IoT’s Connected Devices Give Security Vulnerabilities Nowhere to Hide
What’s needed is a long-term strategy for verifying security properties in silicon designs.
With the rapid increase in the deployment of the Internet of Things (IoT), forecasters predict there will be more than 50 billion connected devices by 2020. These connected devices include smart LED lighting systems, intelligent sensors, home appliances, wearables and many others.
A modern automobile also is becoming increasingly more connected with V2V and V2X communication, autonomous driving systems and Internet connectivity. This growing connectivity and digitizing of the analog world by more and more devices is intensifying the demand for more secure hardware. Security threats are becoming so pervasive and the vulnerability cost so large that security now is required in the silicon that is the heart of these devices.
Damon Kachur, a Global Business Development manager at Symantec Corporation, a software security company, stated recently that software is no longer enough, each new IoT device needs to have specialized hardware inside. “To do it right, it has to be done at the hardware level—after that it’s too late.”
Conventionally, the semiconductor industry has focused on securing the software with techniques such as data encryption, access control and isolation, while ignoring the cyber threat to the hardware. Modern hardware is more complex and has created a new class of attacks. Malicious intent is focused now on hardware. In connected cars, three examples of attacks that can expose security vulnerabilities are:
- Control: Unauthorized remote access to functions like door locks and navigation systems can render the driver helpless to control the functions of the automobile.
- Theft: Infotainment systems and in-vehicle WiFi systems provide a plethora of valuable data for cyber thieves to attempt to steal.
- Disruption: Services controlled by silicon devices, such as braking systems, engine controls and steering systems, which are breached create a serious safety threat not only to the driver and passengers, but also to all the vehicles in proximity.
A critical parameter for IoT gateways is computing performance at the edge that enables near real-time analytics, local decision-making and tighter process controls. In addition, scalability to handle billions of connected devices, affordability, reliability and remote maintenance/updating are important to companies implementing IoT solutions.
Intel recognizes that security is of paramount importance in IoT gateways and does an excellent job of implementing security both at the silicon and software level.
For application and operating system security, the hardware-based security of Intel processors has been supplemented with operating system and application software security. McAfee Embedded Control technologies enable seamless, secure data flow from the edge to the cloud and protect data while in flight or at rest.
Intel added software security protection using Wind River’s Helix Device Cloud and Intelligent Device Platform solutions to provide cloud connectivity for device configuration and integrating disparate enterprise IT systems. The critical foundation of IoT gateway security is in the silicon –– the security built into the Intel processors –– and then is supplemented by software security to provide a provably secure IoT gateway.
The semiconductor industry at large is struggling to deal with these immediate security challenges, as most vendors do not have adequate security expertise or verification processes in house. A stopgap solution that many companies have implemented is to form small security teams that work in parallel with the silicon design and verification groups. These security teams struggle with battling the constant tapeout deadline pressure, where design and verification groups are so deadline driven that security is usually only an afterthought.
Even worse, in most cases, the security teams are not sure exactly how to address the problem due to their lack of experience. They think simply inserting a FIPS 140-2 compliant data encryption module is enough to meet the security requirements for their chipsets. Not hardly.
Security concerns related to access control, key management, on-chip test logic, debug states and many others are often overlooked and cannot be addressed and updated in the field like software security issues.
As well, executive managers confront significant and immediate challenges due to the new requirement to provide silicon security. The task of balancing the business pressures of implementing security best-practices while simultaneously reducing spending and the time to market to remain competitive and profitable can be daunting.
A low-risk, short-term solution is to contract with security experts to educate engineering and internal security teams on what the threats are and how to prevent them. A professional services engagement with silicon security experts provides a low-cost method for finding potential vulnerabilities in a company’s current silicon designs long before tape-out, thereby not risking a delay in product shipments.
This type of third-party product analysis has been well adopted by the software community. Google, Facebook, Adobe and others have implemented a “bug bounty” where they reward people for finding their security vulnerabilities.
The suggestion here is not for semiconductor companies to release their register transfer level (RTL) code to the public. Instead, the advice is to have third-party silicon security experts come on-site where they can apply their unique silicon security expertise and tools to formally verify silicon designs are free from vulnerabilities.
Much like in the early 1990s when RTL experts were employed by semiconductor companies to expedite their transition to RTL design flows, hiring security service providers expedites the development of internal capabilities for securing future silicon designs.
One such company is Tortuga Logic. It provides Hardware Security Assessments (HSAs) that allow its hardware security experts to search for and resolve vulnerabilities on silicon designs. The final deliverable of professional services engagements is a detailed vulnerability report that allows engineering teams to understand the threats that exist and how they can be resolved.
Longer-Term Strategy Needed
While effective, bringing in security service providers is a short-term solution. Instead, longer-term strategies are needed, including better security design practices, software and verification methodologies to meet the challenges of silicon security.
One solution would be to implement a security language and security property verification environment for a uniform way to specify security properties that could be fed into standard silicon verification flows for formal verification, simulation and hardware emulation. This long-term strategy would provide an efficient and low-risk way for companies to implement rich methodologies and software to independently verify security properties in future silicon designs.
Make no mistake –– hackers are getting bolder as they focus on systems hardware and not just the software. Security threats, especially in the automotive and IoT sectors, are becoming so pervasive that companies must devise a long-term strategy to combat them. Security service providers can help ensure internal capabilities meet security standard requirements. Longer term, a security verification environment will be the most fail-safe and effective solution.
Dr. Jason Oberg is chief executive officer of Tortuga Logic, overseeing its technology and strategic positioning. He is the founding technologist of Tortuga Logic and brings years of intellectual property that he successfully transferred from the University of California. Dr. Oberg has a Bachelor of Science degree in Computer Engineering from the University of California, Santa Barbara and Master of Science and Ph.D. degrees in Computer Science from the University of California, San Diego.
 Cisco: www.cisco.com/c/dam/en_us/about/ac79/docs/innov/IoT_IBSG_0411FINAL.pdf
 EETimes: http://www.eetimes.com/document.asp?doc_id=1329699&