I spent the last several days doing a deep dive into the world of IoT security and what I’ve learned has scared the pants off me. Various analysts predict that there will be over 30 billion connected IoT devices by the year 2020 growing from 9.9 million in 2013. A quick audit of my home identified over 40 connected devices including everything from iPhones, laptops, and smart TVs to security cameras and motion detectors. My security system alone had 10 individually addressable devices. With approximately 124 million households in the United States, if we say 20% of them are as connected as I am that means roughly 1 billion IoT devices today. Pick your favorite multiplier but at the rate we are moving 30 billion sounds low by 2020. All of this connectivity sounds good right? What could possibly go wrong?
On October 21, the U.S. experienced one of the largest DDoS (distributed denial of service) attacks ever recorded that took down a major portion of the eastern seaboard’s internet service for over an hour. The attack made use of 10’s of millions of discrete IP addresses representing IoT devices infected by the Mirai botnet. These IoT devices were compromised and used to bombard a major DNS vendor that effectively took out the internet. It seems that the industry needs to snap to attention to get this under control moving forward.
On that note, I was fortunate enough to attend a webinar by ARM and Open Silicon that addressed how to improve security of IoT edge devices. This diagram provided by ARM explains that IoT chains are typically made up of sensors/actuators at the edge talking to gateways and then cloud-based servers. Devices within the cloud tend to be less vulnerable to attack as they are kept under constant surveillance in controlled environments. The edge devices however live “in the wild” and early versions of these devices really didn’t have much thought put into them regarding security. With the advent of the October attack, we have come to sudden realization that these devices can in fact be used against us.
Yossi Weisblum of ARM and Kalpesh Sanghvi of Open Silicon both made it very clear that future IoT devices must have security designed into them from the beginning. This starts by understanding of the threat surface (e.g. the types and techniques of threats that must be mitigated) for a given device and identifying the right level of security required. Both of these gentlemen went on to describe some basic tenants of good design-for-security and how their offerings give an IoT designer a fighting chance.
One of the key tenets of establishing security is what is known as RoT or Root of Trust. A RoT is some piece of code or hardware that has been hardened well enough that it’s not likely to be compromised, and either can’t be modified at all, or else can’t be modified without cryptographic credentials. IoT edge devices must be enabled to be secure by default. ARM’s TrustZone CryptoCell family of security IP enables IoT designers to design RoT into their edge devices. CryptoCell starts by isolating the execution environment of the edge device into multiple domains, those that ensure RoT and those that will be exposed to the outside world. CryptoCell also provides for secure boot and OTA (over the air) update capabilities to enable real-time resets and updates for edge devices that may be under attack or compromised.
TrustZone’s modular approach enables designers to make PPA (power, performance and area) trade-offs as not all devices share the same security needs. The TrustZone domains address control and scheduling, data interfaces, encryption and other security resources such as crypto key generation in hardware. It should be noted however, that ARM’s solution is actually a combination of both hardware and software. To that end, ARM’s offering also includes their mbed OS operating system that integrates the rest of ARM’s IP with the integrated security modules of CryptoCell. The mbed OS also includes application support for creating secure transmissions using mbed TLS and mbed Client, both of which use the encryption/decryption of the CryptoCell hardware IP.
Ok, so given you have all of ARM’s security IP, it’s still a challenge to figure out how to make an optimal IoT device for your application. Open Silicon has stepped in to help with a reference architecture for IoT design called Spec2Chip. The Spect2Chip architecture is based on ARM’s Cortex M series processors and the TrustZone CryptoCell security subsystem. This reference architecture gives designers a dramatic head start and includes the ability to prototype their designs in an FPGA based implementation before committing to a full production SoC for their IoT edge devices. The solution includes both the hardware stack based on ARM IP as well as application specific software stacks that make use of ARM’s mbed OS with associated drivers for sensors and communications modules. The idea is to provide a platform that allows both hardware and software designers to quickly build and test their proposed edge devices. The FPGA implementation includes the critical ARM security IP including key generation, encryption/decryption and authentication functions for real world testing.
So, while I am tempted to now unplug all of my early version IoT accessories for the sake of the country, it is certainly heartening to know that the industry has indeed awoken to this IoT edge threat and is fielding some very powerful solutions to take back the internet. If you are an IoT edge device designer be sure to check out ARM and Open Silicon’s offerings.