Smart-home security: It’s all about identity and trust

When the concept of a fridge connected to the internet first appeared a couple of decades ago, it seemed quite far-fetched. Fast-forward to today, and the “smart home” is becoming part of everyday language. Almost all consumer electronics and home appliance manufacturers are figuring out ways to get an edge by offering smarter gadgets.

These products address today’s lifestyle, which is all about convenience. Internet-connected devices and smart homes provide a way of enabling that living. We are rapidly becoming accustomed to connected devices like home assistants, video doorbells, smart locks, smart televisions, and alarms, plus many other appliances.

But the proliferation of connected devices in the smart home has also resulted in a growing awareness and concern about the security risks of such devices. From a consumer’s point of view, the issues are around data privacy and potential bad actors with malicious intent attempting to damage or harm individuals and the public.

There are numerous examples of such intrusions over the last few years. Lack of good security on any connected device in the home provides an entry point for a hacker to jump onto your home Wi-Fi network. Baby monitors have been used to spy on homes or even talk to babies. Hackers can demand a ransom, cause fires by turning on smart plugs connected to heaters, or manipulate gadgets to cause a lot of nuisance. In the health and wellness environment, connected devices could make patients vulnerable if their wearable device is also responsible for managing medication.

Enter regulations and guidelines
Fortunately, several regulations are coming into force in several regions. The ETSI Technical Committee on Cybersecurity (TC CYBER) last year released the ETSI EN 303 645 standard for security of consumer internet of things products. It specifies 13 provisions for the security of internet-connected consumer devices and their associated services and is expected to set a baseline for future IoT certification schemes both in Europe and globally.

It is designed to prevent large-scale, prevalent attacks against smart devices that cybersecurity experts see every day. Compliance with the standard will restrict the ability of attackers to control devices across the globe — known as botnets — to launch DDoS attacks, mine cryptocurrency, and spy on users in their own homes. By preventing these attacks, the EN represents a huge uplift in baseline security and privacy.

Connected products in scope under ETSI EN 303 645 include children’s toys and baby monitors, connected safety-relevant products such as smoke detectors and door locks, smart cameras, TVs and speakers, wearable health trackers, connected home automation and alarm systems, connected appliances (e.g., washing machines, fridges), and smart-home assistants. The EN also includes five specific data-protection provisions for consumer IoT.

The 13 provisions under this standard are:

1. No universal default passwords
2. Implement a means to manage reports of vulnerabilities
3. Keep software updated
4. Securely store sensitive security parameters
5. Communicate securely
6. Minimize exposed attack surfaces
7. Ensure software integrity
8. Ensure that personal data is secure
9. Make systems resilient to outages
10. Examine system telemetry data
11. Make it easy for users to delete user data
12. Make installation and maintenance of devices easy
13. Validate input data

From a product manufacturer’s point of view, the underlying theme here is ensuring secure identity, secure authorization/attestation, secure provisioning, and secure over-the-air (OTA) updates for when the device is in the field.

Explaining the importance of consumer confidence in the smart home, Matt Johnson, senior vice president and general manager of IoT products at Silicon Labs, said, “It gets very real in your home with things like wireless cameras and speakers. Consumers ask themselves, ‘Is this device secure and can I trust it?’ The big issue is around trust.” He added that from a device’s point of view, it’s all about physical protection and identity.

Silicon Labs’ Secure Vault technology is a suite of advanced security features designed to help connected device manufacturers address escalating IoT security threats and regulatory pressures. It has implemented this technology in its Wireless Gecko Series 2 platform, which combines security software features with physically unclonable function (PUF) hardware technology to reduce the risk of IoT security breaches and compromised intellectual property (IP).

Silicon Labs’ EFR32MG21 with Secure Vault as part of its EFR32xG21 Wireless Gecko Starter Kit. (Source: Silicon Labs) Click for a larger image.

Key elements of embedded security
The key principles of enabling embedded security, whether it is for smart homes or any other connected device applications, are confidentiality, integrity, availability, and authenticity verification.

Many silicon vendors talk about providing “end to end” security. Essentially, this means starting with a strong identity, or root of trust (RoT), and enabling authentication for device access and updates. Once the device keys and certificates are issued, there is the process of provisioning and registering the devices to a cloud provider. After deployment and when operational, some kind of secure device management is necessary — most vendors call this life-cycle management; this also includes decommissioning a device at the end of its life to ensure that the keys or device do not remain astray to be exploited.

The most secure form of identity is a hardware RoT. One company providing silicon IP based on quantum tunneling is Crypto Quantique, with its quantum-driven RoT solution called QDID.

The company’s CEO, Shahram Mossayebi, sets the scene. When talking about end-to-end security, he said there are three key stages that need to be addressed: “First is secure provisioning, where the chip is onboard and requires key injection; then there is automated secure onboarding, where the device in the field is then connected to the cloud platform; and then there is security monitoring, which includes life-cycle management. Not everybody does all three.”

Some solutions carry out onboarding and monitoring, or just provisioning, or just key management.

