There are many challenges facing embedded development engineers tasked with implementing effective security measures. Knowledge of what is being protected, the threat landscape, and specific attack vectors to be protected against is necessary. Not to mention the added urgency that comes with overreported, high-profile breaches.
Securing embedded devices is no longer optional. As more products became connected, the primary perceived attack vectors originated from internet traffic, but now entire embedded systems are subject to constant and varied threats.
There are several techniques that developers can employ to make the task of securing systems much easier. Silicon Labs is a founding member of the ioXt Alliance, an industry-led initiative that, with partner collaboration, has led to the creation of eight key principles.
Often, high-volume consumer devices are all shipped with the same default password. Typically, users want to deploy their new device quickly, so many do not take the simple step of changing the default password to a new one. Shipping each new device with a unique factory-programmed password is a simple first step in making it more difficult for adversaries to gain access to or take control of, potentially, hundreds of deployed devices.
Principle 2 – Secured Interfaces
Any microcontroller-based device has a multitude of interfaces and ports that can be accessed either locally or remotely. The primary application will use some of these ports during operation and for communications. However, the rest (particularly any that function as external communication interfaces) must be secured. Likewise, any IC-to-IC interfaces (e.g., between the microcontroller and a display controller) must be secured. It is recommended that all interfaces be encrypted and authenticated during use.
Principle 3 – Proven Cryptography
In a world of open and interoperable technologies, the use of industry-recognized, open, and proven cryptographic standards is essential. The use of closed, proprietary cryptographic algorithms is not recommended. The use of open cryptographic standards encourages participation by all developers, engineers and stakeholders so that they can be continually evaluated for potential vulnerabilities against new security threats.
Principle 4 – Security by Default
It is essential that when a consumer purchases a new device, it is already set for the highest possible levels of security. Shipping a product with no or minimal security options configured is liable to pave the way for adversaries to take advantage. The consumer out-of-box security experience should be that all possible security measures are enabled. Developers should not leave a consumer unprotected by default.
Principle 5 – Signed Software Updates
With the increasing number of consumer smart home devices that can update themselves automatically over the air being shipped, the priority is that every update should be signed cryptographically. In this way, hackers are prevented from attempting to update a device with malicious code.
Consumers shouldn't have to become administrators of their own devices, faced with the choice of whether or not to update a product's software image. If an update needs to be made, it should be deployed and implemented automatically. Moreover, updates should be applied at times when they will not compromise the device's operation. For example, a smart connected washing machine should not be updated while the machine is in use.
Principle 7 – Vulnerability Reporting Scheme
Often, consumers who experience a problem with their embedded smart home device are unsure who to contact. Has it been compromised? Is there a new vulnerability that should be reported? This principle pledges that product manufacturers will create a means for customers to report problems and communicate their concerns regarding product security.
Principle 8 – Security Expiration Date
As with product warranties, which have an expiration date after purchase, the period during which security updates are available should also be defined and communicated to the consumer. Continuing to support a product with security updates involves continued engineering costs, so consumers need to be able to make informed decisions at the time of purchase. Manufacturers also have the option to offer extended warranties to offset ongoing security updates.
We already have far more control over our homes than we could imagine a few years ago, thanks to the IoT, and that is not slowing down. This means preparing for the next generation of cyber criminals will be a challenge we solve as an industry. Our state-of-the-art Secure Vault, has been design to help connected device manufacturers address these evolving threats by protecting from unauthorized access and guaranteeing chip authenticity. Through over-the-air updates, Secure Vault strengthens product security, future proofing, and addresses security regulation without adding cost or complexity.
Secure Vault features include:
Secure Device Identity certificate, similar to a birth certificate, for each individual silicon die, enabling post-deployment security, authenticity and attestation-based health checks, guaranteeing the authenticity of the chip for its lifetime.
