The availability of connected devices and associated content is leading to an almost dizzying array of applications. Last week, we saw an ad for a connected toothbrush complete with tracking app. And while having all that data can be very useful and exiting to both consumers and businesses, security remains a very big concern.

Next week, IoT developers and designers will convene in San Francisco to look at building a better IoT at Embedded TechCon (http://www.trustedcomputinggroup.org/media_room/events/192). Organized by Open Systems Media, this confab is co-located with DAC and will no doubt attract all kinds of developers who are looking at both hardware and software topics related to the IoT.

TCG IoT committee member Stefan Thom, Microsoft, will speak on a concept called Trusted Brokered IO in a session June 10, 4:30 p.m. Microsoft showed this concept at the recent RSA Conference and Thom will expand on it and the overall role of trust in securing the IoT. His summary follows:

Problem:
An IoT security system for a door will bring lots of interesting features, like remote accessibility and management, but with this also the possibility for attacks rises sharply. The core issue is that an OS has a lot of attack surface and reading the door state or opening the door is represented by very simple GPIO operations. Once the OS has been broken into, the attacker has full control over the attached devices and in this case fake sensor readings for the application or open the door without authorization.

Solution:
This demonstration is applying a STMicro discrete TPM 2.0 that provides 3 GPIO lines. Two are used as inputs to monitor if the door is closed and if the deadbolt is engaged and the third one controls an electromagnetic door opener, so that the security relevant IO functionality is no longer connected to the main IoT device, but can only be through the TPM that now acts as a gatekeeper. This gatekeeper is provisioned with a set of policies that the application on the IoT has to adhere to in order to interact with the IO devices on the door. For example reading the door and deadbolt state can happen with a secret or be attested with a TPM held key. This allows a remote party to consume data from the door that the IoT device cannot tamper with – or if it were to tamper with it the remote party would be able to detect this. Further opening the door now is also bound to a set of policies and these include that the application and OS measurements of the IoT devices have to match an expected set in order for it to authorize opening the door, so if the device boots to a bad state, it would no longer have the ability to open the door. External 3rd parties now may possess an authorization or key pair that they can use to craft a cryptographic authorization that provide that to the IoT device, and even if it is in a bad state will be able to open the door. However if the IoT device would record and attempt to re-play this cryptographic authorization this would fail.

Summary:
Trusted Brokered IO allows to introduce an additional trust boundary between the IO devices and the IoT device that has a set of immutable operating policies. Since the TPM policy language is extremely flexible and versatile these policies can be formulated in a rich and functional way, exposing only least amount of privilege necessary to the IoT device and therefore restricting the attack surface and providing strong attestation means.

For more information on Embedded TechCon, seehttp://www.trustedcomputinggroup.org/media_room/events/192. Also, see TCG’s current draft on guidance for securing the IoT here,http://www.trustedcomputinggroup.org/resources/tcg_guidance_for_securing_iot/.