Security in IoT has often been listed as a development priority but then postponed or neglected with negative consequences. As the attack surface expands and new threats proliferate, traditional approaches to securing devices are too inflexible, too expensive or too complex to integrate to meet the timescale and volume needs of IoT enterprises. Current security methods address security concerns but are fragmented and this prevents them from being able to scale up. In the field of cellular connectivity, the GSMA’s IoT SAFE initiative provides an alternative for IoT enterprises that is independent of mobile operators and provides a standardised method for securing IoT devices. This, Stephane Quetglas, the director of marketing for embedded products at Thales, tells George Malim means IoT can be secured end-to-end at scale, with flexibility to change connectivity provider and without the need to re-invent the wheel for every device or service.
George Malim: What are the challenges of addressing the sheer volume of IoT attacks?
Stephane Quetglas: We’ve seen the attacks on IoT devices and services for more than ten years and IoT security remains a significant concern for us. There have been some substantial disruptions caused by security and the situation has not improved much over the years because there are more and more companies wanting to connect their devices and to deliver more value and have more mobile services. Companies have started to put functionality and the service itself at the top of their list and not the security. This is because they haven’t been sufficiently aware of the security issues that exist and the additional security issues that exist when you connect a device to a network.
The scale of IoT is enormous and is well beyond the availability of skilled security experts in the industry so companies tend to forget about security or use very simple methods such as log-in passwords. When you use passwords and don’t pay attention to them, you risk having a password that is too simple or shared across devices, making all of them vulnerable at once.
The main barriers come down to shortage of security skills and the cost of implementing security in IoT. Implementing security has a cost and whatever the device it is important to diversify the secure credentials that you deploy in the device. This is so that if a device is attacked, other devices are not vulnerable to risk, but this process is costly.
The other big reason that implementing security in the proper manner is very costly is the need for solutions that address both the level of security required and the level of scalability needed. This is in the context of billions of IoT devices so the scale is huge and will be even larger in the context of the new generation of 5G and low power networks which are arriving and bringing an even greater number of connected devices. In addition, there are use cases where there’s a need for securing the connectivity of the device to the IoT application and this relates to the value of data. Apps increasingly are deployed in the cloud and that means you need secure connections so you can sign data when you send it back and it can be verified. For example, in use cases in the energy, automotive or healthcare industries the value lies in the type of data that is exchanged, not in the fact that the platform is cloud-based.
In addition to public networks, in private networks you have use cases where the data circulating needs to be certified so it can be trusted. IoT in private networks such as at manufacturing sites relies on the ability for devices to sign data and prove it is genuine. There are more and more use cases emerging that require security in this way so scalability is essential.
GM: How does the GSMA’s IoT SAFE initiative solve the issues by making use of the hardware’s tamper-resistant element?
SQ: The tamper-resistant element is the subscriber identification module (SIM) or embedded SIM (eSIM) already in use in connected cars, smart meters or container trackers. That’s the first element so the obvious choice is to build on what is already in the connected device. It is the first step to address scalability requirements because you don’t have to add another chip or element to your bill of materials (BOM). The SIM and eSIM offer a very high level of security and have been used for many years so they are a perfect platform for a security solution.
The second choice is to adopt an approach based on public key infrastructure (PKI) which provides a cryptographic method used for strong authentication between cloud and devices and data integrity. Typically, you might use this method on your computer to access online banking. The PKI technology allows you distribute strong credentials in a secure and scalable manner unlike a login/password.
The two main choices therefore come down to re-use of the field-proven tamper resistant element that is the foundation of SIM and eSIM, with a PKI approach, which is very appropriate for addressing the security issues IoT faces. When done in a standardised manner like IoT SAFE, this is ideally suited to scale and manage large volumes of connected objects.
GM: What is your view of security by design and is this approach being taken by the IoT industry?
SQ: It is very important and needs to be considered as an essential part of device or service design. Security by design means that you consider security at the earliest stages of your process when you first think about creating an offering or business. If you do this, you will have the right foundations.
