We live in a hyper-connected world, with millions of life-changing devices, connected together, all translated with the Internet of Things (IoT). The IoT's vision is to distribute a large number of connected devices, all generating huge volumes of data. This data is processed locally, on the sidelines or in the cloud, to generate business insights and encourage productivity gains; this process is called digital transformation, which opens up to scenarios such as industry 4.0 or telematic medicine. However, the validity of these business insights is based on these devices and their data, considering them reliable. This trust can only be established by having the right level of security for the given use case. In summary, security can create trust and trust brings business value through digital transformation.

 

Table of Content

Despite their best efforts, developers can leave Internet of Things (IoT) projects exposed to attack precisely by the code that is expected to maintain security. Hackers often attack even seemingly secure projects, and one of the most frequent ways is by replacing the firmware with compromised code. Safe boot methods can mitigate these attacks, but successful implementation can be challenging. Developers need simpler methods to implement secure boot as part of a global strategy to ensure the security of IoT devices while also making them certified. This article briefly examines sources one of the common attack sources in IoT device designs and the role of basic security methods, including secure key storage, encryption and authentication, other features needed in a comprehensive strategy to ensure the security of IoT devices making them certified, through the advantages of professional ARM tools such as Platform Security Architecture (PSA).

CTA_BUTTON_BACK-TO-TOP-1

IoT Device Vulnerabilities

To hackers, IoT devices can provide any number of entry points for disruption of the devices themselves, their networks, and even their ultimate applications. Although developers can use a variety of techniques to strengthen network and application security, IoT device security has remained a challenge due to the limited memory and processing resources available on these devices. Although developers are employing encryption methods to protect data, many devices are designed without the secure authentication capabilities needed to prevent hackers from intercepting communications by posing as authorizing servers, gateways, or other IoT devices. In some cases, devices using valid but weak authentication methods can remain vulnerable to sophisticated exploits that intercept and reuse otherwise valid security keys used in seemingly private communications sessions.

CTA_BUTTON_BACK-TO-TOP-1

IoT Device Update

An even more fundamental security weakness relates to use of over-the-air (OTA) update capabilities built into a rapidly growing number of IoT devices. OTA updates provide an important feature in the fast moving IoT marketplace. Developers can respond to changing customer demand for new features (or fix bugs) by upgrading the firmware of deployed devices. In a typical OTA update process, the IoT device will periodically look for updates, download the new code when it becomes available, and perform a series of system calls to complete the update process.

To check that the downloaded code is valid, developers have long relied on code signing certificates issued by a recognized certificate authority. Even so, weaknesses in secure data storage, validation technique implementation, and certificate protection provide hackers with multiple avenues for taking over an IoT device. Even with conventional security techniques, a device's own firmware update process can be fooled into replacing its valid code with compromised code. On reboot, the device becomes a tool that the hacker can use to penetrate more deeply into the IoT network, the IoT application, and even the enterprise's internal resources.  In this scenario, the ability to securely boot the IoT device serves as a critical line of defense.

For the developer, however, implementation of secure boot carries multiple requirements for secure storage, encryption, authentication, and code validation mechanisms. Implementing secure boot in software leaves the update process exposed to attack methods focused on retrieving secure keys from device storage, intercepting encrypted data, spoofing authentication mechanisms, and compromising code validation algorithms. In practice, IoT designs typically lack the extra memory and processing power that would be required for a software solution in any event. Even so, a hardware implementation cannot always promise security.

CTA_BUTTON_BACK-TO-TOP-1

What is Platform Security Architecture?

The Platform Security Architecture (PSA) is a framework for securing a trillion connected devices. It includes a holistic set of deliverables, including Threat Models and Security Analyses documentation, hardware and firmware architecture specifications, APIs and an API test suite, and an independent security evaluation and certification scheme – PSA Certified. Together, with an open source reference implementation, it enables you to consistently design-in the right level of security to all connected devices. PSA draws and builds upon best practice from across the industry. It is aimed at different entities throughout the supply chain, from chip designers and device developers to cloud and network infrastructure providers and software vendors. Together with our partners, Arm is leading the ecosystem in its goal to protect the connected world. The Platform Security Architecture (PSA) has been designed to demystify security designs and concepts.

Blog_Arm-Keil_PSA_Fig1

To outline the PSA framework to make billions of devices more secure, there are the following objectives:

  • Simplify the process of evaluating IoT devices against safety standards
  • Reduce the costs and complexity of software development for ecosystem partners facilitating reuse, improving interoperability and minimizing API fragmentation
  • Reduce safety and complexity costs for SoC designers - through the creation of the Safety Model - by exploiting the primitives offered by the PSA

To achieve the above objectives, the following requirements must be met:

  • Establish a basis for certification / evaluation of an Arm-based SoC or device
  • Define the main security features
  • Define a sandbox security model
  • Define a framework for security functions, implemented by third-party software vendors
  • Define the fundamental IoT secure hardware platform
  • Provide a solid and open source reference implementation for IoT devices (similar to Trusted Firmware)

CTA_BUTTON_BACK-TO-TOP-1

The Four Key Phases in PSA-Application

The application of the PSA consists of four key phases, each of which is supplied with documentation and guide:

Analyze
Threat Models and Security Analysis (TMSA), derived from a series of typical IoT use cases.

Architect
Architecture specifications for firmware and hardware.

Implementation
An open source reference implementation of the firmware architecture specifications.

Certificate
PSA certified scheme that provides an independent security assessment of PSA-based IoT systems.

Blog_Arm-Keil_4-phases_Fig2

More details about the four key phases and  the overall conclusion will be published in Part 2 of this blog. Subscribe now to not miss it!

CH_EN_CTA_Arm-Keil_Trial-Request

 

CTA_BUTTON_BACK-TO-TOP-1

Alessandro Sanasi

Written by Alessandro Sanasi