The Device Chronicle interviews Ellen Boehm, VP, IoT Strategy & Operations at Keyfactor and finds out why public key infrastructure (PKI) and encryption on IoT devices must evolve as long as the product exists.
The passing of the IoT Cybersecurity Act in the US late last year has shone the light on the need for IoT device manufacturers to put basic security based on the NIST guidelines into their products. What were previously recommendations are now legal mandates for companies who want to sell to the Federal Government. Enterprises are waking up to the need too for a more stringent approach to the securing of their connected devices and integrating their security into the corporate security framework.
Ellen Boehm is an experienced IoT executive with a background in smart lighting and smart control systems at GE. Ellen also observes the importance of cybersecurity support in IoT products. She sees a clear and present hacking threat in IoT: “We are all aware that a Tesla Model X was hacked last year. A security researcher was able to use his phone as a key fob and used it in combination with a minicomputer to start up the car. He was able to spoof his identity and act as an authorised end point. She says “No company wants to be the next big chaotic OT new story!”
She goes on to say that education about cybersecurity in IoT is very important at this stage. “Often, there is no centralised corporate approach to the challenge of security in connected products. Different products have grown up over time. Often, different engineers and developers have had different siloed approaches to managing IoT projects in their own departments. When the scale is small it’s easy to monitor and secure the connected devices manually.“ She observes that with a connected product line of less than 1000 devices, it is easy to manage a fleet of this size with a CA and do it manually. But what happens when another year passes and another 1000 devices are added to the fleet, and another the year after that. The scale quickly becomes unmanageable and so the risk for human error grows. Amore methodical approach is needed then. Automation comes into play through the creation of alerts, and devices are grouped so that they can be refreshed every two years.
From Public Key Infrastructure on servers to IoT
Organizations that have previously specialised in providing security certification services based on public key infrastructure for securing servers, firewalls and network appliances now see an opportunity to pivot to support enterprise IoT cybersecurity needs. This makes sense as enterprise cybersecurity officers think about harmonising their assets, applying an homogenous security framework and get an holistic overview on their health and any vulnerabilities that might threaten the fleet.
Ellen says Keyfactor has been around for 20 years in enterprise markets., The company understands where certificates lie, when they are issued and when they should be updated or revoked. She observes that “Increasingly enterprises are needing to secure their connections. PKI (asymmetric certificate and public key infrastructure) is a very solid framework for doing security and you can pivot and use it for IoT.” She also says enterprises want to know how to connect into an edge device and leverage their enterprise PKI backend? Furthermore, Ellen believes that enterprises have to ask key questions: they need to probe and understand where the IoT devices they are using in their embedded fleet were manufactured and whether they stack up to the now industry expected security standards.
Key questions for an enterprise IoT security policy:
- What types of hardware assets are in the enterprise?
- Do they have some secure element to store the security key in?
- How can the certificate be generated within the device so that it never transmits data insecurely?
- How can this be implemented on an embedded device assuming it has the capacity to support the cryptography?
Crypto agility and Public Key Infrastructure
Keyfactor specialises in public key infrastructure (PKI), certificate lifecycle management, and in placing keys on connected vehicles and medical devices and other industry use cases where cancelling out cyber threats is mission critical. Ellen says “If you need a key or certificate, Keyfactor can be a partner for secure key and certificate generation and management. We can help IoT customers create an embedded hardware route of trust from which we can create a unique identity. This identity limits private key compromise as it is built into the hardware, stored securely, and has a method of recreating itself as needed. This hardware could be IInfineon or Microchip which Trusted Platform Module (TPM) and ECC secure element chips. If you use this technology in conjunction with Keyfactor, it allows the device to regenerate a key and regenerate an identity every 1 to 2 years as needed and lasts for the lifetime of the product. This is crypto agility as we take the strongest cryptography we can find today and build it into the product. But let’s say you are dealing with a process control system or a large industrial asset, the life cycle could 15 to 20 years and the cryptography that you build into the design at the start of the product in 2021 is going to be outdated by the end of the lifecycle or long beforehand. If you are relying on this for a full 15 years, how can you secure your IoT product for your customers if limitations in the hardware do not allow it? It will be vulnerable to hacking, with innovations such as quantum computing fast approaching, Keyfactor as a company is strategically aligned to help IoT customers prepare for crypto agility.
Use cases where crypto is essential
Crytor is very important in medical device use cases. The FDA has put out crypto recommendations and requirements for devices, as it’s trying to protect patients. Ellen remarks “You do not want an insulin pump or a pacemaker being hacked, as it can impact human life. This is an industry where they say you need to update your identities every few years, you have to have a method, and have secure code signing for the firmware.
Another industry where crypto is critical is the connected vehicle. Keyfactor has a current automotive customer whose 22 model vehicle will use encryption across all the connections within the car from main computer to edge ECUs that need to do braking or other systems in the car. All will use secure encrypted connections, goes over the CANBUS within the car, but will use certificates for secure mutual TLS. This is also extending to autonomous vehicles and electric charging stations. All of these are becoming interconnected systems that need bullet proof end to send security enabled by key-based encryption.
The last industry is industrial control. Customers in turbomachinery controls are doing asset monitoring of substation and power plant equipment. They want to protect who can connect to this critical infrastructure. This industry is putting a lot of effort into not being hacked.
And OTA software updating
Keyfactor also helps enterprises with the code signing of the firmware binaries before they are sent for an OTA or firmware flashing and so it is complementary to OTA software updating solutions such as Mender.io. Given the firmware is signed with a code signing a certificate that is tied to the PKI or root of trust and Keyfactor holds the private key on behalf of the customer. It can be integrated into the dev tool so it’s easy for them to access, in a secure manner. Keyfactor holds an audit trail for the customer who has signed the firmware. The customer can lock and unlock access to the certificate and narrow down the window of risk so only specific developers can get access to sign at one day at one time. There are controls around the signing and auditing and tracking.
We wish Ellen and her colleagues at Keyfactor well as they work to enable crypto agility on the IoT connected devices in enterprise.
Here’s a full IoT cybersecurity checklist.
