By: Rob Spiger

IoT security is becoming an imperative. By 2021, it is forecast that 35 billion Internet of Things (IoT) devices will be installed worldwide, a number expected to grow to over 75 billion by 2025, according to Security Today. The IoT revolution will increase the number of computing devices by orders of magnitude. However, these devices will be built from the same imperfect software that we use today, and manual remediation will be much less practical or even unfeasible due to devices being too numerous, too inaccessible, or simply lacking a suitable interface. 

As people increasingly rely on connected devices to make their everyday lives easier, it is imperative that device manufacturers and architects incorporate a security by design approach to protect the device throughout its whole lifecycle, from conception right through to the end of its lifetime. If security is an afterthought for developers, the device presents a vulnerable point for hackers to access or tamper with large amounts of personal or operational data being processed by the device and shared with the cloud. The impact of such a vulnerability can be hugely detrimental.

Security should not be an afterthought

All Internet-connected devices should be designed to protect themselves against network-based attacks. As such, device vendors must employ a wide range of hardware and software-based protection technologies to keep devices secure. Unfortunately, bugs and misconfigurations still lead to damaging exploits despite this. Furthermore, recovering a badly compromised computing device today usually involves manual intervention. For example, a new firmware or operating system must be loaded from an external storage device or a second computer before then being re-joined to network services using passwords or other credentials, often under conditions of physical security.

Technologies that support reliable and secure remote computer management and recovery are already available for more costly devices. For example, service processors or baseboard management controllers (BMCs) are employed to manage desktops and servers, and intelligent backplanes are used to manage blades in data centers. However, these technologies are either unsuitable or inefficient for IoT due to their cost, form factors, power needs, or the lack of an out-of-band management channel.

A clear baseline for security is crucial

For devices to be secured from the start, it is imperative that developers have a robust starting point to work from. With many complexities and vulnerabilities within IoT devices, it is essential to have the ability to identify where these vulnerabilities are and a foundation for understanding how they can be best safeguarded.

The National Institute of Standards and Technology (NIST) is ensuring that engineers have the best tools to support the resilience of platforms against potentially destructive attacks with the three principles stated in its Platform Firmware Resiliency Guidelines (NIST SP 800-193). It outlines a collection of fundamental hardware and firmware components needed to boot and operate a system to protect the platform against unauthorized changes, detect unauthorized modifications that occur and recover from attacks rapidly and securely.

Within the protection principle, the guidelines outline mechanisms for ensuring that platform firmware code and critical data remain in a state of integrity and are protected from corruption, such as the process for ensuring the authenticity and integrity of firmware updates. The document also defines mechanisms for detecting when platform firmware code and critical data have been corrupted, leading to the recovery principle. During this process, the guidelines summarize the mechanisms for restoring platform firmware code and critical data to a state of integrity in the event that they are detected to have been corrupted, or when forced to recover through an authorized mechanism. The recovery aspect is limited to the ability to recover firmware code and critical data.

New tools for in-depth defense

This standard provides a set of baseline security provisions for all consumer IoT devices. It is intended to be complemented by other standards, defining more specific provisions and requirements for testing and full verification, such as the principles and technologies set out by the Trusted Computing Group’s (TCG) upcoming Cyber Resilient Module and Building Block Requirements specification.

This specification defines a minimal set of hardware and firmware capabilities or mechanisms that enable cyber-resilient devices to be built, even at the lowest end of the cost, performance and complexity spectrum. This includes IoT devices and microcontrollers used in a wide range of applications. It also supports more complex devices by providing resilient capabilities to subcomponents of devices that may have their own computing resources, critical firmware and critical data.