Securing the Internet of Things
Securing Applications in the Internet of Things
Protecting devices from the point of creation is a critical component is providing a robust platform for the Internet of Things, but naturally devices must exist, and continue to operate safely and securely in a harsh world where they will be continuously under attack. Security in the IoT must therefore be more that just protection of data in-flight, although this itself is a critical component forgotten by many current devices.
Many people confuse security with cryptography, and while the latter is critical in everything we need to accomplish in this space it is just a technology we need to learn to apply appropriately.
To achieve confidentiality of data, and privacy in our personal communications, it is critical that we start off by developing the correct fundamental approaches within our devices.
Firstly we need to ensure that we develop architectures for our devices that enable each one to be uniquely addressed through the use of robust asymmetric identifiers. While it is sufficient for a device to have an IPv6 identifier in public, the true identity of the device must hinge on a private key, which has been created with sufficient entropy to be truly unique and mathematically unchallengeable. Too often today devices give up their keys too easily enabling simple attacks to gain leverage within the system.
Beyond the identify of the device it is critical for the industry to move to easy to use authentication mechanisms to enable devices to securely integrate into systems, with either trusted relationships being forged or zero-trust relationships providing a mechanism to verify and validate, but not trust, the other party.
Authentication enables a device to interact with a system, however authorisation is also critical to define both how devices can interoperate, and which users and applications have the correct permission to monitor and interact with the system.
Of course identity, authorisation and authorisation should make use of asymmetric encryption, however the industry has again been limited by the performance of microcontrollers. Nevertheless innovation in this space, led by process shrinkage and new architectures are enabling the delivery of new devices that enable simple implementation of critical capabilities, including speeding up cryptographic functions, wrapping of keys, and the provisioning of short term symmetric sessions and key agility to defeat sustained attacks.
While confidentiality of data is important the reality of many systems is that devices will still become compromised, and utility “trash-in, trash-out” is a truism of cryptography – if the data emanating from the device is incorrect then encryption of the data will not help. Thus it is critical to ensure that devices remain secure throughout their lifecycles.
To ensure integrity we have to think of trust across the life cycle of the device, how we create trust within the device, how we manage it across its lifetime, and ultimately how we destroy trust once we have finished with the device.
As with the secure manufacturing mentioned earlier it is critical that a device is secured from birth with a robust secure kernel combining secure boot mechanism that is inviolate with a robust key generation and management architecture. Only by absolutely guaranteeing the start-up criteria can we then make the attestations and measurements required to ensure we know the device is operating correctly and is uncompromised.