By Maurizio Di Paolo Emilio, editor, Power Electronics News
Many of the sensors and low-level controls used in internet of things (IoT) infrastructure are embedded devices: Think motion sensors, environmental monitoring, and device control in various industrial ecosystems, including automotive. Much of the increase in IoT communications comes from computing devices and embedded sensor systems used in machine-to-machine communication, automation, and portable devices. Understanding how to protect devices, data, and services is an essential task for developers who are new to security. Even as they undertake this task, they can’t ignore other priorities, such as battery life, form factor, and user interfaces, to name just a few.
EE Times Europe spoke with Alan Grau, vice president of IoT and embedded solutions at Sectigo, to get his take on the evolving embedded security ecosystem. Grau has 25 years of experience in telecommunications and embedded software. Sectigo, formerly Comodo CA, is the world’s largest commercial Secure Sockets Layer (SSL) Certificate Authority and a provider of purpose-built, automated public key infrastructure (PKI) solutions. Grau joined Sectigo in May 2019 as part of the company’s acquisition of Icon Labs, a leading provider of security software for IoT and embedded devices, where he was CTO and co-founder, as well as the architect of Icon Labs’ Floodgate Firewall. He holds multiple patents related to telecommunications and security. Before founding Icon Labs, Grau worked for AT&T Bell Labs and Motorola. He has an M.S. in computer science from Northwestern University (Evanston, Illinois).
EE Times Europe: Embedded systems need protection from malicious attacks. Tamper detection can be added to a system to protect sensitive data and encryption keys. What are the technical aspects — hardware and software — that embedded designers should consider? What’s your most important advice?
Alan Grau: Security for embedded devices, just as for PCs or cloud-based systems, requires a well-thought-out strategy. One of the most critical elements, as you point out, is tamper detection, which consists of many different capabilities. From the software side, this starts with a secure boot solution that utilizes code signing and code validation to ensure that the firmware running on the device is authentic firmware that has not been modified or tampered with. File integrity monitoring ensures that data and other static files have not been modified.
On the hardware side, anti-tamper solutions range from simple electrical leads that break when disturbed (to allow easy detection of the device enclosure being opened) to sophisticated mesh enclosures that can detect attempts to probe data buses on the device to reverse engineer firmware and discover encryption keys.
When designing a device, engineers should perform a security analysis and risk assessment to determine possible attack vectors and define the level of security required to protect against possible attacks. These steps are critical and form the basis for defining security requirements. However, without knowing the attacks to protect against, it is impossible to ensure you have built a solution with adequate security.
Fig. 1: Arm TrustZone basics (Image: Arm)
One of the most critical elements that must be addressed in this process is establishing a “root of trust” for secure boot. The root of trust is the embedded firmware that is trusted implicitly and that will then verify the remaining components of firmware and software on the board. There are a variety of methods for establishing the root of trust. Options include using a ROM-based secure boot solution, running secure boot from within the Trusted World of Arm’s TrustZone, or use of other hardware-enabled secure boot mechanisms. Regardless of the method, it is critical that the root of trust be enabled by immutable hardware or firmware (Fig. 1 ).
EETE: Which industry verticals should be the most concerned about IoT security?
Grau: The short answer is all of them. If you are a product manager, engineer, or executive responsible for building a connected or IoT device, you need to consider all the possible risks associated with cyberattacks on that device. Of course, the risk varies by industry, but none are immune.
The risk assessment is more nuanced than evaluating by industry segment. Industries such as medical, industrial, and automotive need to be extra vigilant about security, as human life can be at risk in these cyber-physical systems. The risk is not the same for all devices in a given industry, however. Medical devices such as implantable pacemakers require high levels of security due to the consequence of a cyber breach and the difficulty of replacing a device that has been found to have vulnerabilities. Simpler IoT and connected devices, on the other hand — like sensors, home music players, smart speakers, etc. — while still needing security, do not require the same level of vigilance.
There are also various possible legislative, financial, and reputational concerns. No one wants to be the next toy manufacturer that has made headlines due to security concerns or the next baby monitor that is being hacked by the neighbor, or to pay hefty penalties for failing to comply with security regulations.