Crypto Quantique recently released its QuarkLink platform and partnered with Renesas, Silex Insight, and EPS Global to offer device manufacturers and system integrators a solution to mobilize their IoT devices. The Renesas partnership enables automated device onboarding and management for the Renesas RA ecosystem, enabling quick and secure connection of the RoTs embedded into their microcontrollers to servers.

With Silex Insight, the partnership combines its eSecure IP standalone security module with QuarkLink to enable rapid, automated, and secure onboarding of IoT endpoint devices to cloud-based or in-house servers without involving other parties. With EPS Global, the two companies have partnered to offer joint customers secure programming using the Crypto Quantique solution on EPS Global’s programmers at their programming facilities all around the world.

A typical flow for embedded security provisioning, secure onboarding, and monitoring, as delivered here by Crypto Quantique. In this example, customers can use its technology to program their microcontrollers in production volumes in secure EPS Global programming centers around the world. (Source: Crypto Quantique) Click for a larger image.

Lattice Semiconductor recently announced its Lattice Sentry 2.0 stack, which supports firmware security by enabling next-generation hardware RoT solutions compliant with NIST Platform Firmware Resiliency (PFR) Guidelines (NIST SP-800-193) and supporting 384-bit encryption. With the Sentry stack, developers can add support for strong firmware security to system control applications based on Lattice secure control PLDs, creating a platform to establish a hardware RoT to validate the legitimacy of all firmware instances in a system.

NXP Semiconductors has introduced its EdgeLock secure enclave, a pre-configured security subsystem that simplifies implementation of complex security technologies and helps designers avoid costly errors. It enhances protection to an edge device by autonomous management of critical security functions, such as RoT, runtime attestation, trust provisioning, secure boot, key management, and cryptographic services, while also simplifying the path to industry-standard security certifications. The EdgeLock secure enclave intelligently tracks power transitions when end-user applications are running to help prevent new attack surfaces from emerging.

The secure enclave will be a standard integrated feature across the i.MX 8ULP, i.MX 8ULP-CS with Azure Sphere, and i.MX 9 applications processors, providing developers with a range of compute scalability options to easily deploy security on edge applications.

NXP also offers its EdgeLock 2GO IoT service platform, which allows device makers and service providers to easily onboard or transfer their devices into cloud platforms from AWS IoT and Microsoft Azure IoT Hub. This then helps OEMs and service providers to monitor and manage their devices and analyze data received from devices in the field.

Software frameworks
Sequitur Labs offers a software framework to automate deployment of security functions that protect embedded firmware, keys, and security-critical assets throughout the device life cycle — from silicon hardware security and secure device provisioning to API access to essential trust services such as secure storage, firmware updates, and payload verification. Its EmSPARK security suite uses the Arm TrustZone architecture to create a safe and secure environment for critical device data and applications, supporting devices from Microchip, NXP Semiconductors, STMicroelectronics, and Nvidia.

STMicroelectronics recently added new software packages and support for enabling security on its STM32MP1 dual-core microprocessors. This includes working with Sequitur Labs for implementing secure boot and authentication, as well as provisioning and deployment.

Other new security software partners for the STM32MP1 ecosystem are Prove&Run, TimeSys, and Witekio. Prove&Run helps STM32MP1 customers integrate security in their design by providing custom security engineering services (secure boot, secure firmware, OP-TEE) and more advanced solutions, leveraging ProvenCore, a secure OS that has been certified.

The TimeSys Vigiles Vulnerability Management Suite is embedded in OpenSTLinux and constantly watches for relevant vulnerabilities that open devices to cyberattacks. Vigiles also provides remediation information for device life-cycle management. Witekio’s FullMetalUpdate open-source OTA solution helps IoT platform operators manage their own OTA updates.

There are also solutions to address counterfeit devices and compliance management.

Addressing the problem of counterfeit devices, Infineon Technologies introduced the OPTIGA Authenticate IDoT (identity of things) anti-counterfeit turnkey embedded security solution, which combines authentication with configuration flexibility, delivering enhanced hardware ECC-based security. OPTIGA Authenticate IDoT is packaged in the proven and robust TSNP SMD housing measuring 1.5 × 1.5 × 0.38 mm³. It supports four ECC authentication modes: one-way, mutual, host binding, and host support.

Designers can select from three temperature ranges, two communication profiles, three sets of memory, and four integrated secured decremental counters with secured life-cycle management, a capless LDO, and robust ESD protection. OPTIGA Authenticate IDoT also provides unique on-chip turnkey digital certificates and key pairs.

For managing compliance, Secure Thingz, an IAR Systems group company, as an example, recently announced its Compliance Suite, a set of tools and training specifically targeted to provide embedded developers with a simplified path to building applications that are compliant with the European EN 303645, U.K. and Australian 13 best practices, and the evolving U.S. Cybersecurity Improvement Act (NISTIR 8259). The suite includes a set of development tools and preconfigured security contexts enabling developers to rapidly implement core aspects of the guidelines, such as the use of advanced device-specific security enclaves to protect provisioned information.