OTA by tQCS
  • Home
  • Features
  • Plans
  • Case study
  • Articles
  • Contact
  • 홈
  • 기능
  • 플랜
  • 적용사례
  • 인터뷰기사
  • 문의하기
  • 主页
  • 功能
  • 计划
  • 成功案例
  • 采访文章
  • 联系方式
  • ホーム
  • 機能
  • プラン
  • ケーススタディ
  • インタビュー記事
  • お問い合わせ
  • Trang Chủ
  • Tính năng
  • Đơn giá
  • Case-study
  • Bài phỏng vấn
  • Liên Hệ
IoT Device Security Checklist

ARTICLE

Picture
Feb 26, 2021

IoT Device Security Checklist


Colin Duggan is the Founder and CEO at BG Networks and is working to ensure embedded devices have sufficient levels of cybersecurity. He has a background as an electrical engineer and has significant experience leading large teams in applications development, systems engineering, and embedded systems development. Colin draws on his extensive experience to provide a checklist guide on what IoT project leaders should look for when assessing IoT device security for their projects. 
​
by Thomas Ryd
​
Picture
Colin Duggan, CEO, BG Networks

Picture

Colin Duggan tells the Device Chronicle that IoT device security is now a must for IoT projects. What must IoT leaders plan for?​​

Assess threats & risks in IoT device security

Colin believes that ideally a threat/risk analysis should be performed. In a process like this, you would start with an evaluation of the system. If the system is large, for example a car, then the assets that need to be given a particular level of protection need to be identified. When it comes to smaller systems such as remote temperature sensors, it’s far easier to identify what needs protection. IoT project leaders should, Colin recommends, follow these steps:
​
  1. Assess the risks
  2. Determine which risks need to addressed 
  3. Define security goals based on the risks
  4. Based on these security goals define the security requirements for the IoT device 
There are best practices templates provided by  ISO and NIST to follow. 

Take a look at TPM

IoT project leaders must also consider integrating the security features into the IoT hardware. They must consider processor security features and/or a Trusted Platform Module (TPM). A TPM as a stand alone device offers cryptographic functionality, secure key storage, and may include a small microcontroller core with memory.  They are typically used for applications and use cases that need the highest levels of security such as ePassports, credit cards, and transportation cards.  They are secure against direct physical and side channel attacks (e.g. EMI, power analysis to extract secrets). 

Other hardware security

Most microcontrollers and processors also offer a wide range of security features. Colin says that ideally the decision on which processor to use would consider these security features as some processors offer more than others. The key features to look for in secured hardware include:
  1. Secure boot
  2. Crypto accelerators including symmetric and asymmetric crypto, hashing
  3. A dedicated processor core and memory for security operations such as the management and storage of secret keys
  4. Ability to lock I/O interfaces such as JTAG, UART, and SPI
  5. Features that can detect physical tampering 
  6. Hardware support, such as ARM’s TrustZone, for a trusted execution environment
  7. Software tools and driver support take advantage of these features.
​
IoT device security

Then there are the security features to consider to include in an  IoT device. Colin suggests that NIST provides a good reference point. Among a number of recommendations, NIST recommends that IoT devices have unique identification and configuration capabilities. You can find a full list of NIST recommendations here .

Secure boot and extension of the root of trust through the various aspects of software such as U-boot, the Linux kernel, and the rootfs where application software will be stored allows for secure device configuration. Consider secure boot automation tools which help with the implementation of secure device configuration by making it easy to develop a secure binary that will leverage secure boot features in a processor. This type of tool also generates keys and signatures needed for secure boot and the extension of the root of trust.

PictureThe NIST Cyberframework provides an excellent reference point
Protect Personally Identifiable Data

The IoT device must also support data protection. This is about encrypting sensitive data such as personally identifiable data (PII) which is protected in Europe by the GDPR regulation and controlling access to this data (e.g. passwords). There must be logical access to interfaces: This is about access management and passwords.  In other words only people and other devices that are authorized can access the device. In the US, there are two states – California and Oregon with password laws. Care needs to be taken when selling an IoT device in the state of California.  No matter where the company is located, that company is liable if the IoT device does not have a unique password or means of authentication that is unique to the user.

On to OTA software updates

Software updates are essential for keeping IoT devices secure. Software such as Mender.io is required to be able to remotely update software on the IoT device. The reasons that software updates are so important is that no device is 100% secure. This is seen inSkyGo’s security research of Mercedes Benz vehicles.  Mercedes has gone to great lengths to secure their automobiles but SkyGo was still able to find a number of vulnerabilities. Mercedes has a software update capability and was able to close the vulnerabilities in millions of cars within a couple days.

