Securing The IoT

Last week’s Internet outages highlighted the dangers of unsecured IoT devices and the need for a comprehensive set of standards.

popularity

Last week’s massive distributed denial-of-service attack, directed at Dyn DNS—a small New Hampshire-based company that operates part of the Internet’s Domain Name System—brought many popular websites to a crawl.

Among those affected were such giants as Airbnb, Reddit, Twitter, Amazon and Netflix. The Internet outages spread from the East Coast of the United States to the rest of the country throughout the day, alarming and inconveniencing millions of people.

The coordinated cyberattack was the latest episode of unsecured or easily compromised Internet of Things devices, such as surveillance cameras, being utilized to initiate such attacks. Dyn stated there were tens of millions of Internet protocol addresses involved. It wasn’t the first time this has happened this year, and it likely won’t be the last.

The forces behind such attacks, and their motivations, remain unknown. There is widespread speculation on who is launching the attacks and why. But that may be less important than learning to how to detect, deflect, and defend against these attacks.

While cybersecurity tops the priority list for the IoT, the semiconductor industry is also grappling with a broader set of standards for the IoT. While companies are seeking ways to make robust and secure IoT chips, software and systems, they also are trying to develop ways to make them easier to design and develop.

And all of this is taking place right now at conferences in Silicon Valley, as well as other conferences scattered around the globe, drawing together speakers from a wide variety of companies, organizations and government groups.

“It is vitally important that we collaborate as an industry to ensure complex elements such as security are right from the start,” said ARM CEO Simon Segars, in preparation for ARM’s TechCon 2016 conference this week.

ARM is best known for its low-power processor cores, but it has begun ramping up the emphasis on security for IoT devices. In addition to two new IoT cores with built-in security that the company uncorked this week, it also said it will be extending its mbed Cloud to the mbed IoT Device platform and bringing its TrustZone security technology to its most advanced processor cores. ARM also is getting into the software-as-a-service business as a way to help IoT developers with secure IoT device management.

ARM’s new cores are expected to go into microcontroller designs for secure IoT devices. Analog Devices, Microchip Technology, Nuvoton Technology, NXP Semiconductors, Renesas Electronics, Silicon Labs, and STMicroelectronics are among the chip companies that will use the new cores.

“Security and trust are of paramount importance for internet of things devices,” said Mark Cox, director of the IoT platform group at Analog Devices. “The Cortex-M33 processor puts a TrustZone security foundation into the heart of the processor, and ARM CoreLink SIE-200 extends this across the entire [system-on-a-chip]. This allows us to strengthen SoC security in the easiest, most energy-efficient way for connected devices.”

Adds Geoff Lees, senior vice president and general manager of the microcontroller business at NXP Semiconductors: “Security is the critical building block for IoT solutions. With TrustZone technology, the strength of the ARM ecosystem of tools and software, and the NXP experience in developing secured solutions, the Cortex-M23 and Cortex-M33 will become the next industry standard for microcontrollers, providing an efficient security foundation for a wide range of embedded applications.”

The mbed Cloud was officially rolled out at ARM TechCon. Its components include mbed Cloud Connect, mbed Cloud Provision, mbed Cloud Update, and mbed Cloud Client. Release 1.0 of mbed Cloud is being used by multiple companies, such as Toshiba.

“Toshiba chose mbed Cloud for the key secure feature on Toshiba IoT solutions,” said Takashi Amano, technology executive for Toshiba’s Industrial ICT Solutions Company, adding, “mbed Cloud will simplify device deployment and management taking advantage of device security at Toshiba industrial IoT solutions.”

The standards approach
While the DDoS attack on Dyn DNS was unspooling across the U.S., a panel discussion about an IoT standards framework was taking place at the IoT Tech Expo in Santa Clara, Calif.

“We’ve gotten into this area at the Web layer,” said J. Alan Bird, global business development lead for the World Wide Web Consortium (W3C). While he noted that W3C is a strong supporter of open standards, ‘No one consortium will have all the standards.”

Shane Dewing, senior director of IoT ecosystems and market development at Intel and representative of the Open Connectivity Foundation, said the Internet protocol is the natural basis for all IoT standards efforts. OCF and other groups are “abstracting a way” to address “the mess at the bottom,” he observed.

Moderator Mick Conley, development manager for industry programs at oneM2M, noted there already are a number of standards in the market. “It is mandatory that we get an IoT standard set, maybe multiple standards. All the standards we currently have are useful. They have to kind of come together.”

Christopher Kelley, lead architect for IoT data solution services at Cisco Systems, was among the panelists recognizing the importance of open-source technology in IoT. “We can’t build platforms and software stacks without taking advantage of open source,” he said. Whether it’s IP, ZigBee, or another connectivity standard, he said that what matters most in IoT is “the payload.”

In working with the Industrial Internet Consortium and The Green Grid, Kelley said, the question has to be, “What’s above the system?”

Vic Kulkarni, senior vice president and general manager at Ansys, gave a presentation at at the conference about engineering the Internet of Things. “The connected, autonomous car is a key hub in IoT,” he said. Today’s automotive vehicles can have up to 100 million lines of software code, he said, much more than advanced military aircraft. They also incorporate hundreds of sensors and 30 to 100 engine control units.

But that complexity is growing across a wide swath of IoT-related markets. Kulkarni noted that Facebook is now using ANSYS simulation tools to provide Internet service through drones. He said the challenge is running thousands of scenarios to make automobiles and other products safer and more secure.

What’s clear is that IoT devices are here to stay. But how to keep them safe and secure will be an issue for years to come.

Related Stories
Where Are The IoT Industry Standards?
While some Internet of Things groups are proceeding with setting standards, connectivity and other aspects are still up in the air.
IC Industry Waking Up To Security
More companies recognize cybersecurity needs to be built-in from the beginning.
Unexpected Security Holes
As more things are connected, security holes are showing up in places no one considered.



  • Hellmut Kohlsdorf

    Information about security and reducing the vulnerability of IoT devices, this means embedded devices as the IIoT, is dificult to find and judge. Many terms, like hypervisor type 1 and type 2, Containers are prsented with different opinions about what the way to go is.
    Also finding out what, i.e ARM Cortex M devices do have what support for virtualization as a mean to reduce vulnerability. Also ARM presents its TrustedZone, but what embeded devices, what SoCs with ARM cores do have what hardware functionality available. Best so far seems to be Intel, as they are in the Server-IC biz.