Security-by-design: the proactive approach to IoT device security
As IoT’s applications continue to expand in both industrial and consumer settings, legislation has recognised the potential security risks this extra connectivity brings to our world. Consequently, demands for standardisation in a sector that is sparse in agreement about such matters have emerged. Mainly focused on the consumer side, the UK’s PSTI Act and the US’ Cyber Trust Mark, both commencing in 2024, will set security standards for IoT devices from as early as the manufacturing stage.
This article originally appeared in the Feb'24 magazine issue of Electronic Specifier Design – see ES's Magazine Archives for more featured publications.
While covering elements of hardware, the main emphasis of the legislation will be on faults in the software. For instance, IoT devices should be capable of updating their software to protect against new cyber threats. This is crucial as the security architecture of long-lasting products, such as smart fridges, may become obsolete or inefficient over their lifespan. The ability for devices like a smart fridge to accept updates is possible because the software implemented from the outset allows it to receive software updates. Before bills like the PSTI, some IoT devices lacked this ability.
Yet, this approach, although an improvement, still employs reactive measures to a concern that should be a primary consideration for IoT devices: security. What if devices were more secure from the start?
“Security-by-design’s level of security and reliability positions IoT manufacturers and software developers to meet and exceed stringent regulatory and compliance requirements seamlessly,” Dominique Bolignano, Founder and President of ProvenRun, told IOT Insider.
Building from the ground up
In cybersecurity, there are two strategies: reactive, and pre-emptive. Reactive measures involve responding to attacks as they happen or implementing corrective actions afterwards. The pre-emptive approach, or security-by-design, focuses on anticipating, limiting, and ideally preventing cyberattacks.
Historically, security-by-design was primarily applied to smaller, simpler systems with limited attack surfaces, such as smart cards and payment terminals. It was also used in a more limited fashion for complex systems, often resulting in compromised security.
Thus, many systems were developed without incorporating security considerations, leading to a reliance on reactive measures and the knowledge that they could face unmanageable threats.
Getting it right from the get-go
The reactive approach inherently limits the achievable security level, as applying additional architecture or layers becomes more challenging and difficult with over-the-air updates.
Implementing security-by-design principles at the beginning of an IoT device’s lifecycle is crucial for several reasons. Firstly, it proactively addresses potential vulnerabilities before they can be exploited, significantly reducing the risk of cyberattacks. Early integration of security measures ensures that the device’s architecture is inherently robust against evolving threats. Secondly, it’s often more cost-effective to build security into the device from the start rather than retrofitting security features later, which can be complex and expensive. Lastly, it aids in building user trust and compliance with regulatory standards, as devices are perceived as reliable and safe from the outset.
Companies like ProvenRun integrate rigorous security measures from the earliest project stages and system design. “Our focus is on fortifying the low-level software elements – operating systems, kernels, and drivers – as these form the foundational security architecture of modern systems,” Bolignano explains. “Addressing vulnerabilities at this level is critical due to these components’ inherent complexity and potential weaknesses.”
Bolignano argues that making a device’s software secure-by-design from the beginning acts as much as a deterrent as the software’s security architecture itself. Because it is harder to crack in the first place, it becomes economically unfeasible for attackers to proceed with the hack once inside.
The nuts and bolts of it
Focusing on software-level security, ProvenRun addresses the increasing complexity and re-programmability of software systems – key factors in vulnerability. Software, being more susceptible to multi-step attacks, presents unique challenges compared to more static hardware security measures.
This strategy is focused on integrating robust security measures into the device’s architecture to proactively mitigate potential cyber threats. It starts with a thorough analysis of potential vulnerabilities that could be exploited in the IoT device, followed by establishing a Trusted Computing Base (TCB). “The TCB must be impregnable, as it underpins the security integrity of the entire system,” Bolignano states. The TCB encompasses all the critical hardware, firmware, and software components vital for the device’s security.
Furthermore, formal verification techniques are employed, particularly for complex parts like operating systems and kernels, ensuring that the software behaves as intended in all scenarios. The implementation of a Trusted Execution Environment (TEE) is another key aspect, providing a secure area within the main processor to safeguard sensitive operations and data. This layered security approach ensures that even if one layer is compromised, the device is still protected by other security measures. Designing the device for regular updates and maintenance is also crucial to adapt to new threats and vulnerabilities. This comprehensive methodology ensures that IoT devices are resilient against sophisticated cyber threats, maintaining both functionality and user trust from the beginning.
Security-by-design, as implemented by ProvenRun, is about achieving superior security levels for complex systems with extensive attack surfaces. This includes interconnected systems without local administrators, or those managed by potentially untrusted personnel, and systems capable of remote updates. The ubiquitous presence of such systems underscores the critical nature of this challenge.
Security-by-design in an age of evolving attacks
Yet, even with security-by-design from the beginning, devices are not impregnable. As the industry has witnessed, cyber threats on IoT devices are evolving. “We’ve seen a shift from physical or proximity attacks, which offered limited economic incentives for attackers, to sophisticated logical and remote attacks,” says Bolignano. “These remote attacks are particularly challenging to counteract due to the near-impossibility of tracing the perpetrators, who often operate from jurisdictions with lax cybersecurity enforcement and use cryptocurrencies for transactions.”
Yet as attacks have evolved, so has security. Bolignano highlights how ProvenRun uses formal proof of the most complex parts of the system to ensure that even the most intricate and critical components are rigorously verified for security vulnerabilities. Coupled with the TEE approach, this strategy provides a defence mechanism that is not constrained by the complexity of the systems or the sophistication of cyberattacks. By focusing on these key areas, the security-by-design methodology remains effective and resilient, even as the technological landscape and threat vectors continue to evolve.
So, although IoT’s use is significantly growing, and with it the interest of hackers, so are the security methods used to counteract it. ProvenRun, although only a startup now, recently secured €15 million in funding. Its goal is to become the foundational security structure for billions of IoT devices. Should it achieve that, then security-by-design could become a standard concept for IoT devices.
Product Spotlight
APV1111GVY
Panasonic
Panasonic PhotoMOS® Photovoltaic MOSFET High-Power Drivers
| SKU: | |
|---|---|
| Stock: | 3490 |
| Cost: | $3.95 |
