search.noResults

search.searching

note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
Figure 2: Security MCUs like Microchip’s ATECC508A provide authentication to the IoT nodes and thus restrict botnets from entering the system (Source: Microchip)


Robust, multilayer security protection is key So, how do we build robust levels of security in connected products against this wild card? How do we implement security at multiple levels—from sensors to IoT nodes all the way to the cloud—in order to secure multiple entry points in the IoT network? Cornerstones of secure embedded systems include: • Developing multilayer security


protection in embedded system design, including securing nodes, storage, the network, and the ecosystem as a whole. • Designing secure embedded


hardware.


Implementing multilayer security protection As Figure 1 shows, developing multilayer security protection in embedded system design includes securing nodes, storage, the network, and the ecosystem as a whole. These best practices for protection against IoT botnets are intrinsically tied to a security framework embedded into the product development lifecycle: • Node ❑ Use a secure boot process with hardware-based “root-of-trust” to ensure that IoT devices operate in a known and secure state and that their content remains confidential. Secure boot—a cornerstone of embedded device security – is the first line of defence against security breaches like botnets.


❑ Update firmware; however, remember that hackers can use over-the-air (OTA) updates to push their own malicious bots. Therefore, authentication should be applied to ensure that IoT devices retrieve the code from only approved systems.


www.cieonline.co.uk


• Network ❑ Connect IoT devices only in environments that use firewalls. These inspect incoming traffic and identify threats through behaviour, signature, IP history, and cross- examination of information consolidated from the IoT endpoints.


❑ Use DDoS mitigation services and tools that employ robust content delivery networks to take on the initial brunt.


❑ Secure connectivity between the IoT device and other systems like cloud services, using encrypted links based on protocols like Transport Layer Security (TLS). This prohibits “man in the middle” attacks by capturing and analysing the data in transit.


❑ Harden TLS implementation stacks such as OpenSSL. Hardening eliminates software vulnerabilities by creating additional hardware security layers.


• Secure storage ❑ IoT systems demand a strong authentication in order to determine and verify the node and device identity. People generally equate encryption with security, but when it comes to protection against cyber threats like botnets, authentication is a major pillar in the IoT security realm.


Designing secure embedded hardware The premise of embedded security being developed into connected devices from the ground up is long overdue, and that begins with designing tamper-proof hardware that offers complete security solutions, not a mere collection of patches and fixes. Traditional hardware security can include multiple security points:


• A Hardware Security Module (HSM),


which requires a database to store, protect, and manage keys. This, in turn, mandates upfront investment in infrastructure and logistics. • A Trusted Platform Module (TPM), which integrates cryptographic keys into device hardware; however, these are not well positioned for lower-price IoT applications.


• A security stack built on top of the


microprocessor or microcontroller; however, this design requires many CPU cycles to accelerate authentication of applications and firmware. Therefore, security hardware built around the central MPU or MCU has seen limited success in IoT designs because compute- intensive operations like authentication burden the overall system and slow down the chipset performance. For these reasons, traditional


hardware security solutions do not transfer well to embedded systems. Instead, using dedicated security processors in embedded hardware designs close the software vulnerability gap with hardware key storage and cryptographic acceleration in IoT designs. They also facilitate hardening for well known Transport Layer Security (TLS) implementation stacks such as OpenSSL, and they allow IoT nodes to automatically authenticate communications with the cloud. For a start, these low-cost security co-


processors, connected to the host MPU or MCU over an I2C link, facilitate the secure boot feature for protection against rogue firmware. Maxim’s MAXREFDES143 Reference Design is a good example of embedded security for IoT. It protects an industrial sensing node by means of authentication and notification to a web server. It features DeepCover Secure Authenticator with 1-Wire SHA-256 and


a 512-Bit user EEPROM, enabling data authentication at all levels from sensor node to web server.


These crypto elements (Figure 2) – smaller MCUs – are equipped with hardware cryptographic acceleration to carry out strong authentication so they can safeguard private keys, certificates, and other sensitive security data and thus ensure protection against a botnet invasion. Moreover, they simplify mutual authentication with cloud services like Amazon Web Services (AWS) by taking out the complexity associated with software-centric security implementations. It’s worth noting that the TLS standard has traditionally performed authentication and stored private keys in software.


Conclusion The IoT industry, a proliferation of Internet-connected embedded electronics, is at a crossroads. For now, IoT botnets have mostly been targeted at web and application servers. But they can potentially be used to carry out far more destructive attacks than we’ve seen already. For example, they could impact the physical dimensions in a smart building by interfering with surveillance operations. Or they could create chaos on the streets by disrupting a system of traffic lights.


Developing embedded security in connected devices from the ground up is long overdue, especially when there are tens of millions of vulnerable IoT devices out there, with these numbers growing by the day. IoT enthusiasts are just discovering the darker side of Internet connectivity. The IoT is already moving toward a colossal scale. The time to take action and revisit embedded security is now.


www.mouser.co.uk Components in Electronics March 2018 9


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48