The tide seems to have shifted in Internet of Things (IoT) discussion regarding security, from an attitude of “I’ll worry about security later” to one of “There are a lot of security requirements; do I really need to do all of this?” This is a clear, positive step forward as engineers, product managers, and executives recognize the need for device security and the need to include security in development plans from day one.
With this awareness, engineers are faced with the challenge of determining where to start. Security is a complex topic with a long list of potential features and requirements. Each feature can have significant implications on systems design and product architecture. Secure boot, for example, can impact the choice of hardware platform and has ramifications for contract manufacturing and device provisioning. Determining what features to include is not simple or clear.
Security capabilities for the Internet of Things
There are a number of security features to be considered when developing an IoT device. Capabilities that should be evaluated during the requirements specification phase include the items in the table below.
| Feature | Implementation in embedded devices |
| Secure boot | Achieved using cryptographically-signed code from the manufacturer along with hardware support to verify code is authentic. |
| Secure firmware updates | The ability to update the firmware on a device in a secure fashion so that only authentic firmware from the OEM can be installed. |
| Data security | Data at rest (DAR) protection using encrypted data storage and data in transit protection using secure communication protocols. |
| Encryption | Data encryption is required for data at rest security, secure communication, secure boot, and secure firmware updates. |
| Key storage, key generation, and certificate management | Security keys and certificates must be securely stored, generated, and managed to enable encryption protocols, authentication, and secure boot. Strong encryption solutions can be easily compromised as the result of improperly implemented key storage. |
| Authentication | All communication with the device should be authenticated using strong passwords (at a minimum) or certificates. |
| Secure communication | Communication to/from the device needs to be secured using encrypted communication. 40-bit encryption keys that were once state-of-the-art are no longer considered secure. |
| Embedded firewalls | Embedded firewalls provide a critical layer of protection against attacks. A firewall can limit communication to only known, trusted hosts, blocking hackers before they can even launch an attack. |
| Intrusion detection & security monitoring | A hacker could execute thousands or millions of invalid login attempts without the attack being reported. Embedded devices must detect and report invalid login attempts and port scans. |
| Embedded security management | Integration with a security management system allows security policies to be updated to mitigate known threats. |
In addition to selecting what features to include, engineers must also determine what capabilities to implement in hardware or in software, what security development process to follow, and a host of additional details regarding which encryption algorithms and modes to use, how to manage certificates and what authentication methods to use, etc.
It’s not surprising that engineers find this to be challenging at best and overwhelming at worst. Adding to the challenge is the need for security solutions to “get it right” 100% of the time against any cyber-attacks that may emerge, while hackers only need to find a single vulnerability.
With all of these challenges, where does one begin?
Personally, I am an advocate of starting with a security vulnerability analysis. Find someone with strong cybersecurity experience to do a review of your product or design and identify attack vectors against your device and potential security vulnerabilities. Using this information, you can begin to understand the threats and prioritize the countermeasures needed. For most devices, it is not necessary to include every capability listed in the table above in the initial release of the product. What is important is to understand the threats and vulnerabilities and to make intelligent choices based on the task performed by the device.
Regardless of the recommendations of the security audit, there are some basic capabilities that every device OEM should consider. These include:
- Elimination of any back doors or unauthenticated access
- Use of strong passwords
- Secure communication protocols
- Certificate-based authentication
- Secure boot, secure firmware updates
- Security management and event reporting
Fig. 1: Basic security features are required to protect embedded devices against cyber-attacks.
There are a large number of security solutions available that offer hardware and/or software protection against cyber-attacks, denial-of-service attacks, cyber-sabotage attacks, automated hacking bots, and other Internet-based threats. Of course, the microcontroller an engineer decides upon often has encryption accelerators and secure IDs that can be the basis for protection. A software security framework can be used to add key software features on top of the hardware security features.
Fig. 2: The Floodgate Security Framework provides software capability for protecting IoT devices.
Protecting legacy devices
Building security into new devices is obviously a critical requirement, but it does not address the requirement to add security to legacy devices already in the field. Many of these devices cannot be updated with new software, so another approach is needed. In these so called “brownfield” situations, designers can choose a hardware security appliance.
The designer can also choose hardware security appliances or software packages to secure networks. One hardware example is Floodgate Defender Appliance, from Icon Labs, which is a compact firewall box providing drop-in protection for networked industrial devices. Its easy installation and configuration yields protection against cyber-attacks from hackers, denial-of-service attacks, automated hacking bots, and other Internet-based threats.
Fig. 3: The Floodgate Defender Appliance, a compact firewall appliance, provides drop-in protection for networked industrial devices.
There are a large number of software packages tailored to industrial IoT security. One example is Floodgate Security Manager — a software package that provides key security features using IoT device management protocols, such as Light Weight Management Protocol (LWMP), COAP, or MQTT. A web-based interface allows users to view devices, events, and audit logs and to manage policies. It provides cyber-threat awareness, logging for regulatory compliance, device auto-discovery and authentication, event logging, and viewing, with on-premise or cloud-based deployment.
Advertisement
Learn more about Icon Labs
