Cyber Security: The Importance of Creating Trustable Devices for IoT Applications
The next article in this series of Technology Briefings for entrepreneurs, we show how technology startups can deploy secure IoT devices by carefully considering cyber security at the early stage of the design process, protecting devices and networks by design.
This article originally appeared in the January/February issue of Startups Magazine. Click here to subscribe
Authors: John Bowman, Marketing Director and Andrew Pockson, Engineering Manager at Anglia Components
Expanding Attack Surface
Cyber attacks, and the imperative to protect assets against online threats, are not new phenomena. Just ask organisations like banks and large retailers, which face a perpetual challenge to protect customers’ financial data and prevent fraudulent transactions. With today’s rapid adoption of Internet of Things (IoT) technologies, however, huge numbers of smart, connected devices are expanding the cyber space and thus providing new targets for hackers.
Businesses, utility companies, city authorities, healthcare providers, and consumers are demanding IoT-based solutions to realise improvements in industrial productivity, patient care, environmental protection, energy management, and more. On the one hand, this presents opportunities for imaginative and skilled technology businesses to create devices, services and applications that meet these needs, on the other, security is a fundamental concern.
Several characteristics distinguish Internet of Things (IoT) devices from IT systems like those of financial institutions and retailers. Many are smart sensors that communicate information about events, environmental conditions, health data, or the status of industrial processes. Alternatively, they can be actuators controlling items such as door locks, light switches, industrial drives, or vehicle safety systems. Hackers thus have tremendous opportunities to disrupt events in the real world, in real-time, in addition to stealing information such as network-access credentials, customer data and intellectual property.
IoT devices are often designed within the tight constraints of computing power, memory, energy supply, and cost. Thus, complex or heavy security protocols are often not suitable. They can be cumbersome and inconvenient, particularly in devices that share only small amounts of data at a time. Many IoT devices are deployed remotely in unsupervised locations for extended periods and so need to be protected against physical attacks such as fault injection and probing, as well as online attacks that can be launched from anywhere on the Internet.
Root of Trust
In the IoT world, security is based on establishing trust between communicating devices: if a device is requesting to connect, is it genuine or has it been compromised in any way? Have data or instructions been altered? Establishing trust lets devices share information and perform their intended functions efficiently.
A common way for hackers to compromise IoT devices is to cause malicious application software to load at startup. A secure microcontroller can prevent this, beginning with a first-stage bootloader that references an unchangeable code burned into the device using one-time-programmable (OTP) fuses. Beginning from this hardware root of trust (RoT), subsequent bootloaders verify the following stages and ultimately retrieve the application firmware from memory and verify its digital signature before loading. That device can then verify its authenticity to others using secure credentials such as cryptographic keys or certificates stored in secure memory. Mutual authentication between communicating devices helps prevent unauthorised interference.
Once authenticated, devices need to rely on secure and encrypted communications to prevent eavesdropping and preserve the confidentiality and integrity of the exchanged data. Trust requires secure management of cryptographic key generation, distribution, and storage. Moreover, trust calls for individual devices to be assigned appropriate privileges that allow access only to necessary resources, information, and other devices on the network.
Trustworthy devices should support secure over the air (OTA) software updates that patch vulnerabilities and ensure devices can adapt to evolving security threats.
In addition to supporting secure boot, a secure microcontroller has features to protect sensitive data and processes. A common example is the Arm TrustZone architecture, which creates an isolated and protected environment for secure operations to take place and for storing private data such as cryptographic keys used to check digital signatures and encrypt and decrypt communications.
Features of TrustZone are implemented in processors based on the Arm SecurCore architecture, which is widely used in smart cards, and in some Arm Cortex microcontrollers such as STMicroelectronics’ STM32U5 and STM32H5 MCUs. Alternatively, an IC such as an embedded secure element (eSE) can be used to protect sensitive data such as cryptographic keys. Among specialised memory IC providers, Winbond has developed secure interface technology TrustME to protect data exchanges with external Flash chips.
Product developers need additional support to implement secure boot and other processes such as secure firmware updates on embedded processors. A framework that provides appropriate development tools and software, such as STMicroelectronics STM32Trust TEE, can help with this.
Standards and Guidelines
Even with secure chip architectures, software, and tools available, protecting devices and applications is complex and challenging. Adhering to industry best practices can help to ensure device vulnerabilities are adequately handled. Suitable industry standards include Common Criteria specifications, the FIPS (Federal Information Processing Standard) 140-2 framework for cryptographic hardware, and SESIP Security Evaluation Standard for IoT Platforms.
A comprehensive approach to security must cover the entire device lifecycle including preventing tampering with manufacturing processes and sensitive data such as application code and firmware updates stored in the factory. Device-provisioning, when authentication credentials are loaded, and onboarding, when new devices are introduced to the network, must also be protected. Specialised services providers, such as Telit Cinterion, can help simplify secure provisioning and onboarding using a variety of tools such as secureWISE, a secure IoT platform for industrial control systems that provides a secure way to remotely access, monitor and mediate equipment. Finally, there must be proper consideration for dealing with devices at end of life, such as mechanisms for remotely deleting any stored sensitive data.
Conclusion
Organisations need to take advantage of IoT technologies to provide the latest services and operate efficiently, keeping IoT devices secure is essential to protect assets and their host networks. In the case of small IoT devices, this typically involves hardware-based techniques such as isolated, protected processors and memory, cryptography, and secure key storage that permit trust in devices and data.