Perspectives on Security by Design in IoT-connected devices: OTA updates and Hardware Security ModulesProfiles
The Device Chronicle interviews Claus Gruendel, GM, and Christian Ullrich, Head of Product Management Security from IoT device security integrator Swissbit on security for IoT-connected devices.
Claus and Christian begin by concurring with leading market trends and requirements emphasized by the EU Cyber Resiliency Act , and that “Security by design” is a must-have for IoT products and services developed today. Swissbit offers off-the-shelf embedded security for IoT devices in a plug-and-play manner with its iShield product line. Christian explains that this allows a product manager to focus on the operative core of their application and make use of security experts’ knowledge whose task is to keep up with the continuously evolving security technology, standards, and regulations. Besides having a secured product and being compliant to regulations, this also allows the product manager to speed up their time-to-market.
Many connected devices have already been installed in the field over the past decades and have not the latest security standards built-in by design. A retrofit solution is available as well to upgrade legacy IoT devices like gateways, controllers and alike to today’s level of security. This is particularly interesting for product managers, who do also need to take care of the after-sales services and maintenance on behalf of their customers – or as an upgrade opportunity.
Focus on the root of trust
The core element of the end-to-end IoT security is the hardware root of trust, the so-called hardware security module (HSM), which is being embedded or plugged onto the IoT device to be secured. It uses public key infrastructure (PKI) technology in combination with a secure element in order to keep the keys and certificates in a “vault” and enables secure identification and communication. It is a password-less approach and solves one key problem of secure cryptography – namely where to store the keys, respectively certificates such that they cannot be extracted / stolen.
Christian outlines the main benefits of the HSM as:
- Enabling secure device authentication – among others enabling a zero-trust network architecture
- Providing robust security for sensitive data – like confidential company data, operational data, privacy information, or user credentials (in a local secured storage and in inter-device communication)
- Protecting against unauthorized or tampered firmware updates – firmware updates are required to patch potential vulnerabilities and keep a high level of security in future. Firmware updates need to have ensured authenticity and integrity
- Facilitating compliance with regulatory standards – typically the HSM itself has already been certified by several standards and will consequently facilitate the regulatory compliance of your whole product or system.
Primary use cases
Claus adds that security and privacy are of high interest in every industry sector. To support these interests, the capabilities of a hardware-based encryption can be used in different applications, for instance for secure identification, authorization and secure communication for IoT-connected devices, Automotive / connected cars, Aviation, Manufacturing, Smart Buildings, Energy & Utilities, Telecommunications and other critical infrastructure. In addition, sensitive privacy information which requires confidentiality can be encrypted and locked from unauthorized access, which is particularly important in several countries for the areas of healthcare / medical devices, and video surveillance.
Key drivers for IoT device security
Both Christian and Claus agree that the Covid pandemic has accelerated the digitalization in all areas to ensure business continuity. In recent years, many companies also hooked up core business applications, devices and factories to the Cloud, but security was not growing at the same speed. Some reasons include that many people have a basic security level like username and password included and deem this sufficiently secure, but security standards and hacker techniques have strongly evolved over the past years in an unprecedented way. Christian provides two examples of this: First, the traditional security concept from the “castle with strong walls” (network with firewall) considers everybody as trusted once you are (physically) inside does not reflect modern way of home / remote working or remote monitoring / control of machinery. There is a clear trend towards a zero-trust network architecture, with a micro security perimeter around each device.
Second, though we as human users got trained in realizing social engineering and phishing attacks, the number of companies that got hacked in recent years has skyrocketed. Operations and production still stand and ransomware payments have become a lucrative business model for hackers. That is why cybersecurity overall, and IoT device security in particular, got big attention in the media and accordingly at C-suite and legislation makers.
OTA software updates are key
As mentioned above, to continuously ensure a high level of security also in future (avoid the exploitation of potential vulnerabilities), it is necessary to keep the firmware and software of the connected IoT device updatable in a manageable way. Christian concludes that the over-the-air (OTA) update is a vital component to ensure utmost resilience now and in the lifetime of the device, which can be several decades.
This goes hand-in-hand with the need to ensure the proper integrity of the software update (e.g. via code signing) and to avoid that an unauthorized (e.g. open source code with additionally programmed vulnerability) or older software version (still including a vulnerability – “rollback”) is being applied. The HSM contributes to ensure integrity and also the secure and trusted identification and authorization on who wants to do the update.
Swissbit is a partner of Northern.tech – a leader in IoT device lifecycle management and publisher of the Device Chronicle blog.