Can IoT security win on all fronts?

Art Swift, president, prpl Foundation

The Internet of Things is rapidly turning a new generation of products ‘smart’ by adding computing power, network connectivity and sophisticated software. So says Art Swift, president of prpl Foundation.

From cars to routers and drug infusion pumps to drones, they now offer a wealth of possibilities for tech-savvy owners keen to push their device capabilities to the limits. But at the same time there are logical reasons why lawmakers and regulators need to lock down certain functionality – for the safety and well-being of their citizens.

Joseph Steinberg’s recent assessment of IoT security being one of the biggest tech battles that will be fought in the year ahead is very astute and an issue which the prpl Foundation has been helping to settle by working with manufacturers and developers, regulators and educating the public.

While the rules laid out by regulators effectively work to lock down the firmware on consumer devices so it can’t be altered, sending them on a collision course with consumers, there has been little in the way of technology innovation to address this conundrum.

Joseph Steinberg
Joseph Steinberg

But there doesn’t have to be this divide. Regulators can get what they want to be able to control safety aspects and equally, consumers should be able to tweak and customise technology that they buy to get what they want. And it can be done securely.

The problem at the moment is that current IoT systems simply aren’t architected in a way which will allow for this kind of granularity. With open source development, secure boot based on a root of trust anchored in the silicon and hardware virtualisation that are all laid out in the prpl Security framework, it can keep both regulators and consumers happy.

The framework covers three major areas:

    • Open source: Too many proprietary systems rely on ‘security-by-obscurity.’ But this concept simply doesn’t work any longer. Firmware binary code can often be found online, or reverse engineered with debugging tools like JTAG and interactive disassemblers like IDA. Given the increasing complexity of code, we need to get as many eyeballs on it as possible. The focus should be on creating a top quality, highly usable, secure and robust end product.
    • Secure boot: The method of updating firmware in embedded systems is fundamentally flawed because this software is typically not cryptographically signed. This means an attacker could reverse engineer the code, modify it, reflash the firmware and reboot to execute arbitrary code. We must ensure IoT systems only boot up if the first piece of software to execute is cryptographically signed by a trusted entity. It needs to match on the other side with a public key or certificate which is hard-coded into the device. Anchoring the “Root of Trust” into the silicon in this way will make it tamper proof.
    • Hardware-assisted virtualisation: Security by separation is one of the fundamental rules of IT security. Yet lateral movement within the hardware is possible on most IoT systems, opening up yet more vulnerabilities to exploit. Hardware-level virtualisation will prevent this lateral movement and preserve security by separation.

With the help of a secure hypervisor it can provide a foundation to containerise each software element, keeping critical components secure and isolated from the rest. Secure inter-process communication allows instructions to travel across this secure separation in a strictly controlled mode.

Building security into the hardware of embedded systems in this way will help regulators lock down specific harmful functions whilst allowing consumers free reign to tweak other parts of their product. Technology advances only if innovation is allowed to thrive. And with a blueprint for an open, hardware-led approach to securing embedded computing, we can finally achieve it.

It’s a win-win for innovation and regulation.

The author of this blog is Art Swift, president, prpl Foundation

Comment on this article below or via Twitter: @IoTNow_ OR @jcIoTnow

RECENT ARTICLES

Get a US$50 Amazon voucher for sharing your IoT brand knowledge

Posted on: March 28, 2024

We want to know what you know about the IoT space. Just 3 minutes could earn you a US$50 Amazon digital gift card!

Read more

Enhance EV charging performance with cellular connectivity

Posted on: March 28, 2024

Electric vehicles (EVs) are steadily growing their market share at the expense of internal combustion engine vehicles. The growth is fuelled by several factors. Perhaps most importantly, prices for EVs have started to drop as competition in the industry is intensifying. New players and models are emerging, prompting several established EV makers to lower their

Read more
FEATURED IoT STORIES

What is IoT? A Beginner’s Guide

Posted on: April 5, 2023

What is IoT? IoT, or the Internet of Things, refers to the connection of everyday objects, or “things,” to the internet, allowing them to collect, transmit, and share data. This interconnected network of devices transforms previously “dumb” objects, such as toasters or security cameras, into smart devices that can interact with each other and their

Read more

The IoT Adoption Boom – Everything You Need to Know

Posted on: September 28, 2022

In an age when we seem to go through technology boom after technology boom, it’s hard to imagine one sticking out. However, IoT adoption, or the Internet of Things adoption, is leading the charge to dominate the next decade’s discussion around business IT. Below, we’ll discuss the current boom, what’s driving it, where it’s going,

Read more

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, home automation using iot is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more

5 challenges still facing the Internet of Things

Posted on: June 3, 2020

The Internet of Things (IoT) has quickly become a huge part of how people live, communicate and do business. All around the world, web-enabled devices are turning our world into a more switched-on place to live.

Read more