When talking about the internet of things (IoT), we often think of the security vulnerability of connected devices in the same breath. However, it’s not that simple, since there are challenges to maintaining security in the cloud where most IoT platforms reside. In this article, we consider what we consider is a better approach to IoT security, the concept of confidential edge computing. To illustrate this, we’ll look at typical IoT cyber risks, a new hybrid cloud model that includes public and private cloud areas, and new cloud security technology.
Where are the IoT cyber risk points?
There are plenty of cyber risks associated with the overall architecture of connected devices.
- In the edge on the device itself, the place where the data is collected, very often also pre-processed and analyzed, and transmitted to a larger node or “gateway”
- In motion related to the data in transit i.e. on its way from the device to the gateway, and from the gateway to the backend where the data are stored and the business logic is running
- In process related to the backend where the data is finally processed, analyzed and made available to the end-user as actionable information or distributed back to the edge
- At rest related again to the backend where the data is stored.
Why the device is vulnerable
We tend to intuitively focus IoT cybersecurity on the device, often perceived as the weak point of the chain. Any IoT enthusiast will think about how a connected fridge can be used to access credit card details or how video cameras have been used to perform DDoS (distributed denial of service) attacks or how researchers have demonstrated the ease of hacking a pacemaker or an insulin pump.
This is due to two main reasons. Firstly, IoT devices are by definition connected which means they can be remotely accessed by hackers. Secondly, embedded systems function in a constrained environment with limited power, processing and memory capabilities. This eventually reduces the portfolio of protection mechanisms that can be implemented.
Device integrity and data protection not always a priority at design phase
Existing and new technologies offer a wide range of possibilities to protect device integrity and the data being collected, analyzed and transmitted. This does not necessarily mean that they will be implemented. That is because they may not pass the trade-off calculations at design phase, where cybersecurity may rank as low priority. Extra mass and cost are the primary killers. A subjacent reason is that security is still out of the comfort zone of many embedded engineers.
Despite these barriers, the adoption of various security mechanisms is growing. Such mechanisms include software protection, TEE (trusted execution environment), having a security zone inside the microcontroller, or a full hardware separation involving a secure element or cryptochip.
Don’t blame the cloud for security weaknesses
Counterintuitively, recent attacks and research have shown that devices are less vulnerable than the backend implementation, whose weaknesses hackers exploit to penetrate IoT architectures.
Why is this? The main reason is the enormous popularity public cloud providers have gained in the last decade. There has been a shift in the IT industry from the old-fashioned all on-premises model, in which companies were buying and operating traditional servers, to the public cloud era, and the advent of cloud providers such as AWS, Google Cloud and Microsoft Azure. Consequently, any company that is less than 10 years old is likely to use a cloud-only approach and will neither own nor operate servers.
As a recent, innovative, tech-driven market, IoT therefore relies on cloud-based solutions to handle security-sensitive data and software.
Among the benefits of the public cloud, security is not often cited as a prime example. This is unfair to the big cloud providers because their infrastructures are usually very well-defended and difficult to attack. They also now offer complete APIs (application programming interfaces) that enable the implementation of fine-grained access control and monitoring. In other words, the tools are available, it is up to the users to use them correctly.
The three pillars of data security
The three pillars of data security are confidentiality, integrity and availability. Public cloud providers actually score well in two of these pillars: availability (difficult to beat) and integrity. However, they score low on confidentiality depending on the geographic locations, political and legal requirements (for example, the Cloud Act in the U.S.).
Recent attacks, even outside of IoT, showed that hackers exploited weak configurations of public cloud services to access sensitive data. The reason that hackers succeeded in obtaining sensitive information stored on a public cloud had nothing to do with the security mechanisms implemented by the cloud provider but were rather the result of little mistakes made by the end users, typically in the Web Application Firewall (WAF) that controls the access to the cloud network or by leaving credentials unprotected.
These little mistakes are almost inevitable for companies that have a cloud-only infrastructure. However, by demarcating sensitive and non-sensitive information, this could help their IT teams in setting up the cloud services to achieve safer security practices. Those mistakes emphasize the need for a broader security expertise aiming at defining the security architecture to be enforced on the overall system and at finding out whether the security features of the cloud provider need to be completed by additional protection mechanisms.
A first logical step consists of demarcating sensitive and non-sensitive information, to help the IT team establish appropriate priorities.
Hybrid cloud: towards a more secure compromise
As a result, the deployment of hybrid cloud models to secure networks of connected devices is gaining considerable traction. The hybrid cloud model separates sensitive and critical data and software and stores and manages it in a dedicated environment, the private cloud, while the rest remains in a public cloud.
However, when dealing with sensitive data and critical software requiring state-of-the-art protection, current technologies are not suitable. Indeed, banks, large multinationals and governments rely on security hardware, which is recognized as the benchmark in terms of security performance, to protect their assets.
For example, banks use the hardware security module (HSM), developed in the 1980’s to foster the adoption of electronic banking transactions and generate and store cryptographic secrets. However, HSMs are not easy to deploy because they are often relying on the use of the PKCS#11 protocol. PKCS stands for public key cryptography standards. These are a group of public-key cryptography standards that standardized the language used to connect software to security hardware.
Connecting the software in which the business logic is applied to security hardware following these standards is exceedingly specialized and better left to experts as it is a complex and error-prone interface to work with. At present only banks, multinationals or governments can afford this level of protection.
Plugging the remaining gap: hardware security for private cloud
As a result, most companies facing increasing levels of cyber threats cannot benefit from the best protection tools available because they lack expertise, resources and time. In short, money.
It is time to change that paradigm by making these protection tools and in particular the security hardware used in the backend to form a more technically and financially accessible private cloud. This new approach will make emerging markets like IoT much safer and, in the future, will encourage a greater adoption of the technology thanks to a higher level of trust.
To accelerate the deployment of the private cloud model, future solutions will offer the same level of accessibility and ease of use associated with a traditional public cloud so that the end-user does not see the difference and will be always free to choose the best approach.
Technically, it means that all the modern cloud computing tools such as software virtualization has to be made easily compatible with the best hardware security equipment so the end-user is free to deploy its application on a public cloud or a private cloud without extra effort required.
Extending the approach to achieve confidential edge computing
Edge computing is gaining more traction every day, enabled by technologies like tiny machine learning or TinyML which provide significant processing capabilities and can be deployed in a distributed architecture. However, by collecting valuable data, running sensitive software and connecting to the backend, the edge will inevitably face new security challenges.
The advantages of the hybrid cloud approach described above for the backend infrastructure can also be applied to the edge with the same benefits in terms of security. In addition, isolating sensitive data and critical software enables to balance the load between the edge and the cloud via a secure channel. This helps in optimizing the performances of edge computing without compromising on security.
This approach, confidential edge computing, goes beyond the traditional distinction between the backend and the edge to put security first. The principle is to separate what is sensitive or critical, and what is not – regardless of where it is located. Achieving this mindset will enable a major transformation in IoT security.
Mathieu Bailly is VP confidential edge computing at CYSEC SA, a Swiss cybersecurity company. He oversees product development and activities related to the IoT, space and maritime, where cybersecurity is not yet regulated and has become a major concern. He holds a MSc in materials science from the Grenoble Institute of Technology in France and a PhD in chemical engineering from Queen’s University, Canada.