Change Location Europe - Flag EUR
 
Mouser Europe - Flag Mouser Europe

Incoterms: DDP is available to customers in EU Member States.
All prices include duty and customs fees on select shipping methods.

Incoterms: DDU applies to most non-EU customers.
Duty, customs fees and taxes are collected at time of delivery.


Please confirm your currency selection:

Euros
Euros are accepted for payment only in EU member states these countries.

US Dollars
USD is accepted in all countries.

Other currency options may also be available - see
Mouser Worldwide.

Bench Talk for Design Engineers

Bench Talk

rss

Bench Talk for Design Engineers | The Official Blog of Mouser Electronics


How IoT System Design Makes a Difference Sravani Bhattacharjee

(Source: metamorworks/Shutterstock.com)

According to multiple market research reports, Internet of Things security is a top concern for both industrial and individual consumers. Secure design without driving up price is a delicate balancing act for system designers. Add to that the organizational pressures to accelerate time-to-market.

In the case of IoT products, an additional challenge is the lack of integrated security standards and certification guidelines. Nevertheless, in IoT markets, secure design is no longer only a design imperative but also a competitive differentiator.

The cyber-physical attributes of IoT products expose them to new types of threats unseen in traditional computing systems. Successful exploits of these threats directly affect not just the product lifecycle but also its market longevity. In this blog, we’ll take a look at a full-stack approach to integrate secure design in a way that reduces both complexity and implementation costs.

Security Begins with Silicon

Because of direct exposure to physical environments, IoT systems are vulnerable to many complex attack scenarios. Software-based security alone cannot safeguard against these threats. A hardware-based, tamper-resistant trust-model has been demonstrated to outperform software in many attack scenarios. By establishing the root-of-trust in silicon and by storing secrets in hardware, vaults can significantly harden the system. Hardware-based security offers power-efficiency. The complexity of firmware updates can be reduced by using IoT-specific security solutions.

Infineon’s OPTIGA Trust family, for example, offers many turnkey trust solutions at the silicon layer. OPTIGA™ Trust X (SLS 32AIA) is a high-end security controller that can be integrated into products across a wide range of industrial automation, consumer, and smart city use cases.

Crypto-accelerators help to embed cryptographic capabilities within small form factors. Hardware security modules (HSMs) and Trusted Platform Module (TPMs) (defined in International Organization for Standardization and Trusted Computing Group standards) can be used for strong tamper resistance, cryptographic key storage, and key generation using hardware random number generators (RNGs), strong authentication, boot integrity protection, and firmware integrity measurements.

Secure Boot Process and Device Identity

Because IoT devices might not be rebooted for long intervals, it is important to ensure boot process integrity through measurement and validation. This prevents a compromised device from exchanging data. Measured boot, verified boot, and secured boot are three options to ensure device integrity during boot. A range of security ICs is available to reduce the complexity of boot protection and that of managing the integrity metrics.

Once booted, the device needs to authenticate itself using identity credentials. For machine-to-machine scenarios, authentication keys and certificates are more suitable than passwords. In addition to device-level Identity and Access Management, it is also important to authenticate and control access for hardware elements, firmware, application programming interface (API) calls, etc. by adhering to the principles of separation of duty, least privilege, and role-based permissions. TPMs allow the secured authentication of devices and systems looking to connect to clouds, servers, and other devices.

Securing the software and firmware updates is also crucial for connected systems to prevent malicious code in the system that could lead to dire consequences. Digital signature verification and hashing are two common mechanisms to secure firmware updates.

Securing Communication

In M2M and machine-to-cloud communications, embedded systems need to communicate over heterogeneous networks involving various standard and proprietary protocols. To protect against eavesdropping, message tampering, etc., VPNs, encrypted tunnels can be used. Resourced-constrained systems with small-footprint (sensors, actuators) can rely on gateways for secure communication.  Third-party security ICs can be used to store keys, certificates used in the communication protocols and cryptographic operations.

Protection of Data Integrity

Data integrity is a critical part of product design because compromised data can sabotage the entire IoT ecosystem. Data includes device-generated raw data, secrets, libraries, binary executable, configuration and log files, etc. These can be classified as:
 

  • Stored data – Data-at-Rest (DAR)
  • Runtime data – Data-in-Use (DIU)
  • Sent/Received Data – Data-in-Motion (DIM)
     

Traditionally, checksum is used to validate data integrity, but the IoT threat landscape requires more advanced integrity controls. Cryptographic signatures can attest to data integrity at any point in the workflow. Hardware trust root or TPM is usually used for the signing. The signing key can also be securely stored there. Some of the common data integrity measures are shown in Table 1.

Table 1: Common Data Integrity Measures (Source: Practical Industrial Internet of Things)

DAR

Symmetric key encryption using software-enabled stores, secure storage of secrets/keys in hardware/Trusted Platform Module.

DIU

Policy-based blacklisting or whitelisting of files; control memory rights access to protect memory regions from unauthorized access; and runtime process integrity attestation, secure coding, buffer overflow protection, input/output checks. 

DIM

Integrity using signed message digests, session key-based encryption, digital certificates.

Leveraging IoT Security Platforms and Plug-ins

For system developers, complying with a myriad of cybersecurity standards is a major challenge in IoT design. IoT security platforms and products resulting from ecosystem partnerships among security vendors can ease the burden. These integrated security platforms provide robust hardware and software design and toolset that system designers can either replicate or customize to fit their application needs.   

Conclusion

System designers face multiple technical and business challenges in designing adequate security for IoT systems. A full-stack approach for security should be followed to ensure that adequate security at every layer of the system has been considered such as hardware, boot process and firmware update integrity, communication, and data integrity. Designing security also needs to factor in use-case security requirements, as not every use-case or system requires the same level of security.



« Back


Sravani Bhattacharjee has been a Data Communications technologist for over 20 years. She is the author of “Practical Industrial IoT Security,” the first released book on Industrial IoT security. As a technology leader at Cisco till 2014, Sravani led the architectural planning and product roadmap of several Enterprise Cloud/Datacenter solutions. As the principal of Irecamedia.com, Sravani currently collaborates with Industrial IoT innovators to drive awareness and business decisions by producing a variety of editorial and technical marketing content. Sravani has a Master's degree in Electronics Engineering. She is a member of the IEEE IoT Chapter, a writer, and a speaker.


All Authors

Show More Show More
View Blogs by Date