Providing secure IoT devices involve contributions from all stakeholders – manufacturers, service providers, system integrators and developers.
Curated by Vinay Prabhakar Minj
IoT has penetrated into every aspect of our daily lives. It’s present at home (smart home), streets (connected cars), agriculture (smart farming), shops (smart retail) and so on.
However, every good thing is accompanied by a bad thing. And in the IoT world, hackers are constantly trying to enter into the connected systems.
A prominent example is the Jeep Cherokee vehicle that was hacked and controlled remotely through laptops, during an experiment in the year 2015. A pair of hackers remotely took over the car’s control systems, leaving the driver in a confused state as to how various functions of the car were activated without the driver’s knowledge.
Another example is the hacking of pacemakers manufactured by St Jude Medical, U.S. in 2017. By hacking into the system, the functions of the pacemaker were altered such as depleting the battery life and slowing down the pacemaker. This can put the life of the patient at risk.
Prevention steps
In order to take preventive actions against hacking, we should ensure that the security is robust and is in place. For security, there are multiple standards such as GSMA, OASIS, IOTSF, IETF, NIST, oneM2M, etc. There are more than 50 organisations worldwide working on developing new standards and there are 100+ documents.
Despite the presence of a large number of standards, many of the documents do not provide any assurance of warranty or accuracy with respect to the standards or that it is compliant with the regulations. This leaves many users helpless.
Designing a secure product
There are many stakeholders for providing secure IoT devices – manufacturers, service providers, system integrators and developers.
There are five key elements for having secure IoT products and solutions.
- Framework: It will comprise of structured guidelines of requirement gathering.
- Architecture: Having the right architecture is important as every IT solution is different. The architecture should support those designs.
- Secure by design: You need to see here that your designs are secure from the design stage. To do that, you need to take all vulnerabilities into account.
- Best practices: Through best practices, vulnerabilities are being discovered and addressed. This results into development of secure and better devices.
- Threat-modelling
It is to be kept in mind that security is not guaranteed permanently. But the risk can be reduced. It is necessary for every IoT device manufacturer to have on-site vulnerability disclosure policies so that whenever any problem is found, the customer can report.
All the above stakeholders are supposed to give security to the customers.
Framework: security key issues and supply chain of trust
The framework addresses two issues – business level and system level.
The business level is about processes, policies and relationships. At the system level, we are talking about hardware, software or specific mechanical parts of the system.
Following are some key issues a framework can address: –
- Management governance: Responsible for product security/ information privacy
- Engineered for security: Hardware and software take care of security threats
- Fir for purpose cryptography: Authentication/authorisation/ key management
- Secure network framework and application: Secure apps, web infrastructure and server software.
- Secure production processes and supply chain: Manufacturing, delivery and installation.
- Secure for customers: Configuration control, software updates, VDS and life cycle management
The supply chain consists of the manufacturers who are involved in supplying products and developers who are involved in developing applications.
Risk-based process
It consists of 3 steps: –
- Analyse the risk associated with a product/solution on CIA (Confidentiality, Integrity and Availability) triad.
- Once you do the above, then you need to determine the compliance class such as security objectives and product environment. Example, smart plugs fall under class 0 as it does not cause any injury and doesn’t take any personal information. A thermostat takes personal information and requires high availability; therefore it falls under class 2. Medical devices where confidentiality, integrity and availability are of the highest importance fall under the highest class (class 4).
- Then finally, you need to get into compliance requirement mapping of the class.
Security requirements compliance
In the system level, one needs to know what type of hardware needs to be designed, what kind of security software needs to be developed and what kind of accessibility should be present for the mechanical devices.
In the business level, a company producing IoT products needs to have a policy for security and responsibility pertaining to the ownership of the security. It should have processes in place for analysing threats and reducing vulnerability.
Compliance requirements from system and business point of view
- Business security processes, policies and responsibilities.
- Device hardware and physical security.
- Device software, operating system, wired and wireless interfaces.
- Authentication and authorisation.
- Encryption and key management for hardware.
- Web user interface.
- Mobile application.
- Privacy regarding data protection.
- Cloud and network elements.
- Secure supply chain and production.
- Configuration.
When we are talking about business security, it is mandatory for a company producing IoT devices to have a person for security. In the UK, there is a certification process called “Cyber Essentials” which is necessary for your parts to be sold in UK.
There are multiple levels of security in a device hardware. Your system has to have secure boot, so that when your system starts booting each object of your booting process is authenticated. Only after this, the system should boot and start loading applications.
Hub based architecture
After adopting a framework, analysing and gathering compliance requirements, next is to have the right architecture. This architecture, suggested by the IoT Security Foundation, consists of a hub which separates local IoT network from enterprise IT networks. This hub is a concept and not a single device. It can be a single device for smaller projects where a router may act as a hub. The hub has all the security and device management software. For larger projects, the hub may consist of multiple devices.
Role of stakeholders
The stakeholders consisting of CXOs of various companies should make informed decisions on the type of solutions they are providing. This is important because security of IoT solutions has become a necessity. Similarly, a developer needs to have appropriate knowledge of the security solution.
Hub’s 3 main features
The three main functions of hub are:-
- Network management and security tools.
- Secure connectivity of devices.
- Lifecycle management.
Network management and security tools
It further consists of: –
- Local IoT network – In this, the hub acts as a gateway separating local IoT-business/networks. By this, the attack surface is minimised, and threat vectors are addressed.
- Separation of testing – Tests are separated, and device setup and connectivity are managed.
- Firewall and gateways – It protects the network and data flow and enables segmentation, routing and traffic monitoring.
Secure connectivity of devices
It consists of: –
- Authentication and authorisation – The device identity should be managed and validated as per level security.
- Secure boot – Secured and trusted boot should be present for an authorised software. In case of any tempering for privilege access, the hub should be alerted.
- Root of trust – This is security primitive in hardware/firmware which verifies the correct/intended person accessing the system.
Life cycle management
It consists of:-
- Monitor and audit – It helps in monitoring and auditing devices and traffic in the IoT ecosystem. It also acts as a central repository of information and provides notifications and status updates.
- Update and patch – It assists in protecting against threat and security vulnerability.
- Manage device identity and end of life – Responsible for assigning device ID, managing manufacturer, change of ownership, providing permissions and revoking authorisation.
Security principles in IoT implementation
For connecting device to IoT network, data needs to be private, audited and trusted. Among many other requirments, data should arrive timely, access or control of the device should be present, device should be updated and there should be ownership management.
Good security practices
- No default password
- Implement a vulnerability disclosure policy
- Keep software updated
- Securely store credentials and security-sensitive data.
- Minimise exposed attack surfaces
- Ensure software integrity
- Ensure that personal data is protected.
- Make the system resilient to outage
- Make it easy for consumers to delete personal data
- Make installation and maintenance of devices easy
- Validate input data
About the author
This article is an extract from a presentation delivered by Ratnakar Gandhe – Head- Product Engineering & IoT Solutions, Mindteck – at IOTSHOW.IN 2019. He specializes in wireless sensor technologies, new product development, product re-engineering and value engineering.