potential attacks is linear to the code base. Physical attacks, passive attacks get more and more exposure, and the barrier to entry is getting lower.
Sivertson: Shodan is the Google of the IoT world. It will show you all of the IP addresses of connected devices, including your baby monitor and your car. Bad guys can go to that very easily and start to map out where they want to go. These attacks will come in strata. The low-hanging fruit is always the first step. There are layers to the bad guys. There is the activist hacker, which is what we saw with Mirai. That is not a sophisticated piece of malware. But Stuxnet is a more sophisticated attack. So now it’s an economic motive. Who’s going to drive that and where are they going to make their money? Look for IoT ransomware coming. That’s going to be a big deal. Trucks will be a juicy target for the bad guys. They can either be shut down or they can cause an accident. It’s strata in the attacks, and it’s strata in the people doing the attacks.
Side-Channel Attacks Make Devices Vulnerable
The number and type of attack vectors are increasing as more of the world becomes connected and vulnerable to hackers.
Commandeering an autonomous network takes on new meaning in the IoE.
What’s Next For IoT Security?
The recent cyberattacks highlighted the security lacking in many IoT devices. Solutions are on the way.