The security of networked devices is a growing concern within the industry as more and more people are coming to the realization that it is not an option anymore. Security is not a feature that can be added as an afterthought to a product, to tick a checkbox on a datasheet; security is a complex multi-dimensional concept, and it is necessary to get a comprehensive understanding of the term to correctly design secure systems.
Internet of Things’ (IoT) security needs to span from cloud to device: any vulnerability affecting a number of devices could have a wide impact on the rest of the system or service, so a holistic perspective must be adopted. To best ensure security, the foundations need to be baked into IoT products at design time. The whole system should be architected in a way that protects information and assets at all levels.
What is IoT security?
Let us first start by defining security in an IoT context, as it can be understood very differently and the term is often used to describe only a single aspect of the question. We can categorize the different meanings of the word into three different groups: lifecycle security, communication security, device security.
Lifecycle security covers the ability to securely and remotely manage a device at the different stages of its life, from configuration, monitoring, and upgrade until its decommissioning or revocation. This is essential to guarantee that devices are actually used in an expected way, especially when managing large deployments.
Communication security is the most visible aspect, as it relates to the measures that should be put in place to guarantee the integrity, authenticity and confidentiality of the link between the devices and the cloud. This also means that any unauthorized party trying to interpose in the middle would have no way to observe or manipulate the data flow and would not have any way to participate in the communication.
Device security focuses on the integrity of the IoT node itself, the protection of its resources, data, and behavior over the time of its deployment in the field. This is particularly important to ensure that devices in the network can be trusted. The protection of the data stored on the device is obviously a key element to be considered, but it is also necessary to control the behavior of the device, and the access to its resources, which could even culminate in extreme requirements for anti-tampering protection.
Security is a balance
Full protection that encompasses all three aspects of security mentioned above is often not economically feasible or desirable. A tradeoff is therefore often necessary and the first step of this is to determine the “right size” for security measures.
The security implementation needs to be proportional to the assets being protected, to the threats that the system will face, and also to the estimated cost of a security breach. A threat assessment therefore needs to be completed and should take the whole system into consideration, including all potential side effects. All security aspects highlighted above should be taken into account, along with their associated impact.
A salient feature of IoT systems is the deployment of a large quantity of easily accessible identical devices, which has implications for how we go about securing them. For these IoT nodes, protection against scalable attacks – those which can inexpensively be duplicated in other devices – is a priority. On the other hand, in most cases, safeguarding against exploits requiring hardware access to each node is likely to be overkill.
Establishing trust
Security researchers have pondered the question of device and system protection and proposed many solutions to various aspects of security. From a high-level point of view, security can be built into a system as a chain of trust, starting with a Root of Trust – a minimal secure domain with dependable security functions and private access to protected keys. Additional layers are then added over this foundation.
This points to a very clear isolation between those domains, to ensure that each different domain cannot interfere with the others.
That said, designing a secure product from scratch is time-consuming and prone to security holes. It saves time to rely on pre-integrated solutions which have been verified by expert teams. Such solutions should contain a mix of hardware components, such as accelerators or specific controllers, implemented at the core of electronics components, and software components, from secure firmware to cloud services. They not only speed up development projects, but also when coming from trustable sources, provide a breadth of expertise that is often extremely hard to build.
In any case, a final security evaluation should be planned into the product development. This could take the form of an external security code audit or white box testing and additionally, security should be regularly assessed – especially for products with long active lives – and updates should be deployed to track the evolution of security requirements. This agility in security can be enabled by features like the ability to update devices remotely.
In conclusion, security of IoT devices consists of multiple aspects to be considered. It takes a significant effort to design it correctly, but it has to be thought through from the start. Fortunately, solutions are available to help and meet the specific requirements of IoT systems. Ultimately, the key is to enable customers and end-users to trust IoT nodes and applications by enabling an enduring protection of assets right across the value chain.