Six techniques can help create a secure foundation for devices that are part of the Internet of Things.
The recent discovery of a security vulnerability that could allow even unskilled attackers to take over drug injection pumps and render them useless is a reminder – if anyone needs it – of how vulnerable the Internet of Things (IoT) is to hackers.
The four critical vulnerabilities – three of which can be exploited remotely — could allow a hacker to control servers that distribute modifications to medication libraries and pump configurations. One weak point is a plaintext, hard-coded password for a SQL which, if obtained by an attacker, could give them administrative access to the workstation used to manage pumps in use with patients.While the manufacturer has issued a software update it claims resolves these issues, this is just one in an ongoing series of vulnerabilities discovered in IoT systems.
As many as 50 billion devices, ranging from industrial sensors to smart light bulbs to portable fitness trackers, are expected to join the IoT by 2020. Securing the data on these devices, and the computational functions (such as encryption) carried out on them will be a major challenge. Among the issues to consider are that many of these devices will run on untrusted networks, will be too remote or lack the proper interfaces to update or patch them, and/or lack the compute and other resources needed to support encryption.
With technology providers already rolling out hardware and software for the IoT, look for those that support critical IoT security standards and protocols. Here are some of the most important IoT security requirements, and examples of the capabilities and existing industry standards required to meet them.
Authentication: IoT devices should be able to perform mutual authentication with other devices or services to prove they are trustworthy. While the Internet itself does not provide reliable endpoint authentication, there are a number of alternatives. The simplest, a public name or globally unique identifier, falls short because any hacker that obtains the name can impersonate the device.
Cryptographic identifiers are a common alternative, but are also vulnerable because many devices manage secret keys with software, which if breached can expose the key and allow a hacker to impersonate the device. Instead consider, where possible, a hardware- or software-based Trusted Platform Module (TPM) to provide robust cryptographic device identities.
Health Assurance: IoT devices should be able to stay free of vulnerabilities or infections, and prove their health, before accessing other IoT devices or services. Associated capabilities include a process for securely determining software/firmware versions and a secure software/firmware update mechanism.
For example, the Trusted Network Connect (TNC) standards, which specify a standard mechanism to check which software or firmware is running on a device, are among the protocols and mechanisms for safeguarding the patch and upgrade process. Malware can be detected at boot time using the TPM’s Trusted Boot and Remote Attestation capabilities, even to the point of finding changes in the device’s BIOS or other firmware.
Recovery: Safe recovery from infections includes detecting an infected device, restoring it to a healthy state, and resuming its proper function over the network when physical access to the device is impossible. The IF-PEP protocol, a standard interface between the Policy Decision Point and the Policy Enforcement Point, can be used to isolate the infected machine. The remediation can be done by the device itself using a set of “golden” measurements in protected storage, remotely over the network, or with runtime integrity checking, which is provided by several commercial products.
Protect secrets even if a device is infected: Even if complete protection is impossible, you can force hackers to use specialized equipment or limit the damage they can cause with a layered security strategy. This begins with the creation of a secure envelope, such as a TPM. Where a TPM isn’t enough, consider a Mandatory Access Control system to provide another, larger security envelope.
Data protection: Protect confidential data with encryption, perhaps with self-encrypting storage devices. Consider a write-once or read-only mechanism to prevent tampering with data on the IoT device, or restricting access to secrets (such as encryption keys) only to devices that can prove their software configurations are valid. Note that various governments have different criteria for the types of encryption required within their borders.
Secure legacy hardware such as industrial control systems: For older or proprietary hardware that doesn’t support modern networks or security standards, the Trusted Network Connect architecture includes a specification (IF-MAP Metadata for ICS Security) that organizes legacy devices into local enclaves that connect to a trusted network using security gateways. The gateways that link these networks provide encrypted communications and security to the interconnected enclaves, and automatically apply access control policies from a centralized provisioning system. You can find more information about this solution here.
There are plenty of other challenges coming down the road, such as the need to secure devices no longer supported with security patches by their vendors, and to update IoT devices (such as those in vehicles) without the cost and inconvenience of returning them to the dealer or manufacturer. But tackling these basics will give you a good head start as you start developing hardware and software for the IoT.
–Steve Hanna is a senior principal at Infineon Technologies and a member of the technical committee in the Trusted Computing Group. Co-author Stacy Cannady is a technical marketing manager for Cisco and a member of the Trusted Computing Group’s Embedded Systems Work Group.
To read the full article, please click here.
Membership in the Trusted Computing Group is your key to participating with fellow industry stakeholders in the quest to develop and promote trusted computing technologies.
Standards-based Trusted Computing technologies developed by TCG members now are deployed in enterprise systems, storage systems, networks, embedded systems, and mobile devices and can help secure cloud computing and virtualized systems.
Trusted Computing Group announced that its TPM 2.0 (Trusted Platform Module) Library Specification was approved as a formal international standard under ISO/IEC (the International Organization for Standardization and the International Electrotechnical Commission). TCG has 90+ specifications and guidance documents to help build a trusted computing environment.