Protecting Smart Home Devices from Security Breaches
Design security need not take a back seat, even in the race to be first to market with smart, connected home products.
Navigating traffic on your way to work, you realize that you may have left your bedroom light on. No need to turn back. All you have to do is click off the lamp from your smartphone app. Smart home devices for applications like lighting, security, and temperature control can make our lives more convenient. But worries rise when these seemingly innocuous devices get hacked, opening avenues to potentially dangerous and harmful situations.
Last year, a Boston-based cybersecurity firm reported on how vulnerable Internet-connected baby monitors are because many lack basic security features. Rapid7 found problems like hidden, unchangeable passwords; easy access to device account numbers; and unencrypted data streams. Not only could a hacker gain access to the monitor’s video stream of a child, but intruders could also transmit their own voices and video feeds through these systems. This past fall, hacked CCTV video cameras and DVRs were used to launch a large-scale distributed denial of service (DDoS) attack that sparked a massive Internet outage affecting many popular websites, including Amazon, Tumblr, PayPal, and Reddit.
Clearly, consumers have plenty of reasons for concern. But so do businesses that want to protect against cloning, counterfeiting, reverse engineering, and the brand damage that can follow. That’s why security must be a primary—and early—consideration for the design of any smart, connected home device.
Security Needs to Be Smart, Too
Gartner expects that by 2020, the world will have 20.8 billion connected things, up from 6.4 billion this year. That’s quite a big jump in a short timeframe—and a big market opportunity that many companies don’t want to miss. Yet, as Gavin Kenny notes in IBM’s Security Intelligence blog, “In the race to be first to market and meet the need for zero-setup equipment, security on many IoT devices is woefully inadequate.”
What does it take to build more security into smart home products? First, account for the fact that many IoT devices are integrated into a network—a breach into one device could potentially expose others to malicious attacks. Next, integrate security early on into all levels of the design, from the sensor node to the chip to the system and the cloud. In his blog post, Kenny argues that security itself needs to be smart: “It has to be automated, self-maintaining, adaptable and maybe even cognitive.”
Verify, Validate, and Authenticate Everything
From a design standpoint, it’s critical to verify every connection and interface, comply with relevant standards, and conduct quality assurance testing to root out potential problems. Techniques like secure boot, secure key storage, encryption, and authentication are essential. With secure boot in place, an electronic device executes authenticated, i.e., trusted software in order to operate. The device can accomplish this via a microcontroller containing software that cannot be modified (called the “root of trust”). Once the microcontroller is powered on, it runs this piece of software first; the software starts the application code after it has successfully verified its signature. Signature verification takes place using a public key that has been loaded into the microcontroller. In addition to ensuring that a system boots into a known, safe environment and providing on-chip storage of encryption keys, a secure microcontroller can also perform normal tasks, including executing software, monitoring sensors or other inputs, and controlling outputs within a system.
Secure, two-way authentication—where two entities must prove their identity to each other—helps protect against malicious attacks. Cryptographic algorithms involving symmetric keys, for example, the Secure Hash Algorithm (SHA-x), can be used for two-way authentication. With symmetric keys, the host and slave must operate from the same secret key, and the secret has to be protected from disclosure attack on both sides.
Two disadvantages associated with symmetric key-based systems are: (1) key distribution/management, and (2) the need to protect the secret key inside the host system as well as the slave system. Since the host and all slaves within each symmetric key-based system ultimately share the same unique secret key, a key derivation and establishment method must be deployed to prevent the number of keys growing to an unmanageable state.
To address these drawbacks, cryptographic algorithms involving asymmetric keys, for example the Elliptic Curve Digital Signature Algorithm (ECDSA), can be used instead. With asymmetric keys, the keys are different but related mathematically. The host utilizes a public key (which doesn’t have to be protected against disclosure), and the slave utilizes a corresponding private key (which must be protected). ECDSA is advantageous because the party that is authenticating the peripheral doesn’t have to securely store a secret. Instead, the authenticating party can use a public key that can be distributed freely. Thus, asymmetric algorithms solve both the key distribution problem and the need to secure the key in the host system.
Within a system, there may be a need to go beyond simply authenticating a peripheral, sensor, or consumable to a host system. It may also be critically important to ensure that the data being monitored and sent from a sensor to an aggregation or decision point has not been modified, or that control signals being sent to a valve or actuator are not compromised. Authenticating the data chain from the protected sensor node to the web server, or from the web server to the system controller/actuator, is often an important consideration in order for any system to be deemed secure.
Low-Power, Secure Microcontrollers and Secure Authenticators
The foundation for safer IoT designs lies in their underlying technologies. Secure microcontrollers that integrate advanced cryptography with physical security can protect against physical tampering, reverse engineering, and side-channel attacks. For example, Maxim’s DeepCover Secure Microcontrollers feature integrated secure NV SRAM that is erased instantly when an intrusion is detected. The low-power microcontrollers also feature built-in FIPS-certified hardware cryptographic engines that support industry-standard algorithms, as well as patented real-time code and data encryption to fully protect external memories. For quality and safety assurance, counterfeit prevention, secure boot, usage control, secure GPIO, and peripheral authentication, Maxim offers its DeepCover Secure Authenticators, which implement advanced physical security (Figure 1). And, to protect sensitive data from physical or environmental tampering, the company has its DeepCover Security Managers, which bring together advanced physical security with on-chip, nonimprinting memory.
To ease the process of developing smart and safe connected products, Maxim provides its ARM® mbed™ based MAXREFDES143# IoT embedded security reference design (Figure 2). This design protects industrial sensing nodes and sensors via authentication and notification over WiFi between the node and a web server hosted by Maxim. It uses the SHA-256 symmetric-key algorithm and enables you to quickly integrate your application. The reference design offers a way to eliminate the need to store the secure key in the processor memory. Access to the design is available on the mbed website
In the dash to get to market first with the next must-have smart, connected home product, no one can afford to neglect design security. Techniques such as secure boot, secure key storage, authentication, and encryption can help you make homes smarter and safer. What’s more, ICs with built-in security provide a head start and a strong foundation for you to build upon.
Hal Kurkowski is a Managing Director in the Micros & Security Business Unit at Maxim Integrated, where he has been involved with security-related products for over 30 years, including work at Dallas Semiconductor prior to its acquisition by Maxim in 2001. He is a graduate of the University of Illinois at Urbana-Champaign with a master’s degree in electrical and electronics engineering.
Scott Jones is an executive director of Business Management at Maxim Integrated, where he leads a team responsible for secure authentication products. With over 15 years at Maxim, Scott is responsible for product line management and end-customer business development. Prior to joining Maxim, he spent 15 years in applications engineering and embedded HW/SW design roles at Dallas Semiconductor and other technology companies.