The final consideration is the role of the IoT device in the enterprise. The argument that “no one will bother to hack a light bulb, and even if they do it won’t hurt anything” is an outdated argument. The hacked light bulb can be the entry point into the enterprise and larger-scale cyberattacks. In the case of the well-known Target data breach from 2014, the vulnerable IoT device was an HVAC system that hackers used to gain entry to the network. From the HVAC launching point, hackers gained access to the payment system network and acquired credit card information.
EETE: What are the authentication/cryptographic methods, and what’s the best solution?
Grau: Embedded solutions are incredibly diverse in function, design, and capability. It is no surprise, therefore, that there is no “one size fits all” solution for authentication and encryption within embedded systems.
Certificate-based authentication using PKI is the gold standard for IoT device authentication. It provides a proven framework for security. As with most technologies, however, the devil is in the details. Implementations can utilize a variety of underlying crypto and hash algorithms, and selection of the appropriate algorithms is critical to achieve robust security.
We have already seen the SHA-1 secure hash algorithm broken and deprecated. Despite this, hundreds of millions of devices still operate in the field using this algorithm. Worse still, new devices are still being manufactured that rely on SHA-1 certificates for authentication. Use of weak algorithms — in this case, SHA-1 for hashing — undermines the robustness of an otherwise robust PKI solution. As this illustrates, choosing the appropriate algorithms is critical to achieving and maintaining high levels of security.
The computing resources of many smaller connected devices are limited, putting constraints on which algorithms are viable for the device. This is another factor in algorithm choice. RSA [Rivest–Shamir–Adleman] cryptography requires much longer keys and greater processing resources to achieve high levels of security when compared with ECC [elliptic curve cryptography]. As a result, IoT device manufacturers are moving away from RSA-based PKI solutions in favor of ECC-based solutions.
The matter is further complicated by the need to support quantum-resistant crypto algorithms in future versions of devices. The specification of quantum-resistant crypto algorithms is still developing, but it illustrates the challenges and points to the need to recognize that security solutions need to continue to evolve. Security is not a “set and forget” proposition but needs to be constantly maintained and updated.
EETE: The urgency to achieve viable security solutions grows day by day. What’s the impact of data security on automotive systems?
Grau: Automotive security is an interesting and rapidly evolving field. Vehicles continue to store ever larger amounts of personal data, from driving patterns and location information to contacts and messages. Future solutions will store credit card information for paying tolls or for use in on-demand infotainment systems. Data security is only the tip of the iceberg for automotive systems. Self-driving cars, automated vehicle maintenance systems, and a host of future services require strong security. Secure boot, embedded firewalls, PKI-based authentication, and hardware-based roots of trust are all critical requirements for automotive security (Fig. 2 ).
Fig. 2: Potential cyber vulnerabilities in automotive systems (Image: Sectigo)
These requirements are fueling the development of new security standards and greater cooperation within the auto industry to ensure interoperability and define best practices. Achieving the required levels of security won’t happen overnight, and staying ahead of hackers will be an ongoing process. That said, future automotive systems will need to provide strong security solutions.
EETE: What future challenges do you see affecting security solutions, and how do you plan to evolve your suite of products to meet those challenges?
Grau: There is a general and a specific answer to this question. The general answer is the threat landscape is evolving. Every day, new vulnerabilities are discovered. Emerging technologies and systems include providing hackers with new attack vectors. We continue to evolve our products to protect against new attacks. A critical solution for customers is the support of secure firmware updates to allow customers to safely and easily update their devices with new cybersecurity countermeasures.
A specific challenge is that quantum computing and general increases in computational power will, over time, render current encryption and hashing algorithms obsolete. Our systems are implemented to support crypto-agility — that is, the ability to update the underlying crypto and hash algorithms used by operations such as secure boot and data encryption. We are tracking the work that NIST [the U.S. Department of Commerce National Institute of Standards and Technology] is doing on quantum-resistant encryption algorithms and will support the NIST recommendations.
Our focus at Sectigo is providing OEMs with certificate issuance capability for IoT devices and the core security capabilities required for securing these devices.
The article originally published at EE Times Europe.
Advertisement
Learn more about Electronic Products Magazine
