From home automation to health care to smart cities and the 4.0 industry, the IoT adds value to data – value which is increasingly hard to do without. The future is bright for these things, which must nevertheless resolve many issues relating to their interconnectivity. Cybersecurity is one area that needs to be seriously addressed by the manufacturers and users of these new technologies, which need to secure the objects and the data they produce.
Founders now propose components that are secure by design, but they remain underused by object manufacturers, whose priority is to resolve issues involving connectivity and reactivity in today’s rapidly changing environment. Economic considerations must also be added to the equation: new investments mustn’t cause a significant rise in an object’s price, which is sometimes only a few euros upon leaving the factory.
It is also important to remember that security by design doesn’t depend solely on these players’ desire to incorporate security on production lines; restrictions and requirements must also be faced with regard to communications, the environment and the physical security of devices. But the fact remains that the essential improvement points have been identified. Below, IDnomic shares its five security by design measures for connected things.
- HARDWARE AND ROBUSTNESS
Connected objects are made of microcontrollers, memory and other electronic components that must be robust enough to survive a cyberattack. To prevent the risk of being compromised, the objects need to have built-in security, especially when it comes to their start-up code (secure boot) and any data stored on their flash drive (secure flash).
Next, processers must be sufficiently powerful to manage the asymmetric cryptography used to encrypt communications. Integrating a secure element to secure the secret needed to encrypt shared data in a specific location in the memory is another solution to consider. Lastly, it is important to rethink the design of software architectures, which need to take these new hardware solutions into account.
- SECURE COMMUNICATIONS
Just like the users and PCs in a secure office network, connected objects must present their digital identity in order to register in the information system and be accepted in the trusted environment. Machine identities are based on characteristics that define the machines.
Digital certificates and cryptographic keys are must-have technologies for assigning this unique identity. These technologies are used to encrypt communications and verify the integrity of any data that transits within the IoT infrastructure, using mutual identity authentication. With this system, communications can only be established with the trust domain’s equipment, which includes the IoT, concentrator, application server and supervision station.
In addition to establishing trust between the object and its environment, the certificate can play a role in various use cases, such as the management of permissions on the application that steers the object fleet, identity authentication that updates the object, or object updating by the maintenance operator.
- CRYPTO-AGILITY AND OBJECT LIFECYCLE MANAGEMENT
To ensure an object’s security throughout its lifecycle, its digital identity must be managed from the day it is manufactured to the day it is discarded. Crypto-agility, which is the ability to manage machine identities in real time in a fully automated manner, has proven essential for the mass assignment, renewal and revocation of identities via certificate management.
This can be accomplished using a Public Key Infrastructure, or PKI. The PKI must be capable of easily managing a large number of object identities and of meeting high demand from machine fleets that are much larger than what is typically encountered in companies. This service must also be compatible with a cloud-based infrastructure which ensures flawless availability through a datacenter that meets the necessary security requirements.
- EQUIPMENT UPDATES
As with traditional IT equipment, IoT security requires a long-term approach in which software and microsoftware are continually updated to prevent new identified vulnerabilities from appearing. Automated remote updating is essential for infrastructures which may be composed of millions of objects, and whose fleets are difficult to repatriate. When procedures are being set up, remember to optimize their frequency while also taking any object-specific requirements into account.
For example, for battery-operated devices deployed around the world, whose components are used more and may consume larger amounts of energy, it is necessary to gauge the impact an update will have on their life expectancy. It is also necessary to ensure flawless availability of communication channels. An interruption during a file transfer can disable an entire fleet of objects. To lower both the risks and energy consumption, it is essential to optimize the size of the files being exchanged, and to use a patch or delta update rather than a complete update. Then it is necessary to verify that the code originates from the vendor, which electronically signs the file when it is issued.
This allows the object to verify the source of the file being sent by verifying the signature. The update procedure must be designed so it will not impact service availability or process lifecycle support, which is critical to the users of these infrastructures.
- CYBER RESILIENCE AND DECENTRALIZED SECURITY
Cyber resilience is a comprehensive approach that involves cybersecurity, lifecycle support, crisis management and response strategies. To implement this approach, it is necessary to ensure that the IoT infrastructure’s technical resources have been rolled out, in particular the appropriate back-up procedures and installation modularity, which both keep downtime and recovery times to a minimum.
The new trend toward edge computing (learn more about this trend by reading our article, “The Five IoT Trends of 2019”) enhances cyber resilience by making it possible to keep and use data as close as possible to the object. Lastly, in the same vein, infrastructures that manage digital identities should be deployed on the periphery of the information system.
A PKI should therefore be decentralized to increase security which relies as little as possible on communication infrastructures.
Par Charlène Demaret