Secure by design: Creating IoT devices with a focus on digital security
After years of embarrassing breaches and botnet abuses, IoT device manufacturers are finally realizing what consumers are looking for in their new products: advanced digital security to protect their networks, privacy and data.
Despite public mistrust and hesitancy, the IoT market is booming. In fact, Bain predicts market growth up to $520 billion by 2021 — which is more than double what was spent in 2017. These new devices are even more innovative and collect and pass far more data over the internet than those that came before. From autonomous vehicles that receive firmware updates over the airwaves to medical devices that go home with the patient and directly improve experiences and outcomes, the impact of IoT cannot be understated.
Connected products need to be impeccably secure so hackers can’t take control — devices left unprotected can turn from helpful to harmful in a heartbeat. From the same Bain study, the average data breach costs businesses more than $1.2 million, and 93% of enterprise executives are ready to increase budget to purchase devices with improved security.
IoT security begins with a strong foundation of unique identity and trust built into the product before it reaches beta. The trust must also be maintained by the ability to securely update devices throughout their lifecycle. Device security can no longer an afterthought — it needs to be rooted in the design.
The building blocks for successful IoT security
1. Crypto-agility and continual lifecycle management
Today’s threat is tomorrow’s nightmare. Companies that build connected devices must become agile in their ability to act before threats become serious, designing devices for adaptation and change.
If a root of trust (RoT) is breached, it renders the chain of trust and all public and private keypairs moot, or even dangerous, as they can be issued and used maliciously. The immediate replacement of that RoT is required, along with the updating of all certificates and keys used by devices.
Devices that are in the market today may be sold or transferred to another party in the future. Sending such devices back to the manufacturer for reprogramming is not an option, nor is expanding the private chain of trust to include new owners. Regardless, for devices to communicate with the proper systems, there is a need to reconfigure the device’s identity.
Algorithms degrade and it’s important to have the ability to maintain and strengthen digital identities over the lifetime of every device. Where will the device be two, five, 10 years from now? For example, if a car purchased today is driving for an average of 11 years, think about what will be needed to ensure cryptographic strength for as long as it’s on the road. Consumers may not be thinking about the threats of system takeovers, but they’ll surely come up to speed quickly if a device ever puts them in danger.
2. Code signing
Connected devices must authenticate properly at all times, establishing trust regardless of how many millions of devices are in use.
Signing firmware and software is a critical best practice. When you sign a piece of code, you make a statement that the software came from your organization and that you stand behind it. You’re sending a message to consumers that the code meets your quality assurance guidelines and security standards. Code signing keys must be properly requested, approved and generated — important steps in avoiding their misuse and malicious code being signed using a legitimate certificate.
But all too often, code signing certs are not protected carefully. The burden to sign code often falls on software developers and the DevOps community who specialize in writing code and creating a good user experience. Generating and protecting private keys is an afterthought and they might not even know how to get started. As such, private keys often wind up in unsecured locations such as developer workstations or build servers. A similar problem extends to many IT security professionals who are unaware of how many code-signing certificates their organization has or where they are stored.
It’s important to document, track and rigorously follow the steps and procedures required to sign code as a part of a software development lifecycle or DevOps processes. Pre-signing workflows may vary application to application, but typically include steps such as QA testing, virus scans, static source code analysis, penetration testing and so forth.
The security infrastructure for IoT devices should be built to support rapid expansion and ongoing management of all versions throughout the device lifecycle. Manufacturers need to ensure that device updates can be managed remotely for new and old models without downtime, disturbances or vulnerability. Automated, cloud-based public key infrastructure (PKI) is a great option as it eliminates the need to manage digital identities on-premises, which can be resource intensive, limited, expensive and error prone.
Security for IoT should not be an add-on, luxury or choice — and it certainly isn’t something that should be revisited after the device has been deployed. In fact, there’s not a technology in the market that will be able to keep a poorly secured device safe after it’s been released. Security must be part of the development process for manufacturers and built into the core infrastructure of these products. This means binding a digital identity to a device that is based on encryption, authentication and code signing — at scale. It means security by design.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.