At this week's Chicago IoT Meetup, Roman Budek of NXP gave a talk on understanding and implementing embedded system security. What follows are the high points of the talk:
1. What makes IoT security unique? The IoT will consists of billions of connected, embedded devices. The more embedded devices connected to a gateway, the greater the security risk..
2. Why is it important to secure all end nodes? If a connected thermostat for a commercial freezer in a restaurant was hacked, the result could be food spoiling. If a connected treadmill was hacked, the hacker could cause the treadmill to accelerate unpredictably and possibly causing the user to fall. More than anything else, a hacked embedded device can damage a company’s brand. Hackers know what devices are vulnerable because the vulnerabilities are published on websites such as Shogan.tech.
3. Since many IoT embedded devices are in the field, upgrades pose a risk because reflashing the firmware can be done by an unauthorized source.
4. You can design the most secure gateway in existence but if your customer connects to a hotspot, for example, that is infected, you are at risk.
5. There are many types of embedded device security risks. They include:
- Remote attacks on a cloud service provider
- Physical attacks (e.g., using side channel) on peripheral systems (e.g. door lock)
- Vulnerable or compromised device from unknown origin that compromises home network from the inside
- Remote attacks on home devices (gateway or IP edge nodes) from cloud
- Attack from an infected Smart phones/watches (rogue App. Pin code phishing, etc.)
- Decommissioned devices used as Trojan horse to compromise other networked devices
6.While open source dev boards like Arduino make it easy for development, it also means that hackers know their vulnerabilities.
7. The 6 tenets of IoT security are:
- Identity/Authentication
- Authorization
- Audit
- Confidentiality
- Integrity
- Availability
8. The goals of embedded security include:
- Data Integrity: to prevent data snooping and detect data alterations
- Code Integrity: prevent code theft; detect code alterations; allowing authorized code changes only
- Device integrity: protecting cryptographic keys and prevent product counterfeits
9. The Basics of Cryptographic Algorithms
- Objective-- scramble data so that only select entities can decipher it
- Can be implemented in software or hardware
- Hardware implementations can save performance & power
Source: NXP
10. There are two basic types of cryptography algorithms:
A) Symmetric – same key can encrypt & decrypt
- DES, 3DES, Blowfish, AES are symmetric cryptographic algorithms
- AES is the most popular due to its strength – no published reports of successful hack
- 128-, 192- & 256-bits are frequently-used key lengths for AES algorithm
- Pros: Faster than asymmetric cryptography
- Cons: Difficult to distribute & protect the shared secret key securely
B) Asymmetric – different key required for reverse operation
- Public & Private Key pair per system
- Only the Private key is kept secret
- Keys operate “one-way”
- Public key encrypts -> Private key decrypts
- Private key encrypts -> Public key decrypts
- Commonly used algorithms: RSA & ECC
- Keys can be up to 2048-bits or longer
- Pros- Easy to manage, scalable
- Cons - Slower than symmetric cryptography
11. Why is Data Integrity Important?
A) Unencrypted messages
- Hackers can snoop messages
- Hackers can substitute, replay or monitor messages & create havoc
B) Encrypted messages
- Message cannot be read without key
- Cons: Enabling encryption reduces payload size
- Cons: Takes time to decrypt the message before it can be used
12. Data Security- Components and Solutions
Source: NXP
13. Code Integrity - Components and Solutions
Source: NXP
14. Device Integrity - Components and Solutions
Source: NXP
15. Protection Embedded Systems
16. What Security Problem Does My System Have?:
Source: NXP
Top Comments