The update needs to be done securely and Mender.io does this where the Mender client running on the device authenticates the software artifact (the software update) before the software is downloaded to the IoT device and enabled.  Also, updates should only be given to authorized IoT devices.  See the Device Chronicle article on the Triangle of Trust™ . Mender.io supports multiple flows for client authentication using PKI cryptography and tokens.  It is also important to encrypt updates. The channel that the software update is sent might not be secure and sensitive intellectual property in the form of IoT software could be stolen. Or the software, if downloaded in plain text, may be used to reverse engineer the IoT device by adversaries to find cyber security vulnerabilities. Multiple instances of this are seen in this DEFCON 27 presentation. 
​

Cybersecurity state awareness

Colin also describes the importance of the ability to detect if a device has been compromised. If it has, then to be able to report this in a timely manner, and take the appropriate actions to respond and recover.

The NIST’s cybersecurity framework illustrates the key steps to take. 

Intrusion detection

Detection of attacks while the device is running is done by Intrusion Detection System (IDS).  It is important to have a robust IDS implemented on an IoT device as a majority of remote attacks on IoT devices are made while the device is running. These attacks typically take advantage of a software bug like a buffer overflow, many times having to do with the improper parsing of network packets.  TCP IP stacks are notorious for being targets for security researchers as noted in this article in Embedded Computing. 

Secure manufacturing

Secure manufacturing is a critical aspect of IoT security. Colin advises that security key management and the signing of software are important considerations here. He points out that an IoT device that supports secure boot, extension of the root of trust and secure over the air updates, will have multiple secure keys or certificates. Some of these keys or certificates need to remain secret and protected either on the device or securely stored in the manufacturing environment and at the company for possible use in the future (e.g. key revocation).  Furthermore, Colin recommends that a hardware security module (HSM) or secure PC be used in a manufacturing environment to load the keys to each device and to keep those keys protected. Unique keys should be provided to each IoT device as that lowers the value to an attacker of breaking into that particular device. If an attacker can extract a key from a single IoT device that allows them to break other devices then it is a high value target. There is motivation to put a significant effort into breaking into the IoT device and may use a side channel attack. We saw this as early as 2016 in the potential of malware to travel over Zigbee wireless networks to attack smart light bulbs.  
​

In summary, take cybersecurity for IoT projects seriously, and plan security protection into the design of the IoT product so that you can anticipate vulnerabilities and seal them off from malicious actors over the lifecycle of the product. ​

​​​Are you ready to talk to us? Click here
Picture
​
Source :  ​ 

Home
​Features
Plans
Case study
Contact
Getting Started
​Community
17F, Marina Bay Financial Centre Tower 3, 12 Marina Boulevard, 018982 Singapore
+65 6809 5020
project.mender@tESCC.io

Singapore UEN# 202126767C


Picture
홈
기능
플랜
적용사례
문의하기
처음시작하기
커뮤니티
17F, Marina Bay Financial Centre Tower 3, 12 Marina Boulevard, 018982 Singapore
+65 6809 5020
project.mender@tESCC.io

사업자 등록번호 202126767C


Picture
主页
功能
计划
成功案例

联系方式
第一次上手
社区
17F, 12 Marina Blvd, Tower 3 滨海湾金融中心 018982 新加坡​
+65 6809 5020
project.mender@tESCC.io

​商业登记 UEN# 202126767C


Picture
ホーム
機能
プラン
ケーススタディ
お問い合わせ

初めて入門
コミュニティ
17F、MBFCタワー3、12マリーナブールバード、018982シンガポール
+65 6809 5020
project.mender@tESCC.io

会社法人等番号 202126767C


Picture
Trang Chủ
Đặc Trưng
Kế Hoạch
Case-study
​Liên Hệ
bắt đầu lần đầu tiên
Community
17F, Marina Bay Financial Centre Tower 3, 12 Marina Boulevard, 018982 Singapore
+65 6809 5020
project.mender@tESCC.io

Mã số đăng ký kinh doanh UEN# 202126767C


Picture

Ⓒ 2021 tQCS Inc.
  • Home
  • Features
  • Plans
  • Case study
  • Articles
  • Contact
  • 홈
  • 기능
  • 플랜
  • 적용사례
  • 인터뷰기사
  • 문의하기
  • 主页
  • 功能
  • 计划
  • 成功案例
  • 采访文章
  • 联系方式
  • ホーム
  • 機能
  • プラン
  • ケーススタディ
  • インタビュー記事
  • お問い合わせ
  • Trang Chủ
  • Tính năng
  • Đơn giá
  • Case-study
  • Bài phỏng vấn
  • Liên Hệ