A new wave of strong security for end to end IoT gateways
This is an increasing wave of innovation and technology partnership designed to help protect embedded systems across industry against unauthorized access and targeted attacks.
On October 22nd last, the Right Honorable Lucian Niemayer, Assistant Secretary of the Navy (Energy, Installations and Environment) at the US Department of Defense, spoke of the need for urgent action to protect against operational threats to public and industrial facilities. In his keynote to the Industrial IOT community to mark October international Cybersecurity Awareness Month, he noted “Our society is nothing but hundreds of millions of control systems. Everything we do in our lives operates around a virtual command into a physical action. But if we look at the explosion of robotics, we have to come up with a regime led by the private sector where we are truly engineering protections into those controls to ensure that they can't be taken over, or at least that we can have a sensor system where we can quickly detect the anomaly or nefarious activity, we can quickly seize iot, monitor it or protect ourselves from it.”
Industry is indeed responding to our government leaders and starting to answer this call for cybersecurity for operational system protection.
For instance, Mender which has the mission to “secure the world’s connected devices” is providing our partner iWave Systems with an integrated set of OTA software updating capabilities for its iWave Security Suite so it can serve the cybersecurity needs of its industrial customers.
The suite promises to provide an end to end solution for IoT gateway device management that is secure, robust and reliable. Supporting iWave with this technology partnership aligns neatly to Mender’s mission to help secure the world’s connected devices.
Structure of the iWave Security Suite
The iWave Security Suite provides an end point application that is built on a first layer consisting of a suite of APIs which include a secure file system, key and certificate management, event logging, access control, a software firewall and a firmware updating mechanism.
The second layer is a Linux-based OS with security and crypto drivers enabled.
The third layer is a hardware platform that integrates the OS with a cryptography engine, and features such as tamper detection, high assurance booting, and security storing and revocation.
Mender provides iWave with technology for automated delta updating of the image artifacts, rollback of the update if the device fails or loses power, and auditing of the updates and checks and device mapping capabilities.
Security challenges in IoT gateway device projects
To mark the launch of the iWave Security Suite, we interviewed Ajith P. Venugopal, software project manager, iWave, to learn about some of the security trends and challenges that the iWave security team are seeing in IoT gateway device projects.
Ajith starts with some advice: “security starts before an enterprise powers up the system”. He says that enterprise customers require upfront assurance that their IoT gateway devices will be updated with the correct device OS, firmware and features, even before the device is booted. “The enterprise needs certainty that its gateway devices have not been exploited before boot by a malicious actor.”
Ajith believes that for an enterprise to achieve this reassurance, a balanced assessment of hardware and software security needs to be carried out.
Ajith starts with the hardware security and points out that hardware vendors are now adding additional safeguards to the devices. He says “When a hardware vendor releases a new product to the market, they want to ensure that the device will not be tampered with, or cloned in an unauthorised manner. This would have negative consequences for their brand.”
For example, application processor provider NXP - with its i.MX range of processors - offers powerful features such as high assurance booting and public keys embedded within the processors. The use of private keys will ensure that when signed images are sent to the device, a check will be carried out to ensure that it is indeed the right image which is being updated on the device. In this scenario, no unauthorised key can access the device. The use of high assurance booting means that if an update is coming, there will be a check and if the update is legitimate, the device will boot. If not, the device will not be allowed to boot.
While malicious attacks on IoT gateway devices are rare, it is still an existential threat that enterprises must prepare when deploying a fleet. According to Ajith, the biggest risk is that a hacker would tamper with a device. “They could open the physical hardware and exploit it to flash another image to the device. In automotive and industrial settings, the devices are normally well protected within a physical dashboard or within a secured plant site. The risk is greater with medical devices. Also if the medical device stops there may be a huge cost, perhaps it could even be life threatening.”
Thankfully, safeguards are being built into the design, prototyping and roll out phases of an IoT gateway device project to protect against tampering. Ajith says “Normally, during the prototype phase, a white collar hacker from the customer’s engineering team will test the devices for vulnerabilities.”
When considering the risks of tampering and malicious attacks, Ajith believes that you must take the enterprise customer’s situation on a case by case basis. The risks will vary depending on the IoT use case and setting.
The type of hardware used in an IoT project depends on the overall case, the device cost and connectivity. If the hardware has built-in security then the software security layers can also be added on top to provide an additional protective layer.
NXP’s i.MX series processors have built-in CAAM (Cryptographic Accelerator and Assurance Module) that will provide encryption protection including support for RSA. The level of encryption layers will be triggered from the hardware and it is very fast and efficient. If such hardware encryption is not possible, iWave will recommend that the enterprise customer goes for the software layer including Open SSL and asynchronous encryption.
iWave works with its quality partners such as Mender puts security at the heart of its OTA software updating solution with TLS and HTTPS protocol and all encryption methods. It also works with NXP to showcase how the security works in practice. For example, iWave and NXP showcased a Linux-enabled EPOS system at point of sale in retail and how it could be delivered securely and cost efficiently. iWave has also worked with wolfSSL to show how low cost IoT devices can be securely enabled without having to use full OpenSSL.
Key reasons for partnering with Mender
Ajith describes a number of other key reasons for partnering with Mender.
Community support through over 700 members of the Mender Hub Flexible software licensing Flexibility of the Mender technology itself which makes it easy to customise and integrates into different enterprise workflows Updates available fast from a rapidly evolving Mender roadmap, and fast support for the new Yocto OS updates Mender is robust in its approach to security: it supports hardware security modules (HSM) and trusted service managers (TSM),and mutual TLS, in other words, support for client TLS certificates. OpenSSL engines, the major processors manufacturers including NXP are also supported as is inexpensive and efficient cryptography for certain devices in the form of Elliptic Curve Cryptography. Powerful features such as the availability of Delta updates can help enterprises save on bandwidth and cost in their IoT device fleet management strategies. The geographical-based device filtering and grouping, and control of updates at the group level, all of which give the enterprise more cautious and secure control over their IoT gateway devices. And finally the ability to do a “health check” on each and every device within the fleet.
Ultimately for Ajith, the partnership with Mender helps iWave save cost and time.
iWave selected Mender as a trusted technology partner to provide the OTA software updating technology. According to Ajith, it would take too much development effort for iWave to do this in-house from scratch. “Customers want OTA software updates now, if we (iWave) went our own way and built a homegrown OTA software update solution for customers, then we would be obliged to prove to customers that the service would be robust and reliable. The testing in such a scenario would simply take too much time. Mender has already proven its robustness to the market.”
More information on the iWave Security Suite can be found at here.