Security by design is for us at the heart of what we do but lack of skills and the complexity of security means companies in IoT are not comfortable with it. This is counter-productive because it is very difficult to fix security issues when products are already in the field and you face issues that you cannot repair or address.
Security is increasingly put as a high priority by IoT companies, and they are interested in relying on security specialists to try and bring the right approach. This is partly to do with the skills shortage but also because security is evolving all the time. To be effective, you need to know the security ecosystems, learn skills and understand new attacks and ways to counter them.
This continuous process is difficult to implement, especially for small-to-medium enterprises. Don’t forget IoT is made up of lots of small companies, it’s not just a few big names so for many it’s very difficult to develop in-depth security skills.
GM: How are the IoT SAFE specifications being integrated into hardware tamper resistant elements?
SQ: What is key for IoT SAFE is that this is a standardised approach that utilises the eSIM independently from the mobile network operator. If you use IoT SAFE in the eSIM in your connected devices, you can choose a network operator to provide connectivity and use IoT SAFE to connect devices to your IoT cloud and later on, if you want, you can change the mobile operator for your connectivity without impacting your IoT service.
Indeed, devices will still be able to connect to the same cloud with the same credentials even after the mobile operator has been changed. IoT SAFE is not included in the mobile network operator profile, but in a dedicated security domain sitting beside the SIM application on the same tamper- resistant element. The flexibility this provides is important for IoT enterprises because IoT SAFE can be independent across the connectivity provider and the security provider.
The freedom this provides means there are fewer constraints in terms of vendor selection and the security can scale which is not the case when you have fragmented systems.
GM: What is Thales’ approach to IoT SAFE and how does that deliver scalable trust for IoT applications?
SQ: We embraced IoT SAFE immediately. We are convinced of the need for improved IoT cybersecurity and the requirement to provide a security solution to IoT players that provides something standard and therefore scalable. Standardisation is the right way to go so the security solution can be deployed everywhere.
IoT SAFE is standard but of course you have some additional value as a vendor that you can provide to your customers. We work with providers of security stacks and middleware vendors to make sure IoT SAFE is already supported and thus the integration made easy for device makers. We also provide a touchless provisioning service which is a way to totally remove the cost impact of adding security into a device when the device is manufactured. When you use Thales’ IoT SAFE in the device, there is not additional activity and no additional charge in the process because our solution will automatically generate and validate credentials when the device is first used on the field.
This is how we provide additional value. Of course, we have connectivity management solutions and we’re a leader in eSIM and remote SIM provisioning (RSP) solutions and this means we are able to provide our customers with complete solutions for connectivity and security.
GM: What are the alternatives to IoT SAFE?
SQ: The most popular alternative is a device-based approach where security is implemented as software in the device memory. This solution works from a functionality perspective but is quite bad from a secure path point of view because a general purpose processor in the device is not protected and is very easy to defeat. In addition, device-based solutions are usually proprietary or bespoke to a specific device so you need to repeat the same work for every device or implementation and this approach can’t scale.
Another alternative is Generic Bootstrapping Architecture (GBA) which is a user authentication method based on the SIM application. This is mobile operator-centric and was standardised a long time ago. Adopting this method means you require a security service provided by your mobile operator: as a consequence, you lose the service if you change operator and need to integrate with the security service of the new operator. In addition, this does not provide true end-to-end security up to your cloud platform.
IoT SAFE can be deployed in the same way across all of your devices and it is not linked to your mobile operator. The security provided is end-to-end so you are truly protected.
GM: Are IoT enterprises adopting IoT SAFE?
SQ: We are seeing strong interest in IoT SAFE today and people that are using cellular technology for IoT are highly accepting of this solution because secure network connections and data are very important to their business cases. Having said that, awareness needs to be developed further to detail the potential of the technology. We’re working to make sure IoT players are aware they can use and rely on it to relieve some of their pain points and ensure their IoT operations are secure.
Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow
