To Bolster IoT Security, Think Holistically

Building the infrastructure for a secure IoT.

popularity

On Friday Oct. 21, a new phrase captured the public’s imagination: “script kiddie.” That’s what security experts suspect was at work when a denial-of-service attack slipped in through thousands of security cameras and home entertainment devices and brought much of the Internet to its knees.

If you’re not familiar with the term, “script kiddie” refers to an unskilled person who uses other people’s scripts to rain mischief and mayhem down on the network.

What makes this one chilling is not just that it apparently came from amateurs but that it came in through IoT end points. It took years for the IT industry to build an effective infrastructure to cope with attacks on personal computers. But with IoT security, we’re in the early days staring at an infrastructure with potentially trillions of end points and vastly differently networking configurations.

That said, the good guys are working diligently to build an infrastructure for a secure IoT. Late last month, ARM contributed to the relentless IoT ecosystem work around security, announcing an IoT technology suite with a focus on just that: security.

The announcement included a number of firsts:

  • ARM Cortex-M33 processor
  • Cortex-M23 processor
  • ARM Cordio radio
  • ARM CoreLinkTM SIE-200 System IP for embedded
  • ARM TrustZone CryptoCell-312
  • CoreLink SSE-200 subsystem for embedded
  • ARM Artisan IoT POP IP
  • ARM mbed Cloud

Cortex-M33 and Cortex-M23 processors are the first of a generation of ARMv8-M architectural implementations focused on security. What’s significant here is that this is the first time that ARMv8-M has been designed into fit the requirements of very small MCUs; the MCUs that will be helping power and secure the IoT.

trustzone-security-isolation

ARMv8-M incorporates TrustZone, a security infrastructure that helps you partition Secure versus Non-secure worlds. TrustZone helps develop more open secure platforms. That may sound like a paradox, but TrustZone helps broaden the level of security while keeping it from being totally proprietary. That’s going to help IoT applications scale efficiently. (I’ve written more extensively about the announcement here, and if you’re new to Cortex-M there’s a helpful backgrounder here).

I’ve spent a lot of time this year talking with people around the industry and presenting at events on IoT and its unique security considerations. It’s really one of the most fascinating and yet scariest challenges of our time: There isn’t one security choke point or point of responsibility. It’s really everyone’s challenge.

IoT represents an enormous opportunity for amazing electronics innovation, and right now, for black hats.

Ed Sperling has written about unexpected security holes, and Jeff Dorsch recently wrote about some of the efforts to plug the holes here.

My ARM colleague Jim Wallace, Director of Systems and Software, summed up the challenge succinctly: “As IoT products become successful, they will become increasingly attractive for attackers and so appropriate security must be baked into every system and at every level.”

“Given that many IoT devices will be designed by non-security experts we also need to ensure the solutions to these problems are easy to implement and scalable across different use cases.”

As an industry, we can no longer focus on just our little corner of the world if we hope to scale IoT into the enormous potential we imagine.


Tags: