Security for the ‘Internet of Things’ (Video) posting an Slashdot provides one view to security of Internet of Things. What happens when your oven is on the Internet? A malicious hacker might be able to get it so hot that it could start a fire. Or a prankster might set your alarm in the middle of night. A hacker can use your wireless security camera to hack into your home network. Watch the video at Security for the ‘Internet of Things’ (Video) page (or read transcript) to get the idea what can happen and how to protect against it. Remember: There’s always going to be things that are going to break. There’s always going to be.
Mark: “So I think a lot of the system on chips that we’re seeing that are actually going in Internet of Thing devices, a lot of companies are coming up, take an Arduino or Raspberry Pi, very cool chipsets, very easy to deploy and build on. We’re seeing smaller and smaller scales of those, which actually enable engineers to put those into small little shells. We are obviously kind of at this early part of 3D printing. So your ability to manufacture an entire device with a couple of bucks is becoming a reality and obviously if you have a really niche product that might be really popular in Kickstarter, you could actually deploy tens of thousands of those with a successful crowd-funding campaign and never really know about the actual security of that product before it goes to market.”
484 Comments
Tomi Engdahl says:
The Internet Of Someone Else’s Things
http://techcrunch.com/2014/10/11/the-internet-of-someone-elses-things/?ncid=rss&cps=gravity
The Internet Of Things is coming. Rejoice! …Mostly. It will open our collective eyes to petabytes of real-time data, which we will turn into new insights and efficiencies.
They say “possession is nine-tenths of the law,” but even if you physically and legally own a Smart Thing, you won’t actually control it. Ownership will become a three-legged stool: who physically owns a thing; who legally owns it; …and who has the ultimate power to command it. Who, in short, has root.
This is not a hypothetical situation. Your phone probably has three separate computers in it (processor, baseband processor, and SIM card) and you almost certainly don’t have root on any of them, which is why some people refer to phones as “tracking devices which make phone calls.”
The fundamental issue here is that the Internet of Things will not have a standard set of open APIs for consumers. (Well, there’s ThingSpeak, but it’s not exactly widely supported. https://thingspeak.com/ )
Techno-utopians like to argue that open systems always win, but that simply isn’t true, as the mobile era has shown. Android is more open than iOS, but for most intents and purposes, both are walled gardens.
So are we doomed to a future of fifth-column Smart Things that we don’t really own, talking behind our backs to an array of siloed Stacks?
…Maybe. But not necessarily.
For one thing, I suspect that at some point, after the first wave of the Internet of Things, open APIs and root access will become a selling point. Either enough customers (especially business customers) will want them badly enough, or smart hardware will become enough of a commodity that startups will start selling “repluggable” Smart Things, which buyers can root and configure to speak to the server(s) of their choice.
More interesting to me, though, is the possibility of a decentralized Internet of Things; smart things which don’t communicate with any central server, but rather with a peer-to-peer, perhaps blockchain-based network.
I’m not necessarily opposed to a subtle redefinition of “ownership.” But I don’t want it to come to mean “transferring de facto control over every interesting thing in my possession to distant corporations.” Bring on an open, decentralized Internet Of Things, eventually.
Tomi Engdahl says:
Greedy datagrabs, crap security will KILL the Internet of Thingies
IoT still lacks definition, for one
http://www.theregister.co.uk/2014/10/13/internet_of_thingies_security_data_m2m/
Tomi Engdahl says:
Ensuring the Complete Life-Cycle Security of Smart Meters
http://www.eeweb.com/company-blog/maxim/ensuring-the-complete-life-cycle-security-of-smart-meters/
Introduction
Smart meters are helpful devices that monitor and measure electrical energy and are mainly used by electricity providers for billing purposes. These are devices attached in the walls of houses and determine the power consumption at a given time. Most of these smart meters are placed outdoors and are frequently exposed to harsh environmental conditions. This application note will discuss some techniques and procedures to increase the life cycle of the smart meters at the longest time possible.
Equipping individual meters with security features means defining specifications that uniquely protect each one. AES and other symmetric encryption algorithms provide excellent security, but their drawback is that all meters share the same key. Consequently, any attacker who discovers the private key is able to attack all those meters. Instead, asymmetric encryption provides the best method to uniquely encrypt data because each meter uses a unique set of secure keys for encryption and decryption of data. Keys used for multiple secure events, such as authentication, should be generated on chip, stored on secure memory, and embedded in the secure product itself, thereby protecting the private key and never requiring that it leave the meter. By requiring unique key combinations for each meter, discovery of a private key allows access only to an individual meter. Thus, asymmetric encryption drastically reduces the “attack surface” of an AMI installation and significantly reduces the potential return on investment for an attacker. Simply put, it may no longer be worth an attacker’s time and effort.
Flexibility for Future Threats
Secure smart meters must be flexible enough to handle any security threats that evolve over the years following AMI installation. Consequently, the detection and disposition of threats during long-term operation is the next, difficult step to ensure the viability and security of the meter and the electricity network.
Utilities argue that costs and lack of mature solutions are major reasons why many current AMI installations do not feature intrusion-detection systems.10 The issues for smart meter manufacturers distill down to a straightforward, but not-at-all-simple question: how much computational power must be embedded into a meter for threat detection?
It is a given today that security breaches require costly intervention. Consequently, the ongoing operation of a secure smart meter network involves more than threat detection and disposition. The issue is response. How a meter reacts to current and future threats affects the robustness, the effectiveness, and likely the financial success of an AMI installation.
