Design for IoT security: a multi-layered, full-lifecycle challenge
08 August 2018
The importance of security for the Internet of Things is increasingly being recognised. However, understanding of the issues among companies looking to harness the power of the IoT for business growth still seems quite basic. Therefore, keeping IoT devices secure must start before the first eval board is even powered up – and continue through to safe decommissioning at end-of-life.
For the digital issue of this piece, please visit this link – or click here to register for EPDT's magazine.
Data breaches are not just bad press: organisations that fail to implement security become targets, and, in the future, will face large punitive fines for allowing customers’ data to be compromised. Under GDPR, these can be as high as 4% of global revenue. Prevention is therefore of paramount importance.
Although breaches concerning credit card details are widely publicised and heavily punished, many other types of vulnerabilities, such as unauthorised modifications to equipment, can also expose suppliers to potential losses. Vendors of industrial equipment such as uninterruptible power supplies, for example, may use IoT technologies to help manage service contracts. Trust in the data collected from equipment in the field is therefore vital, but this can be compromised if the equipment is altered by fitting incorrect parts or loading incorrect software. Effective IoT security should also protect against such threats.
This is not to say, however, that organised crime exploits are not a threat to any company’s activities on the IoT. Published examples already highlight incidents where hacking was possible through simple things such as a networked HVAC system. In one particular example, HVAC units were being used to monitor the building’s energy consumption and temperature, collecting the data remotely for analysis. Hackers managed to hack the HVAC and were subsequently able to step into the core network and gain access to personal client data.
Clearly, effective IoT security is needed – not only to protect the infrastructure and directly-connected assets against external threats – but also to protect service providers and their customers against the consequences of improper use.
A multi-layered approach to security is recommended, to be applied at the device-to-gateway and gateway-to-cloud levels, to ensure that all vulnerabilities are considered – and that effective protection can be put in place. As a rule of thumb, there are seven layers of security to be considered, both at the device-to-gateway level, and where the gateway connects to the internet and the cloud.
The seven layers of security at the device-to-gateway connection (see Figure 1 above) encompass: provisioning and authentication; the use of cryptographic keys; encryption; data transmission; data storage; tamper detection; and device management.
Device management, including the application of over-the-air (OTA) updates to keep devices current and protect against emerging security threats, is one of the five key pillars of a complete end-to-end IoT solution.
It is just as important as the more widely discussed challenges associated with making and connecting devices, and then analysing the data that they generate.
However, it can be a particular pain point for operators of IoT networks. Device vendors often do not address the issue well, and customers can struggle to find suitable solutions for themselves. Arrow Connect is a device management package created specifically to provide a convenient solution that can be configured to meet individual customer requirements. It comprises software that includes SDKs for endpoints and gateways, giving access to a selection of cloud-based device management services.
Sustainability, including the safe decommissioning of equipment at end-of-life, is also critical, of course. Through its sustainable technology group, Arrow can provide processes to ensure that any stored data, keys and network-connection credentials cannot be misused. Additionally, Arrow can recycle equipment for re-purpose. Any product and waste is handled in accordance with regulations to minimise environmental impact.
Figure 2 (below) shows the seven layers of security required to fully protect gateway-to-cloud connections. These include firewalls to ensure only approved access to designated areas of the network; device fingerprinting based on MAC addresses and operating system and application IDs; golden cloning to keep a record of the original system configuration; network monitoring to ensure communication language and business logic are consistent; data logging and data correlation – which together help identify deviations from typical device behaviour; and system optimisation to detect attacks and unusual events. At this layer, harnessing the power of machine learning can also teach the system to adapt as security threats evolve.
According to analysis by IT industry analyst firm, 451 Research, the physical insecurity of endpoints and poor authentication are today’s two greatest IoT security concerns.
These threaten the core business of any enterprise that connects assets to the IoT. The next greatest concerns are the security of software applications, and the security of network connections between endpoints and the central network.
As far as the elements of the IoT infrastructure – the endpoints and gateways – are concerned, security is a lifecycle-management issue. However, to find a market-ready endpoint that fulfils Customers’ requirements out of the box – and can be simply connected to the network and start sending data – is unusual, to say the least. Instead, devices like smart sensors must typically be custom-built for the target use case, to satisfy the diverse constraints on many application factors, such as power consumption, battery lifetime, form factor, operating temperature range and IP rating.
When developing a new device, security should be considered properly – from the moment the project begins at the eval-board stage, taking into account the seven layers discussed. This ‘baking in’ of security is vital to ensure trust in the data from that device. It is simply not possible to implement sufficiently strong security as an afterthought, or to change the strategy part-way through development.
Because it is virtually impossible to effectively add security features later, after initially forgetting or not giving due consideration, it is imperative to build in the right precautions at each point in the lifecycle, including the following:
- Keeping IP secure, especially at the transition from design to prototype
- Trusted hardware, encryption, secure key storage (for example, based on TPM)
- Entering production, including managing access to IP by any CEMs
- Scaling production, and securing routes to market
- Device management throughout operational lifetime
- Safely decommissioning devices after end-of-life, to prevent leaving back doors into the network
There are numerous challenges to the smooth and logical progression of these considerations: one being that devices are often not designed from scratch, on a clean-sheet basis, but are derived from legacy designs. It can be difficult for system designers to understand how to evolve legacy standalone designs to create sustainable IoT-connected solutions that feature properly integrated security.
Arrow’s ecosystem of IoT partners consolidates the resources, expertise and services needed to handle not only endpoint creation, system integration and device management, but all aspects of the multi-layered approach to IoT security. It is the industry’s only end-to-end IoT security portfolio (see Figure 3 above), with solutions for every part of the chain – from sensor to sunset.
The complexity of end-to-end IoT solutions can be difficult to grasp for design engineers not used to developing connected devices. It is more than simply a collection of devices, connected to a gateway and feeding data to the cloud. As many as 20 technology partners can be involved, each contributing specialist expertise and services.
Arrow has committed significant investment to assemble its ‘sensor to sunset’ ecosystem, which comprises services that address all aspects from endpoint to cloud, rom inception to end-of-life, with the flexibility needed to configure a best-in-class solution that exactly meets individual customer requirements.
Protecting an IoT solution from the diverse risks that threaten every entry point, throughout its entire lifetime, demands a multi-layered, full-lifecycle approach. In addition to ‘baking’ hardware- and software-based security into endpoints and gateways, including state-of-the-art cryptography, device management and sustainability can be difficult – and such essential elements are frequently left for the system integrator, or even the end user, to implement for themselves. A truly effective end-to-end service must offer best-in-class solutions to these challenges.
Contact Details and Archive...