A lot of progress has been made in infrastructure to secure edge nodes in the IoT and to secure communications between edge nodes and gateways, all of which is good and necessary to block manifest evil, but it’s never enough. Perfect security is and always will be an asymptotic goal, so there should always be room for new ideas. To a large extent our approach to security looks a lot like what we already understand in the traditional Internet; self-defense within nodes plus firewalls in the infrastructure to limit the spread of contagion. One possible approach to augment this base-layer would consider security from a system perspective – how the system as a whole can defend its integrity, while acknowledging that some components may need to be sacrificed in defense of the greater good.
In 2014 I wrote an article in another forum in which I discussed biology-inspired approaches to security. Some of the details may be a little dated but I think the principles are still relevant. The core idea is that the IoT, at least at the scale we eventually envision, is a very large system with a very large attack surface, not unlike biological systems. Therefore, biological defenses may be a productive source of inspiration for added defenses we might consider. Most of this is based on work done by others. What I added (I hope) was to collect together the ideas and view them in the context of the IoT.
Let’s start with diversity. The engineer in each of us says that we should drive to a small number of system types with as much commonality as possible because standards encourage growth and innovation and reduce cost. But lack of diversity also carries risk – a pathogen exploiting a zero-day weakness may be able to spread quickly through the system before effective counter-measures can be found. A famous biological counterpart is the Irish potato famine in which almost all of the crop, based on a single strain, was wiped out. You might argue that a proliferation of vendors and applications will solve this problem, but I’m not so sure. Much of that diversity may be only skin-deep thanks to the dominance of a limited set of core architectures and OSes. And in time, as in most markets, the majority of product volume will be supplied by a couple of dominant players. All is not lost though. There are ways to add diversity even to common platforms, for example by randomizing stack layout.
Another technique is to mimic immunological defenses. The basic idea here is to identify potential pathogens based on behavioral rather than structural signatures (the standard approach in computer virus defenses), since behavioral signature detection is potentially much more economical, especially in edge nodes, than structural-based approaches. The system must be trained to identify “self” or normal behavior from unexpected behavior, mimicking biological immunity inherited through evolutionary adaptation. Simple examples might be (self) allowable paths of IP addresses for communication or (non-self) detecting a fragment of the device encryption key in an I/O channel.
In the example above, there is an important difference from traditional approaches to security. By the time a behavioral trigger is fired, an attack is possibly already underway or may have succeeded. At that point, the best goal may be to sacrifice the node. The parallel in biology is programmed cell death – or equivalently an IoT node shuts itself down (in critical cases an exception might be to fail-over to a default non-programmable behavior). The node also emits an alarm signaling surrounding nodes to disable communication with this node, allowing for the possibility that it may already be too compromised to effect a shut-down..
The last method I mention builds on a common pathogenic strategy – deception – and is well-known today in IT security systems. Pathogens can evade immunological defense through deception by making their behavior appear like “self” behavior. A counter-deception strategy would be to present tempting but fake “honeypot” targets. These may be dummy DNS targets, empty file or directory links, or dummy accounts with temptingly easy passwords. Any attempt to access one of these triggers an alarm, which again may be used to trigger self-sacrifice. Finally you make these hard to evade by having many more honeypots than real targets.
Hopefully you see in these ideas at least a different way to think about security and especially a way to think about whole-system defenses (top-down) as a complement to more traditional defenses (bottom-up). None of these is any more “invincible” than other approaches. But by further raising the bar, they should increase the cost and therefore decrease the likelihood of attack. You can read the complete article HERE.
Share this post via:
More Headwinds – CHIPS Act Chop? – Chip Equip Re-Shore? Orders Canceled & Fab Delay