When Adding IoT Devices to the Enterprise—Keep it Secure

When will IoT device developers heed the call for full circle IoT-to-IT security?

The addition of Internet of Things (IoT) devices and applications to enterprise IT networks is increasing the attack surface available to hackers. Failure to secure that surface presents a real danger to the security of the overall systems. Traditional computing/IT systems have been working mightily to include robust practices and standards to protect important enterprise devices on their networks. This hasn’t been the case as much for IoT applications that increasingly must attach to and communicate with the IT systems. That remains a primary source for widespread concern, and it has slowed but not prevented the increasing adoption of such devices. The risk grows while the potential advantages of adoption are slowed.

Figure 1: IoT deployments include multiple protocols, controlled access to the public Internet and integration with public Cloud services such as Microsoft Azure IoT Hub, AWS IoT, and IBM Watson IoT.

Figure 1: IoT deployments include multiple protocols, controlled access to the public Internet and integration with public Cloud services such as Microsoft Azure IoT Hub, AWS IoT, and IBM Watson IoT.

According to a study by the Ponemon Institute, 75 percent of respondents say the use of IoT apps significantly increases security risk, with nearly the same number being very concerned about the use of insecure IoT apps[1]. Despite that concern, 44 percent of respondents say their organization isn’t taking any steps to prevent attacks. For IoT device developers to enjoy a ready market and realize maximum growth, something needs to change.

Merging IoT Security with Enterprise Security
While IoT deployments often include architectural features to provide security, the challenge is to smoothly integrate them into the enterprise environment to achieve end-to-end security. Among the security measures found in IoT deployments are wireless protocols such as Bluetooth Smart, Thread, or Zigbee, which require gateways to access the public Internet or even the corporate intranet. The use of firewalls and integration with public cloud services such as Microsoft Azure IoT Hub, AWS IoT and IBM Watson IoT has also helped secure such devices.

Such underlying connectivity technologies as Wi-Fi and Bluetooth may well provide good security at the link layer, but again, that security exists only among the communicating wireless devices and the endpoints they are connected to (e.g., sensor, router, gateway). Now, the challenge is to provide end-to-end security beyond the IoT endpoint all the way to the cloud server. Ideally, this should include a root of trust based on secure hardware. Such end-to-end security needs to address three main concerns: authentication, integrity, and privacy. Clearly, there is a gap between what IoT developers create and what IT architects need.

End-to-End Security from IoT to IT
To ensure the same level of end-to-end security from the IoT level across the enterprise, the Transport Layer Security (TLS) protocol is the first line of defense. With origins in the Secure Sockets Layer (SSL), TLS state-of-the-art algorithms secure a connection between two nodes and ensure:

  • Communicating parties’ identities can be authenticated using public key cryptography. This authentication can be made optional but is generally required for at least one of the parties (typically the server). Such authentication ensures that the end-point connects only to the proper server, and that the server accepts connections only from bona fide end-points.
  • The connection safeguards integrity because each message transmitted includes a message integrity check using a message authentication code to prevent undetected loss or alteration of the data during transmission—caused either by malicious action or unintentional corruption.
  • The connection is private because symmetric cryptography is used to encrypt the data transmitted. The keys for this symmetric encryption are generated uniquely for each connection and are based on a shared secret negotiated at the start of the session.

To provide the highest levels of security, TLS relies on asymmetric public key cryptography in which each communicating entity is assigned a unique and strong private key, and a mathematically related public key. The private key must be kept secure with its owner and not disclosed to any third party. The public key, on the other hand, may be made generally available, as it is practically impossible to use it to determine the private key.

Public key cryptosystems’ structures enable two primary operations:

  • The public key may be used to verify that the holder of the corresponding private key signed a given message.
  • The public key may be used to encrypt a message such that only the corresponding private key holder can decrypt it.

TLS builds on these functions to directly achieve the goals of authentication and ensure message integrity. Privacy is indirectly achieved by using communication under the protection of public key encryption to establish a shared secret that may then allow a more computationally efficient symmetric encryption scheme to protect subsequent communications.

Secure Hardware

With TLS securing the sender, the next step is to protect the receiving IoT end-point. For TLS to secure edge-to-cloud communications, developers need to address the following:

  • Secure storage of the private key in the IoT end-point, so an attacker wishing to impersonate the device cannot retrieve it.
  • Ensuring the authenticity and validity of the public key certificate offered by a server to which the IoT end-point is attempting to connect.

As noted, private keys must remain known only to the IoT end-point to ensure the overall security of the system. If compromised, an attacker could use the private key to impersonate the IoT end-point, intercept communications, or gain increased information for a potential attack on the cloud infrastructure.

While modern microcontrollers and architectures often implement mechanisms to protect non-volatile memory and incorporate cryptographic co-processing engines, such platforms can still be susceptible to discovery attacks using measurement of dynamic supply currents or analysis of electromagnetic emissions and cannot be considered reliably secure. For applications with the highest security requirements, developers should choose a hardware secure element—a device built on tamper-resistant hardware that implements mechanisms to:

  • Store the private key in a manner that makes it irretrievable by all practical means
  • Perform the cryptographic operations necessary to sign and/or decrypt data using the private key

IoT products typically have limited user interface and frequently need to be installed and commissioned by non-expert users. As a result, they must support provisioning flow, which is very simple to follow, while still maintaining security of the overall system. With the device identity and root of trust embedded within a hardware secure element in the IoT end-point, the provisioning process can, without compromising security, enable the device with credentials and details for access to the wireless network and/or gateway via which it will access the Internet.

Figure 2: Enterprise IoT applications require true end-to-end security between the IoT end-point and the Cloud server, with typical concerns including authentication, integrity, and privacy.

Figure 2: Enterprise IoT applications require true end-to-end security between the IoT end-point and the Cloud server, with typical concerns including authentication, integrity, and privacy.

Designing robust security into an IoT product whether a camera, thermostat or temperature sensor, is possible and should be part of every designer’s criteria. Not only will the use of industry standard practices provide a high-level of protection and ease implementation in the field, it will also provide the assurance needed for large enterprise level distributors to come onboard, resulting in a dramatic uptick in market growth.

RustyphotoRusty Stapp is the CEO of UbiquiOS, which enables low-cost Wi-Fi, Bluetooth and LPWAN connectivity for the Internet of Things (IoT) market. Stapp brings nearly 30 years of component and material customer engagement experience to his role. He has led efforts in Europe, North America and Asia for large companies like Texas Instruments and Kodak to VC funded startups. Stapp also worked at NextWindow, where he led engagements with HP, Microsoft and others. He holds a EET from Texas A&M and a MBA from University of Texas at Dallas.

[1] https://public.dhe.ibm.com/common/ssi/ecm/wg/en/wgl03136usen/WGL03136USEN.PDF

Share and Enjoy:
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google
  • TwitThis