Addressing the Trust Gap Between IoT Design and Development

This article was originally published by IoT Business News

The Internet of Things is everywhere, from weather sensors and industrial control systems to smart watches, refrigerators, and implanted medical devices. The number of IoT devices in use worldwide is expected to exceed 15 billion this year (three times the number of human users on the Internet), and will almost double that amount by 2030.

IoT devices hold so much potential for positive change – but their ability to connect objects, share information, and perform actions is precisely what makes them intensely vulnerable. The proliferation of devices creates a lot of risk, as attack surface of connected devices is expanded to practically every level of society.

Given that IoT devices abound in applications for critical infrastructure, healthcare, and consumer use, it’s important to get IoT security right. Some of the most notable examples illustrating the vulnerabilities of IoT devices include compromised medical devices like cardiac devices and insulin pumps, and flawed wireless connections in cars that allowed a hacker to cut the brakes, shut off the engine, or take control of the steering. There are also chilling personal accounts, such as an incident where a compromised baby monitor let a hacker watch a baby and audibly threaten their parents with a kidnapping. Unfortunately, a recent survey by Pulse and Keyfactor found that while 62% of product and manufacturing leaders are concerned about their IoT device security, only 42% felt they had a clear strategy for securing device identities.

As often happens with new technology, the explosive growth of the IoT has outpaced security. But as IoT devices become even more commonplace, the risks increase significantly, even to the point of putting people’s lives at stake. IoT security must become a priority – and it’s every organization’s responsibility to take the necessary steps to ensure any IoT application or device in use is secure.

Device manufacturers often have no clear security standard to work with, resulting in a lot of ambiguity and inconsistency in the market. That ambiguity can flow downstream, resulting in inconsistencies in authentication practices, ongoing security updates, and communications between connected devices. While there are changes afoot, such as the Matter smart home standard, efforts to establish minimum security standards for IoT devices are not yet widespread enough.

To overcome the growing risks associated with IoT devices, organizations need to take the same type of approach that is applied to software development—introducing security early in the development process, and prioritizing it every step of the way thereafter. With this mindset, teams can create trusted device identities, ensure data confidentiality, and maintain the integrity of the data and firmware running on each device. Adhering to the following best practices will help strengthen IoT device security.

Digital certificates are used to verify the identity of the sender of an electronic message by creating a highly secure, unique authentication method for each device. Providing each device with a unique digital certificate is significantly more effective than merely using default passwords or even using shared keys for symmetric encryption. This is because symmetric encryption does not differentiate between devices, making it impossible to share information with a specific connected device or to know which specific device data originated from. Using asymmetric encryption with unique digital certificates enables manufacturers to share information with a specific device and to know which specific device data originated from—enabling highly secure authentication of each device and ensuring the integrity of the data.

Creating unique credentials for each IoT device requires the use of asymmetric cryptography, which generates a public and private key pair. While public keys can be shared, private keys need to be stored securely. The best way is with hardware-based security such as Trusted Mobile Platform (TPM) or Secure Storage. A TPM chip, for example, protects keys and digital certificates via a hardware-enabled secure crypto processor, providing strong protection against being compromised.

The ability of hackers to install malicious software on connected devices is a significant threat. Using a public/private key pair and requiring that development teams sign their code reduces that threat. Each device would require a public key that matches the development team’s private key, which would verify that the update did come from the team and that it was not modified in transit.

Any static system is inherently insecure, and the digital certificates and key pairs in use will weaken over time. Without proper management, there is a huge chance that certificates can either expire or serve as an infiltration tool for cybercriminals, unbeknownst to the team. This is because a certificate continues to remain valid, even when certificates have been cycled out of use before their 398-day lifespan. With the increasing quantity of IoT devices, tracking inventory across the field and detecting device changes are the most substantial security challenges for organizations. To enact proper lifecycle management, teams should map everything of all devices and associated digital keys and certificates within their organization. This helps establish an exact inventory of what’s in use and allows for easier monitoring of all certificates and keys, particularly when updates are needed or when teams need to revoke a certificate for a device that is no longer in use.

As the IoT ecosystem has grown and matured, severe security issues have cropped up that could cost device manufacturers millions of dollars and an unquantifiable loss of trust. In a worst-case scenario, a security flaw could put lives at risk. The sheer number of IoT devices in the world, and the fact that they are now performing mission critical functions in a variety of fields, means it’s time to get serious about IoT security. By prioritizing IoT security through encryption, unique credentials, and ongoing lifecycle management, organizations can rest assured that the innovative new devices they introduce to the market – as well as the devices that are used for their own operations – will not introduce any disruptive risks.