5 Ways to Secure and Enhance IoT Devices
With the incredible Internet of Things (IoT) device forecasts for the months and years to come, today is a perfect time for solution providers and manufacturers to review facilitating technologies. However, although some IoT solutions have already been implemented across a number of different sectors, various reports have highlighted the need for a much stronger focus on security.
The level of security required by IoT devices and their supporting solutions will vary depending on the specific functions they are performing, the criticality of the data they are managing, and the level of desire to prevent business and reputational impacts. Some businesses may feel taking significant risks are acceptable in order to minimise costs or to reduce time to market, hence security may be sacrificed. However if companies consider the following five key points they will at least be well informed about the risks they are taking and perhaps be better prepared to address any exploited vulnerabilities that may arise at a later date.
Secure the Device Software
Once embedded code and applications become infected with malware all manner of issues can arise. Devices may cease to function as designed, incorrect data from the endpoint may infect the data stored centrally, sensitive data stored at the endpoint may be at risk, and attackers may download software stored on the device and threaten the device provider’s intellectual property. The nature of connected devices lends itself to remote software updates to patch weaknesses, but that operation assumes the device will still interact with remote controlling systems as expected once the device becomes infected with malware, which of course may not be the case.
A hardened processor with the appropriate functions could be implemented; to provide a bootstrap secure start-up process for the device core operating system, to ensure only verified software applications are executed within the device, and to secure any critical data such as secret keys. This approach of designing a device with core hardware and software countermeasures and utilising specific cryptographic functions to protect operations has been the bedrock for the micro-processor smart card industry for over 20 years, and is considered critical to thwart cyber-attacks and prevent loss of confidence in the technology.
Ensure Unique Endpoint Identity
If a device is unable to maintain its intended identity any data provided by it to a central system may not be considered trustworthy or valid. In severe cases device ID duplications can lead to fraudulent activity. Good IT security practice suggests that specific processes should be applied to address this risk. One such option is to personalise the endpoint with a specific identification serial number and add a robust unique cryptographic identity. Public Key Infrastructure (PKI) is an already proven mechanism to ensure flexible and secure IT architecture endpoint identities. A second option to address the risk of a weak endpoint identity is to enforce strong mutual authentication between the device and its interacting devices and systems.
Protect the Data
Lost, stolen, or corrupt data can have significant financial and reputational impacts for businesses. Data stored at endpoint devices, at central systems, and in transit within networks is potentially at risk. Communication protocols which are necessary to allow system interaction are not always as secure as they might be perceived, and if considered secure, all the security feature options within them may not have been implemented.
Not all data may need the same level of protection, and the application or service, be that medical, personal, financial, or operational will dictate the level of protection required. The cryptographic features supported by smartcard platforms can allow additional levels of protection for data in IoT solutions, thus boosting the protection provided by any existing communication protocols and security features.
Secure and Simplify the Provisioning
The greater reliance on connectivity opens up more dynamic possibilities for provisioning. It may make sense for commercial or practical reasons to remotely provision a device, particularly if personalised information is required to be loaded on the device. Certain desired business models may seek to have third party applications and data loaded on devices which are already in use with consumers or businesses, and proxy devices may be employed to facilitate remote provisioning.
Device application and data provisioning requirements may vary depending on the service. A smart wearable device may need a payment application added after the device has been purchased by the consumer. A smart meter may need new keys and configuration data loading when a consumer changes utility provider. A connected vehicle may need a new insurance linked telematics application adding when the driver changes insurance provider.
Utilising a strong key management method can provide the necessary simplification and security required for a robust provisioning solution. An option could be to utilise asymmetric cryptography to manage the deployment of the device, and either a secure packet or a secure channel to deploy the device content. The use of secure, encrypted load packets between the device and the host could further simplify and reduce key management.
Provide Full Lifecycle Management
Considering the lifecycle of any connected device should feature highly with solution providers. Some IoT devices particularly the more industrial type could be in use for many years and some may benefit from a flexible and controlled lifecycle. Even if some devices are intended to have shorter lifecycles, more likely consumer devices, there may still be good reasons to carefully control the lifecycle.
Many of these devices may contain sensitive business, personal, or financial data; or be related to infrastructure or other mission-critical applications, and it may not be desirable to leave this data within devices when no longer required. A device may need a number of remote functional updates to reconfigure or modify the service over time. Of course security updates are a likely requirement as attacks evolve and improve over time.
A robust lifecycle process using PKI and an in-house or central Certification Authority (CA) or Key Management System could provide the necessary steps of: initial activation where the device receives its robust cryptographic ID, application loading for issuance, subsequent updating as required, and eventual application and associated data deletion at the end of life.
All these 5 considerations constitute good IT security practice and should feature within device security reviews.
The MULTOS Consortium Approach
The MULTOS technology is a suitable option for many IoT devices and solutions to implement appropriate and cost-effective security, flexibility, and versatility. Having been used in over 850 million smart cards and devices, it has the backing of an open industry consortium. The security benefits of MULTOS for the IoT are easily appreciated, and the additional benefits of flexibility can allow businesses to further leverage the solution assets to increase the monetisation.
Author: Paul Wilson, Commercial Manager, MAOSCO Ltd
(c) shutterstock / 307343279