How can engineers ensure security in the age of IoT?
06 December 2017
A long-standing challenge that all developers of internet-connected devices face is security. IoT security threats, however, are incredibly diverse and the consequences can be far-reaching. This piece looks at the main risks when connecting to the IoT – and outlines some basic steps that can be taken to reduce them.
For the digital issue of this piece, please visit this link – or click here to register for EPDT's magazine.
Picking the right development platform in the first place is critical. Resources such as the element14 community’s Design Center provide detailed information about processors, development platforms, software tools and middleware. With applications engineers also on-hand, distributors like Farnell element14 can play a vital role in ensuring that the right selections are made, as well as reducing the learning curve with the appropriate tools and information.
This article will also demonstrate some of the security features available on today’s development platforms, using the NXP WaRP7 IoT and Wearable Development Platform board as an example. The board was designed jointly by NXP and Premier Farnell to provide a powerful, highly integrated and secure platform for IoT applications.
The challenge faced by engineers is the complexity that this introduces: the data sheet for the i.MX7 Solo family is 150 pages, and the reference manual runs to more than 4,000 pages. Clearly, help is needed to ensure that the time to learn about features is manageable.
Security for the IoT
The security risks for IoT developers are so great that governments are getting involved. The European Union has been particularly active in this regard: in April 2016, IoT was one of the five priority domains listed in the EU Commission’s ICT Standardisation Priorities document. Among other aspects, the Commission intends to develop standards for trust, privacy and end-to-end security – and they even raise the possibility of a ‘trusted IoT label’.
The question persists: ‘why is security such a concern for IoT?’ The unprecedented volume of data that is available, the level of interconnectivity between all IoT systems – and the potential for harm – drive much of the perception of risk.
One factor that should not be underestimated is the proportion of engineers who previously developed systems that were not connected to the internet, who now must develop connected products. We can be confident that the banks have extensive expertise to ensure security of financial transactions, but how can we expect an engineer to know how to secure an IP-connected camera, when previously they only developed USB webcams?
Fortunately, suppliers (from semiconductor companies to distributors) are providing the technology and support that will enable the development of more secure IoT products and systems, provided that engineers take the time to follow some basic principles:
Risks and threats
The security risks associated with the IoT are obvious when one considers the impact of failure that various internet-connected systems may cause. While major infrastructure and other safety-critical systems will have experts considering how to secure the systems and large security budgets, even something as simple and cost-sensitive as home heating systems must be secured.
Ensuring security of embedded devices
When developing an embedded IoT device, engineers must ensure the following aspects are addressed:
Data integrity: ensuring that data is protected from snooping and is only accessed by people authorised to do so, as well as making sure that the data cannot be changed to introduce either malicious or accidental errors.
Code integrity: securing the code is also critical. Changes to code must be detected, and only authorised changes allowed.
Additionally, most companies are also concerned about protection of their intellectual property and require measures to prevent theft of the code.
Device integrity: ensuring that connected devices are authentic and their critical functionality has not been tampered with is also vital. IoT devices therefore need strong authentication and protection of cryptographic keys to prevent hacking and product counterfeits.
To achieve this, security experts often refer to the six tenets of embedded IoT security that should underpin the approach of any developer: identity/authentication; authorisation; audit; confidentiality; integrity; and availability. At the heart of many of these tenets is cryptography.
Device support for IoT security
The good news for developers of IoT products is that many devices already provide support that makes it easier to build in security. The NXP iMX 7 Solo applications processor that is used on the NXP WaRP7 IoT and Wearable Development Platform includes many security features that have been built into the processor.
One of the most obvious features is the support for encryption. The processor also includes support for hardware-accelerated encryption with the CAAM (cryptographic acceleration and assurance module). This module contains cryptographic and hash engines that support a wide range of cryptographic standards.
There are two basic types of cryptographic algorithm: symmetric and asymmetric, and choosing the right type of algorithm is an important decision in IoT system design.
Symmetric algorithms use the same key to both encrypt and decrypt the data, and require less processing overhead. Some of the most popular encryption algorithms, such as AES – which is very popular because it has never been reported as being hacked – use symmetric encryption.
Although the algorithm is strong, the use of one secret key is a potential vulnerability, as it can be difficult to distribute and protect. Typically, symmetric encryption might use a key from 128 to 256 bits long.
Asymmetric encryption uses a ‘one-way’ approach, with a pair of keys. A private key is kept secret and not distributed, while a public key can be shared widely. If the public key is used to encrypt, the private key is needed to decode, and vice-versa when the private key encrypts.
This approach makes the system easier to manage and much more scalable. Furthermore, keys of up to 4096 bits can be used. The WaRP7 processor, for example, includes support for these long, secure keys.
One requirement for encryption algorithms is the random number generator (RNG). This is used to generate the keys, which must be random to prevent a hacker from predicting the numbers and breaking the cypher. The CAAM offers National Institute of Standards and Technology (NIST)-certified pseudo and true random number generators.
By providing hardware support on-chip, IoT devices can be developed that ensure a greater level of security by using stronger encryption, without dramatically impacting on the processor’s capacity to run the application.
Despite the security of the algorithms available, it’s possible to use attacks that measure device power consumption to determine secret keys. This can be much easier than it sounds, as the cryptographic algorithms can involve rotating registers that contain the keys. The processor used on the WaRP7 board, however, includes counter-measures to prevent detection of keys by using simple, or differential, power analysis (SPA/DPA).
IoT security is also enhanced by other features that are included on the processor used in the WaRP7, as well as some other processors. Secure non-volatile storage (SNVS) is hardware that determines whether the device is in a secure state, which in turn determines whether its resources can be ;accessed. When in a secure state, special cryptographic keys can be used to decrypt long-term secrets, such as public/private keypairs, DRM keys or proprietary software.
A security violation can be trigged by JTAG events, power glitches, Master Key ECC check failure, software-reported issues and hardware-reported tampering using the tamper pins.
When such a violation is identified, the system activates security-related hardware or software. In the case of highly sensitive applications, the tamper detect pins could trigger the hardware that will automatically and immediately erase the Zeroizable Master Key, denying access to and erasing the contents of the secure memory.
For some applications, real time clocks are a potential vulnerability. A simple example is electricity metering, where the clock could always be set to a time where the lowest rate is in force. Protecting the real-time counter, using the same SNVS, offers additional protection.
With the WaRP7 board, engineers also have access to a monotonic counter, which protects against ‘roll-back’ attacks, and cannot be reversed. To ensure code integrity, processor vendors have introduced several approaches to isolate applications and ensure that the system’s firmware has not been compromised.
The iMX 7Solo used in the WaRP7 includes two ARM cores that have TrustZone technology (which comprise ARM’s approach to identifying secure and non-secure worlds – blocking non-secure software from directly accessing secure resources). Effectively, each physical processor has two virtual cores: one considered secure and the other non-secure.
The TrustZone technology relies on secure low-level firmware. The inclusion of a high-assurance boot (HAB) feature, which uses digital signatures to recognise authentic software and prevent unauthorised software from gaining control of the boot sequence, ensures that this firmware cannot be compromised.
Today, almost every electronic device can benefit from connection to the internet, whether to allow the remote control, monitoring, or simply logging and analysis of data. The connection, however, creates many potential risks that must be addressed with appropriate security at the device and system level.
With semiconductor and software vendors providing support for security features – from encryption to physical security – there is now no excuse for IoT product developers who fail to build in adequate security.
Engineers, however, are faced with having to overcome the complexity that is inevitable with the additional functionality; and so, they must look to suppliers such as Premier Farnell to help them meet these challenges.
Contact Details and Archive...