Our July blog post has been written by one of our Industrial Stakeholders Advisory Board (ISAB) members. A special thanks from RISE to Ilhan Gurel from Ericsson for contributing this best practice advice. Ilhan is HW and SW security expert at Ericsson.
“Security baked in at every layer, not later”
Securing entire end to end IoT chain covers securing IoT devices, backends and everything in between as well as life cycle starting from manufacturing and deployment to disposal.
Every component in this chain may have different attack surfaces, different adversaries and may be managed by different entities. It is also important to note that securing IoT devices and their backends is not an easy task and depends on operational environments, deployment models, use cases, adversaries, assets to protect and costs. No matter what these can be, there must be an adequate level of security baked into every layer and component, starting from the very beginning e.g. design phase but not added later.
The IoT Recipe for Security
Securing IoT end to end chain starts with security threat modeling and risk assessment. This is a crucial phase to find answers to security threats, mitigations and security requirements. Then it requires the following ingredients when and where applicable:
- Hardware (HW) and Software (SW)
supply chain security:
- vulnerability and incident management
- HW and SW components free of trojans/malwares
- Keeping track of 3rd party HW & SW components and their origins.
- HW Security:
- secure boot
- TRNG
- secure storage
- HW based RoT (Root of Trust)
- HW based security features to mitigate ROP/JOP like attacks
- HW based crypto modules
- HW (and SW) based mitigations for side channel attacks if applicable
- SW Security:
- security hardening of OS and applications
- minimal OS (including disabling/removing unsecure services/components)
- sandboxing
- least privileged processes
- code signing
- access control
- secure SW development
- auditing and logging
- Trusted identities:
- unclonable
- unique
- cryptographically random and strong enough during the lifetime of devices
- generating, provisioning and storing identities securely
- Life Cycle & Device Management:
- secure SW updates
- remote attestation
- secure disposal of user and device data
- Anomaly detection:
- on device and at network level
- Identity Management:
- managing identity life cycles
- revocations
- renewals
- bootstrapping
- integration with PKI systems
- Secure communication:
- data confidentiality , integrity and origin in transit
- the use of strong ciphers and mutual authentication
- the use of secure protocols e.g. TLS/DTLS according to the best security practices as defined in RFC 7925, RFC 7525 and RFC 7540
- the use of TLS 1.3 when and where possible. TLS 1.3 as standardized in RFC 8446 has significant security and privacy improvements comparing to TLS 1.2
How to measure security?
Connectivity also plays a crucial role with respect to high availability, battery life, reliable communication, data transmission rates (e.g. important for SW updates and rapid patching), built-in security.
Then an important question remains: how to measure security? In-house and independent security audits and reviews, security certifications are all relevant and may be one of the answers.
Securing end to end IoT chain is a not easy task but it is achievable. It requires all the ingredients mentioned above when and where applicable, most importantly security awareness of end users, device owners, manufacturers, platform and service providers, HW and SW developers, and more.