In discussions on the future of the Internet of Things (IoT) there has been a lot of justifiably intense attention paid recently to security vulnerabilities and the potential loss of control of personal privacy.
Despite all the experience available in implementation of security solutions for M2M, however, the options for action discussed are often limited to a reaction of panic or to finding ways to bolt extra security capabilities onto existing IoT architectures, according to Haydn Povey and Jon Howes of Beecham Research Ltd. The latter can seem to offer a way to a more
secure future, but looking more closely at the threats and the realities of the IoT leads us towards very different conclusions where systems must be made adaptable in the face of rapidly evolving attacks.
The challenge we face is that we have to change the way that we think about IoT security as an industry where solution specifications are not as clear and fixable as for M2M. Far too often security is something which product developers try to bolt on later on, and you can do it in some ways with Secure Elements and SIMs that have also been used for carefully architected M2M
systems. You can solder them into products, or you can have subscriber modules in trays, as we do on phones and you can depend on the past M2M experience of leaders like Gemalto and Giesecke & Devrient.
But fundamentally we need to get security in at the ground up if we are going to create an environment where the Internet of Things is actually going to function as needed.
Threats emerging and increasing
Threats are emerging in the many different use cases of IoT and in the changes of style that are complicating the security issues, decisions, and architectures of the past M2M scene.
We can look back at StuxNet, which was very clever, and allegedly made by the best experts inside the security services. But here the very attack technologies used to protect us are being refarmed and retargeted by those who threaten our IoT systems. This greatly increases the number, strength and capabilities of attacks.
As the IoT increases in sophistication the threats are not limited to targeting a single type of connectivity. The new IoT capabilities relate to many connectivity types, and the interactions and the mix of those connectivity types in multiple networks.
Massive vulnerability
Heartbleed also showed that we are massively fallible to the complexity of modern systems. While this specifically impacted the world of IT, it’s a fundamental issue at the heart of all protection technologies. In that case larger appliances got fixed, but a lot of ‘things’, the routers, were just binned. But you can’t bin stuff that becomes part of your infrastructure, embedded deeply in everything you are doing, and that’s where the IoT is heading.
Little impact, so far
The impacts of those attacks affect us all differently. Traditionally, IT attacks have very little impact on our daily lives. They are down at the lower levels of Maslow’s hierarchy of needs. It’s food. It’s warmth. But it’s still liveable with, you can get away with it.
However the IoT has the ability to impact every level of needs throughout our lives – and to do that extremely rapidly. It’s far more costly, disruptive, and it can be practically immediate. So the food in your fridge, or the supermarket shutdown, disruption of the food chain, these things can be rapidly affected and denied to you, and they really matter.
With ‘9 meals’ being described widely as the length of the food supply chain, any disruption by a successful attack could leave us close to anarchy. And that is true for warmth and shelter, too.
Securing our IoT future
So the industry really requires some form of holistic approach. We need to extend beyond the essential encryptions of data at rest and in flight that people are realising are necessary. We need to make sure we have interoperability of identity, of authentication, and of authorisation. In taking that holistic approach we need to work with all stakeholders in the brave new world of IoT.
We also need to really go deep though. We need to have a deep root of trust, and secure foundations built around that.
The long term lifecycle of IoT systems is also key. These things are going to go into place and stay there for 10 years.
As well as remote monitoring for anti-malware, we need to presume that all systems will suffer successful exploits as a result of prolonged and sophisticated attacks.
IoT security needs to be about low-cost architectures, right down from the secure nodes, avoiding the use of random microcontrollers which can’t protect themselves. We must work to embed a deep root of trust that can be relied upon out to the top levels of the cloud.
In truth all of these requirements are simply implementations or extensions of the best practices identified in the 20 Critical Security Controls by the Council on Cybersecurity, the global NGO tasked with leadership in the IT domain. However, as we all know, there is a massive gap between best practice and real implementation.
Reacting to exploits: The need for remediation
We have to assume in the future that devices will become compromised. They will fail to deny attacks. Although we do need to deny the attacks as strongly as possible, we also need to plan for failure. And we need to make sure we have methods for reset and remediation of those failures when attacks succeed, enabling us to regain control and then build our defences higher. These will be technology requirements for the next generation of silicon, for the next generation of devices.
So, we have to be able to reset the IoT devices, we have to regain control, and we have to remediate. That has real cost issues down at the silicon level. It means that you have to have very strong identification alongside very strong cryptography.
You then have to take an encrypted update package, you have to decrypt it on-the-fly. So you have to have enough memory to do that. You have to have all of the necessary cryptography capability. And then you have to have a multi stage boot with a very strong root of trust to instantiate that.
All of these things have a real cost impact on devices. But it is incredibly valuable from an IoT security perspective to have that, and allows a new set of services to be put in place.
We have to deal with these security issues in the Internet of Things. And we have to deal with them now, before it’s too late. Change is needed before many of these IoT systems are implemented and out in the field without the right levels of security.