06 November 2014
Outlook 2015: Securing the IoT starts at the core
Ensuring the secure transfer of IoT data is a critical industry priority, as billions of devices will be connected wirelessly to the Internet of Things by 2020. Indeed, a wide range of connected devices and platforms are already generating and moving exabytes (10^18) of sensitive information along the IoT's expansive digital autobahns.
The risks associated with a rapidly growing IoT include privacy, unauthorised access, malicious control and denial of service. Numerous companies are developing solutions to address a diverse set of security requirements across multiple platforms and chips. The most robust security approaches bake security into the initial design and manufacturing of a SoC.
Many deployment scenarios require that IoT devices be provisioned with credentials and keys before they leave the device vendor's facility. In today's systems, the process of key injection during fabrication and test operations could potentially expose vulnerable key data. In addition, test and debug capabilities are often fully enabled on chips by default – a relatively common practice that inadvertently creates additional security challenges.
Taking a hardware-first approach to security and implementing the necessary functionality on the SoC level is a key element of fully securing devices and platforms such as FPGAs, wearables, smartphones, tablets and intelligent appliances.
Rambus CryptoManager, a hardware based platform built around an advanced Security Engine and versatile Infrastructure Suite, demonstrates how companies can effectively create a secure endpoint throughout the manufacturing and device lifecycle.
The CryptoManager Security Engine is essentially a silicon core integrated into a SoC that provides a hardware based root of trust for the secure provisioning, configuration, keying and authentication of SoCs during chip and device manufacturing. Meanwhile, the Infrastructure Suite consists of hardware appliances for securing in factory operations, along with cloud-based management systems designed to protect the distribution of authorisation and cryptographic keys throughout the chip manufacturing processes.
In practice, the hardware-based platform offers a single user interface across factory locations, real-time visibility into operations and remote, cloud-based feature activation.
This allows chip and device manufacturers to meet product personalisation demands, reduce operating costs and accelerate time-to-market – all while ensuring the security of secret keys and sensitive data.
Today's IT security heavily relies on software patching and updates. While this is appropriate for correcting unforeseen vulnerabilities, it is difficult to administer or update low-cost IoT devices in the same way we manage IT systems today. IoT devices also have long lifespans, yet manufacturers are likely to stop developing and rolling out patches for a product once it reaches obsolescence. For these reasons, IoT devices should leverage hardware-based security and isolation mechanisms that offer robust protection against various forms of attack.
Clearly, the risk of collecting and transferring data without effective hardware-based security measures becomes particularly salient when dealing with high-risk platforms such as smart grids and medical devices. Losing control of the grid to hostile actors could cost a utility millions of dollars in downtime, to say nothing of the safety hazards posed by the digital hijacking of critical utilities such electricity, gas and water. Similarly, a compromised wearable medical monitoring device could result in serious injury and perhaps even death in more extreme scenarios.
Looking towards the future, we can expect vehicles with an increasing amount of autonomous capabilities to deftly navigate our roads and highways. These cars and trucks will also be designed to interact with their owners, each other and the IoT. Intelligent cars and smart grids are just the start of a changing ecosystem, where devices, systems and platforms that were previously 'disconnected' will be coming online. Ultimately, the integration of various IoT devices and platforms will lead to the proliferation of smart cities all over the globe – rising on the new digital infrastructure enabled by ubiquitous connectivity and ever increasing bandwidth.
Thus, it is important to realise that just because a system is embedded, doesn't mean it's secure or will remain so indefinitely. As such, security must be perceived as a first design goal (hardware), rather than a tertiary priority (software patches), with chipmakers routinely forced to contend with a wide range of potentially serious threats, including data breaches, counterfeit components and IP theft.
Although many continue to take security for granted, the importance of adopting a hardware based approach at the most basic core level cannot be overemphasised. Aside from ensuring fundamental chip security during manufacturing, embedding the right security IP core into a SoC can help manufacturers design devices, platforms and systems that remain secure throughout their respective lifecycles.
Hardware enabled examples include device provisioning, subscription management, secure payments, authorisation and RMA/test support. Embedded SoC security can provide a critical root of trust, managing sensitive keys for secure boot, service authentication, and key management. The SoC security core can regulate debug modes to thwart reverse engineering, while providing chip authentication to prevent counterfeiting. SoC-based security can also manage the one-time-programming of on-chip resources.
The Internet of Things will continue to evolve as billions of diverse devices and platforms come online over the next decade and beyond. Truly robust security can be achieved if it starts at the core.
Cryptography Research, a division of Rambus Inc., is a leader in semiconductor security research and development. Established by internationally renowned cryptographer Paul Kocher, Cryptography Research develops and licenses innovative technologies in areas including tamper resistance, content protection, anti-counterfeiting, network security, and financial services. More than 8billion security products are made each year under license from Cryptography Research. Security systems designed by Cryptography Research scientists and engineers protect hundreds of billions of dollars in commerce annually. www.cryptography.com.
Rambus brings invention to market. Our customisable IP cores, architecture licenses, tools, services and training improve the competitive advantage of our customer's products while accelerating their time-to-market. Rambus products and innovations capture, secure and move data.
Ben Jun is chief technology officer or Rambus' Cryptography Research division.