Advanced Tamper Detection that enables developers to set-up appropriate response actions when the device experiences of unexpected behaviors, such as extreme voltage, frequency, and temperature variations, which could indicate a vulnerability
Secure Key Management and Storage, a central component to protect against direct access to an IoT device and its data by encrypting and isolating the keys from the application code and using a master key encryption key (KEK) generated from physically unclonable function (PUF) hardware
Eight Principles of IoT Security
There are many challenges facing embedded development engineers tasked with implementing effective security measures. Knowledge of what is being protected, the threat landscape, and specific attack vectors to be protected against is necessary. Not to mention the added urgency that comes with overreported, high-profile breaches.
Securing embedded devices is no longer optional. As more products became connected, the primary perceived attack vectors originated from internet traffic, but now entire embedded systems are subject to constant and varied threats.
There are several techniques that developers can employ to make the task of securing systems much easier. Silicon Labs is a founding member of the ioXt Alliance, an industry-led initiative that, with partner collaboration, has led to the creation of eight key principles.
Click here to access the whitepaper.
Principle 1 – No Universal Passwords
Often, high-volume consumer devices are all shipped with the same default password. Typically, users want to deploy their new device quickly, so many do not take the simple step of changing the default password to a new one. Shipping each new device with a unique factory-programmed password is a simple first step in making it more difficult for adversaries to gain access to or take control of, potentially, hundreds of deployed devices.
Principle 2 – Secured Interfaces
Any microcontroller-based device has a multitude of interfaces and ports that can be accessed either locally or remotely. The primary application will use some of these ports during operation and for communications. However, the rest (particularly any that function as external communication interfaces) must be secured. Likewise, any IC-to-IC interfaces (e.g., between the microcontroller and a display controller) must be secured. It is recommended that all interfaces be encrypted and authenticated during use.
Principle 3 – Proven Cryptography
In a world of open and interoperable technologies, the use of industry-recognized, open, and proven cryptographic standards is essential. The use of closed, proprietary cryptographic algorithms is not recommended. The use of open cryptographic standards encourages participation by all developers, engineers and stakeholders so that they can be continually evaluated for potential vulnerabilities against new security threats.
Principle 4 – Security by Default
It is essential that when a consumer purchases a new device, it is already set for the highest possible levels of security. Shipping a product with no or minimal security options configured is liable to pave the way for adversaries to take advantage. The consumer out-of-box security experience should be that all possible security measures are enabled. Developers should not leave a consumer unprotected by default.
Principle 5 – Signed Software Updates
With the increasing number of consumer smart home devices that can update themselves automatically over the air being shipped, the priority is that every update should be signed cryptographically. In this way, hackers are prevented from attempting to update a device with malicious code.
Principle 6 – Software Updates Applied Automatically
Consumers shouldn't have to become administrators of their own devices, faced with the choice of whether or not to update a product's software image. If an update needs to be made, it should be deployed and implemented automatically. Moreover, updates should be applied at times when they will not compromise the device's operation. For example, a smart connected washing machine should not be updated while the machine is in use.
Principle 7 – Vulnerability Reporting Scheme
Often, consumers who experience a problem with their embedded smart home device are unsure who to contact. Has it been compromised? Is there a new vulnerability that should be reported? This principle pledges that product manufacturers will create a means for customers to report problems and communicate their concerns regarding product security.
Principle 8 – Security Expiration Date
As with product warranties, which have an expiration date after purchase, the period during which security updates are available should also be defined and communicated to the consumer. Continuing to support a product with security updates involves continued engineering costs, so consumers need to be able to make informed decisions at the time of purchase. Manufacturers also have the option to offer extended warranties to offset ongoing security updates.
The detailed explanation of the way we embrace these principles can be found in the Silicon Labs – IoT Endpoint Security Fundamentals document.
Security in the Smart Home
We already have far more control over our homes than we could imagine a few years ago, thanks to the IoT, and that is not slowing down. This means preparing for the next generation of cyber criminals will be a challenge we solve as an industry. Our state-of-the-art Secure Vault, has been design to help connected device manufacturers address these evolving threats by protecting from unauthorized access and guaranteeing chip authenticity. Through over-the-air updates, Secure Vault strengthens product security, future proofing, and addresses security regulation without adding cost or complexity.
Secure Vault features include:
To learn more about how cyber threats are evolving and how industry regelation is taking shape, check out our whitepaper, Preparing for Next-Generation Cyber Attacks on IoT.