Protection starts at the weakest link

Most readers will know that while the term IoT may be relatively recent, the concept has been around for many years. The Things are, of course, embedded systems, which can trace their history back to the birth of the MPU. The difference between those early devices and the Things of today - apart from the extraordinary increases in performance and functionality - is that the latter are connected to the internet, either directly or via a gateway.

As with the spread of internet access for personal computers, this progression provides many opportunities for sharing, collaborating and learning but also exposes users to a greatly increased risk of unauthorised access and tampering.

In a traditional 32- or 64-bit embedded system, applications frequently sit on an OS that has been ported to the target hardware and use the OS’s API to perform localised functions. In the IoT, both the top and bottom of this structure are rapidly becoming virtualised. At the top, access to the web is driving many device-resident applications to be replaced by remote applications that use web APIs instead of OS APIs. At the bottom of the stack, hardware is being virtualised, enabling designers to more easily upgrade operating systems or use multiple OSs in a single system to match the best product to each subsystem component.

IoT Things must virtualise not only processing, storage and network resources but also a whole host of additional hardware including many types of complex graphics and human interfaces, wireless connectivity and sensors. Often they also juggle mixed-criticality workloads: safety-critical real-time OS for one subsystem, consumer-grade OS for another. These hypervisors - or Thingvisors - can also be seen as a software root of trust upon which designers can develop an overall robust and secure system.

Some mistakenly believe that cloud security can be assured by only fortifying data centres. However, every node of connectivity spreading out to the remote end points of a network are vulnerable and where the real danger lies. The same is true for the IoT. Attackers always seek out the weakest link first and, if a Thing is only partially protected or even unprotected, it will be targeted - it’s just a matter of when. Once taken over, the Things can be used individually, or en masse, to not only access a central server, but they may also hold valuable personal information, particularly as we increasingly use devices to monitor and report our health, social activities and location. And the more the IoT grows, the bigger the target the aggregate value of the Things represents.

Relying on a secure HTTPS-connection between the Thing and the cloud to protect data is optimistic due to the range and variety of links over which IoT information will flow. It will not be practical for developers to know how data will flow across the net and whether or not the various linking systems will be worthy of trust. Consequently, the best approach is to adopt a zero-trust strategy where we assume the cloud is inherently insecure. The hypervisor-based platform architecture, coupled with a hardware root of trust, provides a powerful and essential foundation with which developers can build such secure IoT systems.