IoT: Is privacy a priority or an afterthought?

Security and privacy are two critical concerns in the IoT. Most people assume that their devices are safe and their privacy protected – on PCs and mobile devices there is a major industry effort to ensure this.

However, the IoT presents a new challenge. Most IoT devices are not built with security as a priority from the outset. Designers of smart home products may have plenty of expertise in appliance design, but little or no experience with connectivity or security. Often security is addressed through software patches as vulnerabilities appear, which leaves users exposed to attacks. Manufacturers and service providers must quickly change their approach.

So where do they start? It’s important that OEMs and system integrators consider the environment in which their products will operate. Based on that, they can ascertain the threat model and determine the recommended security measures. Designing for specific threats and potential attack vectors is an important consideration since implementation costs vary.

The threat model for a connected light bulb is quite different than that for a heart monitor or pacemaker – given their relative criticality, each needs a different level of protection.

There are also differences in the likelihood of certain types of attacks depending on the type of product. A connected light bulb with motion sensors may not require protection against physical attacks, but a home’s door-locking system certainly will. The connected light bulb is susceptible to cyber/network or side-channel attacks.

While there are common denominators in terms of cryptography requirements, each product has a different attack profile. Security also needs to be built in to hardware. Hardware by definition can be designed to be immutable and as such can create a foundation to establish security on a platform.

Software is more vulnerable to attacks if not protected by hardware based security. While there is always some overhead associated with implementing security in hardware, the level of security is a function of the threat model. As a result, embedded security should be viewed holistically.

Sometimes a hierarchical approach to securing an embedded application may result in reduced overhead costs. For example, a connected home will have numerous IoT nodes. Full security could be built into each node in a siloed fashion, but it might be more prudent to protect the nodes in classified groups under the IoT hub or the gateway/router.

Hardware architectures for IoT devices must be based on a security‑by‑separation approach so that critical assets can be isolated from potential hazards. With security‑by‑separation based on hardware virtualisation technology like that found in Imagination’s OmniShield technology a system can run multiple isolated applications independently and securely at the same time on a single, trusted platform.

With the IoT, the traditional binary approach to SoC security, with one secure zone and one non-secure zone, is not secure enough. Virtualisation enables creation of multiple secure zones – each isolated from the others. On a hardware platform with virtualisation, common resources can be partitioned into logically separate environments referred to as virtual machines (VMs). Each VM is comprised of applications and relevant operating systems (if required), making it possible to separate and protect critical assets such as communication interfaces (and software stacks), storage and other resources into their own address spaces, and ensure there is no access from/to other applications’ address spaces. Security-by-separation should be implemented across all of the processors in a system.

Once the critical assets are isolated from potential vulnerabilities, the next step in protection is implementing and ensuring trust for each isolated environment. A hardware root of trust (RoT) and associated security services can be used to enforce trust – both authentication and privacy.

The virtualised platform is based on a trusted hypervisor, which creates and manages the VMs and corresponding resources; the hypervisor executes at the highest privileged root level of the processor. The structural integrity of the hypervisor can be maintained by following a trusted boot process.

The operational integrity is not compromised since the hypervisor runs in its own unique context provided by the hardware, and is isolated to its own address space. Each address space is protected by the root memory management unit, whose contents can be locked down immediately after boot to provide absolute isolation of all virtual address spaces.

IoT device security must be engineered from the ground up. If they are not future-proofed, there are risks to consumers in terms of personal or financial data loss, and global risks to enterprises and businesses. Everyone in the supply chain will benefit from ensuring that devices are designed from the start to ensure privacy and security.