Securing IoT Devices With A Programmable Root Of Trust

The exponential increase of vulnerable IoT devices demands a far more determined and proactive approach to security than is offered by the current industry status quo. This is because compromised IoT devices pose a threat to both consumers and critical internet infrastructure.

For example, a compromised security camera or baby video monitor can be easily exploited to violate consumer privacy; a smart thermostat hacked during a cold winter may result in frozen and shattered pipes; and a smart door lock remotely opened by an attacker could potentially lead to burglary or a home invasion. Moreover, a single compromised device can serve as the primary point of entry for additional attacks against other devices on a home or business network. Lastly, vulnerable IoT devices are routinely hijacked and forced to join botnets that execute distributed denial of service (DDoS) attacks against critical internet infrastructure.

Securing IoT devices with a programmable hardware-based root of trust
From our perspective, a programmable hardware-based root of trust should serve as the security foundation of IoT devices and systems. More specifically, a programmable hardware-based root of trust should be implemented as a siloed security module and embedded in the primary SoC of an IoT device or system.

A hardware-based programmable root of trust performs all the functions of a state machine-based solution, although it is also capable of executing a far more complex and dynamic set of security functions for IoT devices. Perhaps most importantly, a programmable root of trust is versatile and upgradable. This capability enables it to implement new security functionality and effectively secure devices to meet evolving attack vectors targeting IoT devices. This flexibility and upgradeability is particularly important for IoT devices that may remain in the field for many years.

Simply put, a secure and programmable hardware-based root of trust is essential for protecting connected IoT devices. Malicious attackers routinely target vulnerable and poorly secured IoT devices by loading and running unauthorized code either by compromising the boot process or subverting firmware upgrades. Multiple levels of security, such as secure boot and a secure ID provided by a hardware-based programmable root of trust, are needed to protect against such attacks. This layered approach to security ensures that the boot code, as well as other system firmware and software, has not been tampered with or altered by an attacker.

Moreover, a programmable root of trust facilitates mutual authentication to ensure that a device only connects to authorized servers, and servers only connect to authorized devices. Once this chain of trust is established, firmware can be securely transferred, unpacked and updated over the air. It should be noted that compromising firmware update mechanisms is a common attack vector for malicious actors. This is precisely why it is so important to establish a secure communication channel that verifies firmware updates responsible for upgrading critical device functionality. The secure communication channel can also be sued to protect and authenticate data flowing between servers and devices in the field, protecting privacy and system functionality and integrity.

Conclusion
A programmable hardware-based root of trust should serve as the security foundation of IoT devices and systems. Any truly secure function performed by an IoT device or system should rely on a hardware-based programmable root of trust that is implemented as a siloed security module and embedded in the primary SoC of an IoT device.

A programmable hardware-based root of trust provides the strong security of hardware solutions with the flexibility of software solutions. Strong security is needed to protect against determined attackers in high-threat environments, and flexibility is needed to allow changing functionality to match new device capabilities and to protect against new attack vectors. Only a programmable hardware-based root of trust can provide both.