As we learned in the recent Dyn attacks, even just a fraction of the billions of IoT products on the internet can lend their computing power to launch DDoS attacks that can have a devastating effect on web service providers.
Many security experts are calling for industry standards and greater push for IoT security. A timely IoT report from the Cloud Security Alliance (CSA) Working Group was just released.
In this article, we highlight some key points from a recent Cloud Security Alliance (CSA) IoT report, to include hardware-based controls to enhance security of IoT products. The CSA IoT Working Group report, is titled “Future-proofing the Connected World: 13 Steps to Developing Secure IoT Products.”
This is the third in a five part series that emphasizes IoT security and best practices many businesses can use to improve their security program as well.
CSA outlines in good detail the different hardware functional components that should be selected and secured to include microcontroller (MCU), specialized security chips and crypto modules, to name a few. A number of these hardware based controls are noted here.
Specialized security chips
Some of the MCU vendors offer a number of security benefits:
- Tamper detection and tamper protection
- Conductive shield layers (to prevent reading of internal signals)
- Controlled execution (to prevent timing delays and potential data leaks)
- Chain of trust boot-loaders (authenticate OS before loading it)
- Chain of trust OS (authenticate app before loading it).
Some of the mentioned MCU vendors in the CSA report include NXP (e.g., A710X), Atmel (Crypto authentication, cryptomemory) and Microchip/ATMEL (key generation and authentication functions).
The National Institute of Standards and Technology (NIST) provides recommended standards and tools for secure crypto modules. FIPS 140-2 should be followed when implementing cryptographic protections for IoT devices.
FIPS 140-2 breaks down security requirements into levels from Level 1 (most lenient) to Level 4 (most stringent) for crypto modules.
Device physical protections
According to the report, consider applying physical security protections, to include tamper detection and “zeroization” in some cases. Zeroization is a fancy name for crypto modules to erase sensitive data (such as crypto keys or digitally stored data) from unauthorized disclosure if the device is captured or tampered with.
Also, prevent reverse engineering (e.g., encrypt firmware update packages to prevent acquisition) and also use tamper-proof hardware and alert when tampering is evident.
Guard the supply chain
For some critical infrastructure systems, organizations should document approved product lists (APL) on what components/libraries are allowed to be integrated into the IoT product.
Open source libraries should also pass through same security checks as your organization’s custom developed code. Don’t forget about patching libraries as soon as they become available from the supplier/vendor.
Protect physical interfaces, such as UART, JTAG and USB, that could be exposed to unauthorized access. Disable and/or password protect interfaces before shipping IoT products and ensure only trusted connections. Read more about Universal Asynchronous Receiver Transmitter (UART) pins and Joint Test Action Group (JTAG) interfaces.
By better securing physical interfaces, you can help prevent attackers from connecting to those interfaces and offload product firmware for analysis and modification.
Finally, don’t forget to remove debug code from the operational product to help limit the attack surface.
In cased you missed it, also check out part one in the series, “Cyber Attacks Drive Need for IoT Security Standards” and previous article titled “How to Establish Framework, Platform Security and Data Protections for IoT,” part 2 in a five part series.
For more on IoT security, stay tuned for the next part 4 (in our 5-part series): “Improving Data Security with Secure Communications, Applications and APIs for IoT.”