*This blog was originally published by Onboard Security, a TCG member.

Many IoT device manufacturers understand the need for cyber security but aren’t sure where to begin.  To add to the confusion, some security vendors will claim their firewall or password system or “magic bullet” will protect your system from every type of attack.  Don’t believe the hype.

Best cybersecurity practices require both “bottom-up” and “top-down” security solutions.    Bottom-up security boots a system into a secure security state.  Top-down security’s role is to keep it there.  To make your job more difficult, you typically can’t just lock down a system completely.  You have to allow for software/firmware updates and other servicing procedures.  So system providers typically provide service and debug access to their devices.  Such interfaces typically have administrative or superuser authority making them a favorite attack point for hackers.  IoT device makers must include strong bottom-up security procedures for stopping unauthorized access to these debugging doorways.

Top-down security hardens the external attack surface of the system, stopping threats from entering the system.  It also uses software, where possible, to analyze and protect the current security state of the system.  The following is a partial list of top-down security components you may come across:

1. Communications Protocols
2. Secure peripherals
3. Antivirus programs
4. Strong user authentication schemes/passwords
5. Secure software update processes
6. Security hardened applications
7. Closing unauthorized and/or insecure doorways into systems

Top-down security is necessary but not sufficient.  Top-down security is largely based on software that is launched late in the boot cycle of a machine.  It typically cannot detect or stop deep threats. A good rule for security design is:

Assume attacks will get in. 

Design your security to protect system secrets from attackers. 

Detect all threats. 

Recover from threats without the need for physical service intervention.

Bottom-up security adds the needed additional security features by providing:

1. A bootup method to get to an initial high security state.
2. A separate system device where critical keys and protected information can be used but protected from attackers
3. A method for running reliable remote health checks of a system
4. Strong system identity to stop cyber-impersonators.

Bottom-up security is active during the first instructions of system bootup.  It should be extensively utilized by the backend servers that manage it all.  The Trusted Platform Module (TPM) is an excellent root of trust that provides all the functions needed for bottom up security.  The TPM is an international standard security module (ISO/IEC 11889), specified by the Trusted Computing Group (TCG), a consortium of more than 100 members.  The TPM is supported by TCG Software Stack (TSS) which is middleware that applications use to share and manage the security functionality of a TPM.  OnBoard Security’s TrustSentinel TSS 2.0 is the only commercially available TSS 2.0.  Using the TPM with TrustSentinel TSS 2.0 is an easy and cost-effective way to implement the bottom-up security that IoT devices frequently lack.