“Rather than using usernames or passwords, use X.509 certificates to improve security of your IoT devices”
Curated by Vinay Prabhakar Minj
There are a few challenges when we look at the security of Internet of Things (IoT). In the IoT domain, assets or products are getting connected. When the design for them begins, security is never considered important, though it should be the topmost criteria.
There is always a BOM (Bill Of Materials) pressure which persuades the designer to opt for the least expensive CPU memory and create a gateway using that. And after the entire design is complete, it is realised that there is no room for security, which becomes a big challenge.
Secondly, the devices are generally unattended. For instance, in connected manufacturing, all the devices are scattered around the factory floor. This makes the gateways prone to hacking.
Thirdly, if you look at the IoT devices then they are usually username and password-based. This is not the right way to secure things.
Fourth, due to the presence of network connectivity everywhere, a security threat is created for the devices in that network. When we look at the IT side, it becomes a bigger challenge as the architectures of the IoT gateways are very different from the standard gateways that IT manages. These IoT gateways are new for IT, and so they don’t know how to have adequate security for this kind of things.
To mitigate these threats, we have to first understand the types of threats present in the IoT environment. Some threats that are predominant in the IoT area are:
- Spoofing identity: In this, somebody tries to take your device credentials and connect to the cloud using a fake/spoofed identity.
- Tampering with data: Hackers try to tap the data and tamper with it which is being sent to the gateway.
- Repudiation: Attackers try to hack by tapping into the device and make it completely non-functional.
- Elevation of privilege: This one is quite prominent among the emerging IoT threats. For example, when one is given special privilege, instead of making correct use of that privilege, that person tries to get control of the entire system.
- Information disclosure: Misusing the systems to launch an attack on other people and exposing their information.
- Denial of service: Making a certain service unavailable to the user.
Hardware manufacturers or integrators who take care of hardware design should implement security at a hardware level
Security Practices for Each Role
As there are different ownerships, a security practice needs to be followed for each role :-
- Hardware manufacturers or integrators who take care of hardware design should implement security at a hardware level (hardware root of trust).
- It is very good for solution developers to work on open source technologies, but they have to be careful while doing so by being judicious in selecting the right components to ensure that they are secure.
- For solution deployers, it is important to make sure that the factory floor environment is safe before deployment of the gateways takes place.
- The solution operator has to follow the standard practice of keeping the system up to date in order to protect it from any malicious activity. This practice will help in securing the physical IoT infrastructure and thus protect cloud credentials.
There should be multiple layers of security, so that if one layer is breached then one can fall back on others and still be secure
Seven Properties That Make a System Highly-Secured
- Hardware root of trust: It is essentially that the keys that are used to authenticate oneself should be in a hardware security module, or a hardware co-processor.
- Defence in depth: There should be multiple layers of security, so that if one layer is breached then one can fall back on others and still be secure.
- Small trusted computing base: Devices create a TCB (Trusted Computing Base) so that it is entirely secure.
- Dynamic compartments: Even if one compartment is compromised, then having separate compartments allow for other ones to be secure.
- Certificate-based authentication: Rather than using usernames or passwords, using X.509 certificates is more suited for IoT security.
- Failure reporting: Required so that adequate action can be taken.
- Renewable security: Refers to a firmware update for improved security.
Azure’s end-to-end solution for securing MCU powered devices
Instead of getting into the semiconductor business, Microsoft is coming up with a range of processors/SoCs that have been manufactured by its silicon partners. And Microsoft is providing its security IP to select semiconductor vendors who developed a range of processors called Spheres.
These Sphere processors have a Linux OS that adheres to the above stated system-security properties.
Moreover, there is a 10-year lifetime access wherein all the patching and updates are pushed from the cloud side to the devices, thus ensuring the security of the devices for the next 10 years.
A service sitting on the cloud “Azure Sphere Security Service” maintains the root of trust between the cloud and the device as well as device to device. So, the certificate generation and authentication are taken care of by this cloud service.
This is a critical feature at any IoT framework. Every device has a different lifecycle, which consists of planning, firmware updates, monitoring and replacing it with a new one.
So, when a device boots up, first the device should be connected to a secure cloud platform and then it should be installed with the latest updates.
Through device provisioning service, thousands of devices can be provisioned at once automatically. After booting up and connecting, the cloud service identifies that the device is a valid one and belongs to the same network by showing a certificate.
Once that certificate is analysed, then the device is validated and given the right credentials to perform further communication seamlessly.
This practice is followed for individual enrollment as well as group enrollment. This is a zero-touch provisioning which is required for any IoT architecture.
If someone is trying to do a spoofing attack, then one should have TLS (Transport Layer Security) 1.2 encryption when sending data to the cloud
Gaining In-depth Defence
- Device security: It refers to secure device management, secure device provisioning service (after boot-up), support for diverse secure hardware and certificate-based authentication.
- Connection security: If someone is trying to do a spoofing attack, then one should have TLS (Transport Layer Security) 1.2 encryption when sending data to the cloud.
- Cloud security: Based on Azure, the cloud should have a security center which constantly monitors for alerts, DDoS attacks and things like that. In the event of any possible attack, the user will be informed pre-emptively to take adequate action. For validation, an active directory should be present. One can store the system keys in the key vault. Since certain IPs are allowed to connect to the cloud, and some are not, so having an IP based control can take care of that.
When we are talking about IoT security, we are talking about security right from the device to the channel and to the cloud, i.e. end-to-end security.
- Secure lifecycle management of IoT devices by using device provisioning service, device management and a host of security features.
- On the device side, there is hardware-based security attestation which is essentially a hardware security module or a TPM- based authentication (certificate-based authentication of devices).
- For a security program on the cloud, one should have essential components on the platform to take care of the attacks which are emerging on the cloud side to mitigate their risks.
About the author
This article is an extract from the speech presented by Shailendra Miglani, Global Black Belt Team-Technical Sales, Microsoft Azure IoT Cloud, at IOTSHOW.IN 2019.
A versatile technology influencer and technical sales professional, Shailendra has 19 years of experience in the fast-paced IoT, Cloud infrastructure, Embedded computing and Signal Processing.