Providing effective internet of things (IoT) security in new product development involves planning for more than just the hardware design – much thinking needs to be done around modeling of risks and vulnerabilities that the device might experience through the entire lifetime of the product, all the way to obsolescence.
In our podcast, embedded edge with Nitin, we explore issues around implementing security, understanding safety, vulnerabilities, threat modeling and a holistic ecosystem approach to planning for IoT security in product development. We also look at this in the context of connected medical device security.
There are plenty of challenges in a world where everyone wants to connect devices to monitor systems, gather data and do something with that information. What happens if the system is hacked or over-the-air updates inside code that might compromise the system, steal data or do something sinister with it. What if the bad guys take control through connected networks and bring on a doomsday scenario?
The problem is that chip development is focused on getting smallest silicon size, lowest power consumption and lowest cost. I’m often told that adding security to devices would just add to the cost and makes no sense. Until of course the system is breached.
Often referred to as ‘secure-by-design’ development, most security experts would advocate that addressing the security of a product at the design stage is proven to ensure lower costs, and requires less effort than trying to install security once a product has been deployed or after a security breach has occurred. The forward planning requires decisions related to business model, liability level and risk management as well as the expected technical considerations such as architecture, design features, implementation, testing, configuration and maintenance.
In the podcast, we’ll speak to John Moor, managing director of the IoT Security Foundation, Sharon Hagi, chief security officer for Silicon Labs, and Emmanuel Sambuis, director of marketing for the consumer business for Silicon Labs.
Moor gives us the background to the formation of the IoT Security Foundation (IoTSF) in 2015, and how its’ role has evolved in providing industry with advocacy and frameworks for IoT security. He told us, “I found out very quickly it [IoT security] pretty much underpins everything that I know about every industrial sector that we care to mention, whether it’s consumer, whether it’s industrial, whether it’s transport, healthcare, entertainment, you name it. This has a major role to play.”
He says the IoTSF has three founding values: security first, fitness of purpose, and resilience. The resilience aspect is the most important, because security is a ‘moveable feast’. “Once a product goes out and leaves the factory, it has to be maintained whilst it’s in operation. That’s because products are so complicated now and the systems are so complex, that vulnerabilities will appear during the operational lifetime of the product. And because of that, security needs to be fixed while it’s in the field.” He adds, “The obvious thing we can do is make sure that we have processes where we can do security updates. But in itself that becomes an attack vector. So we have to look at security around doing things like updates.”
Moor also said IoT security regulation is coming, so designers don’t need to wait, they can plan for it now. He also describes the background to the foundation’s vulnerability disclosure report.
Meanwhile, Sharon Hagi of Silicon Labs explains the reality of securing silicon to cloud and how engineering needs to look holistically at the IoT ecosystem, and not just the device. He explains, “In security there’s a principle that we often use. That is, security is really only as good as the weakest link. The adversary is always going to gravitate towards the weakest link in the design and exploit that to essentially breach or defeat the network or the system. And so as defenders, we’re really looking to minimize or reduce the weaknesses in the system. And that means looking for weak links everywhere. And make sure that we address those with appropriate controls and mechanisms.”
He uses medical devices, as an example: “You need to think about how to protect the actual medical device – for example, the insulin pump – from being compromised by an attacker that is in the vicinity of the patient. Maybe they’re connected to the same wireless network, maybe it’s a Wi-Fi network, maybe it’s a BLE connection of some sort? And how do we make sure that the attacker can’t attack the device with the network or through some kind of physical contact with the device? Could they get possession of the device, modify it in some way, tamper with the electronics and then return it to the patient without them knowing and causing harm that way. Is there a way for the attacker to intercept communication to the mobile device and tamper with that? Is there a way for the data to be modified or eavesdropped on its way to some cloud application that is responsible for collecting telemetry?”
This level of threat modelling will be essential he says, in order to build in security into IoT devices.
Emmanuel Sambuis then goes on to explain the regulations coming for medical devices, and particularly the work that Silicon Labs is doing with DTSec, the Diabetes Technology Society’s group working on a cybersecurity standard for connected diabetes devices. Sambuis said, “One of the key requirements is going to be the over-the-air (OTA) updates or the ability to remotely upgrade the content of those medical products. This could be done in the background, in what we call inside of secure vault, our ability to perform security root of trust, coupled with of course, the BLE connectivity because it is over-the-air.”