Security in IoT: A Challenging but not Impossible Goal
Securing devices is a major goal for any entity that plans to reap the benefits of IoT
Internet of things promises to breathe life into inanimate objects, enabling them to send and receive data to/from other devices that share connectivity with them. And as we know, once anything is connected to the outside world it is subject to attacks by unscrupulous entities that are determined to inflict financial or social harm. Fraud examples are abundant: credit cards, cell-phones. Clearly, securing these connected “things” becomes a major goal for any organization that plans to reap the benefits of IoT. This is not lost on the players in the IoT food chain: from the chip vendors to industrial users and everyone in between.
So why is securing IoT such a difficult task? The simple answer is that we are trying to accomplish something that begins with a negative objective: trying to avoid a set of harmful events whereby we may only be able to compile and defend against only a subset of these events. The rest of the set comes from the attackers themselves and their creative imagination! In other words, we don’t know in advance what the attackers may be capable of and consequently, securing“ things” against an arbitrary set of attackers becomes very difficult. In general, attackers take a holistic view of the system when they devise their plan. They take advantage of system flaws and devise a plan(s) to attack it. They become an extension of the system QA team but with a high price tag.
Because the attackers take a holistic view in their plans, so should we. Focusing on a system or a software layer is not adequate. The problem must be viewed from all levels. However, we can limit this to trusted and untrusted zones and focus our attention to zones that require higher protection than other zones.
There are basically three major defensive strategies for IoT security:
1. Lowering the probability of attack by increasing the difficulty of attacks, e.g., via device authentication. This is not cost-effective for IoT where resources are extremely rare, e.g., RFID tags or sensors. In addition, secret keys can be derived using invasive (physical attack) or non-invasive tools (probing the communication channels).
2. Continuing operation even in presence of an attack that translates into a highly resilient operation. One way to achieve this is by computation of an encrypted piece of data. However this methodology has a major drawback for use in IoT in that it is computation-intensive with high overhead. A successful strategy would require a processor, specifically designed for IoT devices, that has built-in circuitry to carry out encrypted computation and will not allow invasive attacks on the chip itself.
3. Detecting attacks and trying to recover from them by ensuring the integrity of the data that is stored for IoTs as well as the integrity of necessary computations. The former can be approached by using cryptographic hash functions, but the latter is more difficult. One way to approach computational integrity is comparing outputs from two different software pieces carrying out the same task. This of course is also expensive but can be limited to “zones” that require higher protection.
The best approach to security is at an “atomic” level, that is, built in the processors/chips themselves. Using authentication methods (secret keys) are the best way in a defensive strategy. These keys must be protected from both invasive and non-invasive attacks. Therefore, the processors must use circuitry that offers protection from both types of attack. A new approach has been offered in http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=6823677 that brings the notion of Physical Unclonable Functions (PUF). This approach uses circuitry that essentially provides chip “biometrics,” making each chip/processor unique from another, similar to human DNA or finger prints. It does it by generating keys from the chip’s unique internal delay characteristics using a set of ring oscillators and a “helper” data function to derive a secret key. PUFs circuitry is inexpensive as it only uses an array of NAND gates and inverters. Major chip manufacturers have begun to incorporate variations of PUFs.
One final note, in the near future, we expect that data sheets for chips and processors will include information about not only on power draw, max heat, etc., but also on their security level. This information must be offered to designers to start with a certain confidence level in devising their security strategy that starts at an atomic level.
For more information about ACG’s IoT service, contact firstname.lastname@example.org or Robert Haim at email@example.com.