Croatia - Flag Croatia

Incoterms:DDP
All prices include duty and customs fees on select shipping methods.

Please confirm your currency selection:

Croatian Kuna
Free shipping on most orders over 400 kn (HRK)
Payment accepted in Credit cards only

Euros
Free shipping on most orders over 50 € (EUR)
All payment options available

US Dollars
Free shipping on most orders over $60 (USD)
All payment options available

Bench Talk for Design Engineers

Bench Talk

rss

Bench Talk for Design Engineers | The Official Blog of Mouser Electronics


Hardware-based Trust Is Critical for Securing IoT Sravani Bhattacharjee

Closeup of a red-hued circuit board connected to a CPU with a red hacker symbo

(Source: BeeBright/Shutterstock.com)

In a connected ecosystem, the consequences of a cyber-attack often defy our imagination. During the security breach of the Ukrainian power-grid in 2015, hundreds of thousands of people lost electricity for hours. The attackers not only knocked off the circuit breakers, but they could also remotely access the utility’s Supervisory Control And Data Acquisition (SCADA) systems, wipe out hard disks from the controlling systems, and even infect the firmware of the critical subsystems. Malicious firmware updates are irreversible. So the only option was to fully replace those subsystems.

Attacks such as these compel us to think beyond our conventional approach to cybersecurity. Because of network connectivity, Internet of Things (IoT) devices and sensors are highly vulnerable to remotely launched exploits that pose serious threats for critical infrastructure, healthcare systems, financial systems, and the privacy and safety of individuals. Table 1 summarizes possible threats those span across the IoT stack.

Table 1: Threats and Vulnerabilities of IoT Endpoints table. (Source: Practical Industrial Internet of Things Security, Packt Publishers)

Threats and Vulnerabilities of IoT Endpoints table

To secure traditional computing, it was probably OK to employ software-based controls. But IoT demands a much stronger security foundation.

IoT Operations Mandate Foolproof Security

In IoT use cases, runtime requirements and threats significantly differ from traditional IT settings.

Protection of Data and Device Identity

When “things” communicate—in addition to protecting the privacy and integrity of the data—it is crucial to correctly identify the source and recipient of the data. Device identity protection requires the following features, which necessitates hardware-based security design:

  • Secure OS
  • Boot integrity
  • Secure storage of keys and secrets

Long, Uninterrupted Lifespan

Whether security cameras, assembly belts, or industrial robots, embedded systems and industrial equipment are expected to run uninterrupted for years with minimal human intervention. Reliability, safety, efficiency, and productivity are critical expectations from these systems. During maintenance downtimes, operators are extremely cautious while applying software updates that could compromise their reliable operations.

Resource-constrained Systems

Memory and CPU footprint of connected microcontrollers, sensors, and actuators are minuscule. Power availability and connection bandwidth are also limited. Full stack software security is not an option in such cases. Also, because of direct exposure to physical attacks and harsh environmental conditions, the hardware must be tamper-proof. System on Chip (SoC) design, crypto accelerators, and security coprocessors are more viable options in resource-constrained scenarios.

Updates are Difficult to Execute

Embedded devices (e.g., connected turbine in a hydro-electric dam) are often placed in remote locations and accessibility can be challenging. The maintenance availability windows are infrequent and machine maintenance is more concerned about reliability than regular software updates. All these make updates difficult to apply, as evident in many industrial systems still running on Windows XP.

Stronger Defense to Complex Threats

A security strategy for connected devices encompasses:

  • Boot and firmware update integrity
  • Isolation of security codes and keys, and
  • Protection against physical tampering and remote attacks

Secured OS and runtime environment in hardware greatly minimizes exposure to generic exploits in Windows and other popular software platforms.

Embedding Security in Hardware

To secure a connected device, the first step is to establish a trust anchor. Root-of-Trust (RoT) determines the highest level of trust attainable by a device. A compromise on the RoT compromises trust for the entire system. Traditional computers mostly rely on a software-based trust anchor. But tamper-resistant hardware-based root-of-trust (RoT) can be demonstrated to behave reliably in a significantly higher percentage of attack scenarios.

Hardware Security Components

A trust zone can be established either in the same microprocessor or in a dedicated security processor. Many new devices include field-programmable gate arrays (FPGA). FPGAs are reprogrammable in the field. This is a major advantage when upgrading firmware for IoT devices. FPGA units might also include a CPU coprocessor to execute security-related housekeeping functions.

  • Crypto-accelerators in a small form factor are good candidates for embedding cryptographic capabilities. Hardware security modules (HSMs) provide physical isolation of security functions in the same hardware platform. A TPM—defined in ISO and TCG standards—is usually a security chip embedded in the motherboard.
     
  • HSMs and TPMs can provide strong tamper resistance, cryptographic key storage, key generation using hardware random number generators (RNGs), strong authentication, boot integrity protection, and firmware integrity measurements.

    A device contains many secrets such as passwords, shared secrets, and data encryption keys, which need protection as well. Unauthorized disclosure of these keys could compromise that device, and possibly the broader ecosystem (e.g., IoT botnets).

    Secrets stored in the TPM can offer significant protection against loss through physical, software, or network interfaces. However, the limited power of the TPM's crypto engine might impact signing throughput in scaled environments—especially for high-end endpoints, such as servers, routers, and gateways.

    A possible solution is to hold the keys at rest in the TPM's encrypted storage, but, when in use, release them for access to platform software, or perhaps a high-throughput crypto engine. This mechanism is part of trusted computing architecture (known as “sealing”). Keys—or other secrets—are stored in the device's file system, in an encrypted file that can only be decrypted with keys released from the TPM when a predefined set of criteria are met.

During product development, it is also worthwhile to consider whether security should be applied in an embedded or removable form factor. In the case of mobile handsets, for example, a removable secure element can simplify porting the stored credentials from one device to another. For many IoT applications (e.g., telematics or infotainment modules in a connected vehicle), an embedded secure element is more appropriate.

Conclusion

As millions of connected devices enter the market every year, time-to-market pressures coupled with pressures to save on space and cost are huge. Besides security standards specific to IoT are yet to solidify. These factors often lead to weaker security design. The growing number of reported IoT attacks, vulnerabilities, and exploits by hackers highlights the imperative to harden secure development lifecycle for IoT.

System designers can leverage the hardware security components and platforms from vendors such as Samsung, Infineon, Microchip which in addition to trust zone technology offer secure boot, secure key storage, and chip-level tamper resistance.



« Back


Sravani Bhattacharjee has been a Data Communications technologist for over 20 years. She is the author of “Practical Industrial IoT Security,” the first released book on Industrial IoT security. As a technology leader at Cisco till 2014, Sravani led the architectural planning and product roadmap of several Enterprise Cloud/Datacenter solutions. As the principal of Irecamedia.com, Sravani currently collaborates with Industrial IoT innovators to drive awareness and business decisions by producing a variety of editorial and technical marketing content. Sravani has a Master's degree in Electronics Engineering. She is a member of the IEEE IoT Chapter, a writer, and a speaker.


All Authors

Show More Show More
View Blogs by Date