We're fortunate to have a guest contributor today, Steve Hanna, Senior Principal at Infineon Technologies, to provide a new point of view on IoT security from the hardware perspective. Below Steve discusses why traditional software-based approaches don't work and how a strong hardware foundation combined with identity is essential to realizing the IoT value proposition.
The IoT presents an enormous business opportunity for virtually every market. Connecting physical objects with related back end systems using internet protocols, opens the door to smart analytics, predictive maintenance, energy efficiency, cost savings and the ability to offer more customized products and solutions.
For example, consider a clothing manufacturing line that gets connected to the customer ordering system. Rather than producing a ton of items in set sizes and colors, the manufacturer can produce clothes based on the specific details of customer orders. This helps cut costs since they are not producing clothes that no one asked for (dead inventory), while customization increases the value to the customer and could potentially let the manufacturer raise price points and differentiate from competitors. These opportunities apply to countless other markets.
It’s likely all markets will eventually adopt IoT; here are a few examples of those that have started already.
IoT Is a Huge Opportunity, but IoT Security Is a Huge Problem
We see real opportunities from IoT, but we also see significant challenges. Recent surveys have shown widespread agreement that the chief concern people have about IoT and the chief barrier to adopting IoT is security.
This concern is well founded because there have been a lot of attacks - attacks of people’s houses where their security cameras are being used to spy on them, attacks on factories - the list goes on. In 2014, a German steel mill reportedly suffered “massive damage” after a cyberattack on the mill’s control systems prevented the orderly shutdown of a blast furnace. Another example is the reported attack on the Ukrainian power grid that took place in December 2015, in which attackers were able to access the power grid and cut power to over 200,000 people. This was the first time on public record that a power grid was cut by a cyberattack. It’s quite clear that it was a cyberattack and that they got in using the IoT connectivity that had been added to the power grid. The attackers were able to not only shut down the breakers, but also wipe hard disks and even flash the firmware on some of the key systems that were needed to bring it back up.
Why Can't We Use Traditional Software-Based Security for IoT?
Some people may be wondering why IoT security is such a huge hurdle. After all, our computers have been connected to the internet for decades at this point. Why can’t we just use the same security solutions, most commonly software-based, for IoT systems?
IoT systems are different in that they tend to have a long product deployment and usage lifetime and they rarely have someone involved in actively managing them. So if you think about it, with your PC at least you’re checking in on it and installing the updates, (or at least we hope you’re installing the updates) and if you’re in a corporate environment, there’s someone managing it from that level as well. The thing about the IoT systems, whether it’s a security camera or an industrial robot, is that they need to be up and running for years at a time, with rare opportunities for downtime. When they are taken down, the manufacturers and customers want to make sure that whatever they’re doing keeps that system reliable. The top priorities for embedded systems and specifically with industrial systems, are reliability, safety, efficiency and productivity. So customers are very careful about what changes they make to the system and they don’t tend to apply a lot of software patches.
That’s why in the field, you’ll see a lot of industrial control systems running Windows XP, or even earlier versions of Windows. Typically, things are not tested with the newer versions of Operating Systems or software very quickly, if ever. If you bought an industrial control system five years ago, it may be unlikely the manufacturer is going to re-test their software with the latest version of Windows or Linux or whatever embedded operating system is on the device. And yet, these industrial control systems are expected to have a lifetime of 10, 20, or even 30 years. Lifetimes can be even longer when you consider situations where there are physical barriers to updates, such as a turbine in a hydroelectric dam. So over the lifetime of that product, how often is that industrial control system going to be updated? Very rarely, if ever. But history has shown that software vulnerabilities will not end.
The Key to IoT Security Is a Strong Hardware Foundation
So given the long product and system lifetimes for industrial equipment, software alone isn’t the best option and the only reliable way we have to maintain security is to use hardware. We have hardware security systems that have been out there in the field for 10, 20 years or more. They’re designed to resist attacks over long periods of time.
By hardware, I’m talking about hardware security chips, which are included in your passports, in your credit cards, in your commercial grade PCs, and in other applications as well. These chips are designed to resist very determined attackers and they don’t run commercial operating systems. This means you couldn’t take an attack toolkit that was developed for Windows and use that to break in to the security chip. No, it’s a very specialized operating system, a specialized environment, that’s built into that chip, all designed from scratch with security as a top priority.
These security chips essentially give you a trusted environment that can be used for what’s called a ‘hardware root of trust’, sort of a strong foundation onto which a good building can be built. If you think about your house, you want to have a strong foundation that’s going to last you a hundred years. Of course you’re going to make updates upstairs, but you don’t want to be going back to that foundation. It’s just something that you can count on. The same is true for security – you want to have that strong hardware foundation that you don’t need to be updating, so that everything on top of it can be stable and structurally sound.
Security Chips Are a Great Foundation, but You Also Need Identity
However, these chips alone aren’t the be-all, end-all solution to IoT security. The problem we face with them is that they come from the factory with one identity – and that identity might say this is a chip or serial number such and such and might reference the name of the manufacturer. But then the chip gets put into a lightbulb, or an industrial robot, or a security webcam in your home and that’s a new identity for the chip. It’s not just a chip; it’s a chip in industrial robot model X, serial number Y, from a particular manufacturer. That information needs to be added to the chip so it can be the long term identity for the chip. Ideally, that needs to happen at the time the robot, light bulb, security camera, or whatever “thing” is being built, when the chip is being soldered on and installed into the device. This device identity should be installed while the device is in the manufacturing plant.
This is where a sophisticated and scalable identity solution, like the one from GlobalSign, comes into play. GlobalSign provides identities that are already used for web servers, email communications, personal computers, etc. but now they can be injected into the chips in IoT devices. So now every “thing” can have a unique identity, which it keeps throughout its long lifecycle.
Identity Is Essential to the IoT Value Proposition
All those IoT benefits I mentioned earlier – smart analytics, predictive maintenance, energy efficiency, cost savings and the ability to offer more customized products – are dependent on sending and receiving accurate data and commands to the correct “things” when and where they need it. Knowing where your data is being sent and which devices it’s coming from are absolutely essential. Consider the following scenarios:
- Privacy – you need to find a way to enable the transmission of any data only between approved systems and devices. For example, a “smart” security camera manufacturer would only want each camera to talk to the owner’s smartphone and vice versa.
- Protecting intellectual property – a lot of data that is sent to “things”, especially those in industrial settings, is proprietary. For example, if you have a system that controls the recipe for a soft drink, you’d want to enable the system to only send the recipe to your production robots and not a competitor, or some other knockoff robot.
- Software or security updates – when you need to apply an update or patch, you want to find a way to check whether it’s going to the right device and that the patch was properly installed on that device.
- Reactive maintenance – if a robot in your production line is having a problem, it can easily be identified and remedied. Say, your monitoring system says robot #125 needs lubrication at joint 3, the operational team in the plant can identify that robot and remedy the situation.
- Predictive maintenance – consistently gathering accurate data can also enable more proactive remediation as well. For example, you’re monitoring the data and notice it’s requiring a little extra torque, to run joint number 3 in robot #125. Based on previous experience, you know that means the joint will need to be replaced in 2 months and you are able to plan ahead for the fix.
I think we still have a long road ahead of us when it comes to getting IoT security to where it needs to be. However, I’m encouraged by some recent trends I’ve seen where large companies are adopting established IT security technologies, such as hardware chips and device identities and bringing them into the context of IoT security. Check out the video below for an example of this. It demonstrates how to leverage High Volume PKI and secured hardware to mitigate risks, like key compromise and identity spoofing, while also extending trust and deployment models at a massive scale.