A Future of Opportunity
The smart grid represents an amazing transformation of the twentieth-century electricity grid. But when we added network and control functionality to such a vast system, we greatly increased its exposure and vulnerability to security attacks and, most importantly, cyber threats. International organizations are defining performance standards and the news media is reporting grid advances and security breaches. But it lies with the manufacturers of smart meters to defend against the security attacks. A proactive approach for smart meters is separating the hardware and software functions; it is securing the entire life cycle of the smart meter, from purchase of third-party components to manufacturing, installation, and long-term operation.
Tomi Engdahl says:
DHS Investigates 24 Potentially Lethal IoT Medical Devices
http://science.slashdot.org/story/14/10/22/1313225/dhs-investigates-24-potentially-lethal-iot-medical-devices
In the wake of the U.S. Food and Drug Administration’s recent recommendations to strengthen security on net-connected medical devices, the Department of Homeland Security is launching an investigation into 24 cases of potential cybersecurity vulnerabilities in hospital equipment and personal medical devices.
U.S. government probes medical devices for possible cyber flaws
http://www.reuters.com/article/2014/10/22/us-cybersecurity-medicaldevices-insight-idUSKCN0IB0DQ20141022
The U.S. Department of Homeland Security is investigating about two dozen cases of suspected cybersecurity flaws in medical devices and hospital equipment that officials fear could be exploited by hackers, a senior official at the agency told Reuters.
The products under review by the agency’s Industrial Control Systems Cyber Emergency Response Team, or ICS-CERT, include an infusion pump from Hospira Inc and implantable heart devices from Medtronic Inc and St Jude Medical Inc, according to other people familiar with the cases, who asked not to be identified because the probes are confidential.
Tomi Engdahl says:
FDA investigates 24 potentially lethal IoT medical devices
http://thestack.com/fda-investigates-vulnerable-cybersecurity-medical-devices-221014
In the wake of the U.S. Food and Drug Administration’s recommendations to manufacturers to strengthen security on medical devices, the U.S. Department of Homeland Security has launched an investigation into 24 cases of potential cybersecurity vulnerabilities in hospital equipment and ancillary medical devices, according to a new report from Reuters.
The technologies being investigated by the DHS Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) include implantable heart devices by St Jude Medical Inc and Medtronic Inc, and an infusion pump by Hospira Inc, according to confidential sources.
A DHS official revealed that investigations into medical device cybersecurity began two years ago, as the agency began to note an increase in the use of wireless technology, CPUs, net connectivity and software, creating a potential new attack vector in the field of security.
In the case of one unidentified infusion pump – a device which regulates medication into a subject’s bloodstream – the vulnerability seems to have been identified by lone security researcher Billy Rios.
The investigation currently under way is not expecting to uncover either hostile intent or negligence on the part of device manufacturers, but rather to correct possible vulnerabilities which have emerged in what is becoming an entirely new field of study in security and the Internet of Things (IoT).
Tomi Engdahl says:
Silicon, Security, and the Internet of Things
http://www.eeweb.com/company-blog/maxim/silicon-security-and-the-internet-of-things/
The fantasy of the IoT is quite grand: everything on the planet can be smart and communicate. The idea is both powerful and impractical. What if every moving part in your car could monitor itself and offer you truly predictive maintenance? That is a powerful vision. What if every brick in my house could communicate its location to my cell phone? It would certainly tell me whether bricks had fallen off the house, but is this a practical use of technology?
The fantasy of IoT tells us that millions of “intelligent” devices should be connected and talking, controlling the world around us. Yes, the falling brick could call the local mason for repair and tell the HVAC to turn up the heat. But this IoT application is not likely to be implemented in our lifetime. Why?
The IoT is only enabled because of two things: the ability of networks to reach countless nodes, and the availability of cost-effective embedded processors to attach to a multitude of devices. Let’s talk about both.
The First Tangible IoT: the Smart Grid
The smart grid provides the strongest example of a current IoT deployment. It uses advanced sensors and gives us better information for controlling our energy world. It also illustrates the challenges and dangers inherent in an IoT.
The story starts with smart meters.
For utilities, the ROI on smart meters is difficult to calculate, but some benefits are clear and tangible: lower cost of data collection, since meters report their data automatically; quicker reaction to outages, leading to less lost-revenue downtime; better monitoring of electricity theft; and better ability to link the actual costs of generation with consumption through time-of-use pricing.
The smart grid promises to go far beyond the benefits that smart meters provide.
Learning from the Smart Grid IoT
There are lessons to learn from ongoing deployments of the smart grid. An IoT will not be implemented without an acceptable ROI. IoTs will roll out sporadically and should anticipate flexibility for future applications. There is also an important lesson that is not about efficiency or finances: without adequate security, an IoT could become a technological disaster affecting everyone.
Critical Role of Security
We are well on our way to a smarter grid. About half of the houses in the U.S. already have advanced, communicating electricity meters. Utilities worldwide are installing distribution automation equipment that controls power delivery. Water and gas utilities are beginning to investigate similar technologies. Despite the momentum and progress of this market, there are fundamental gaps in the security of the deployments.
The smart grid provides an incredibly lucrative target for attack. If unfriendly organizations could control some portion of the smart grid, they could cause catastrophic damage. By controlling a utility’s communication network, they could mount attacks like a massive underreporting of electricity consumption or falsifying sensor data to induce a power shutdown.
Security is a hot topic today for the smart grid, and there has been some progress. Most communications now use standard cryptographic algorithms such as AES-128 to protect the data and commands on the utility network. However, there is an alarming lack of standards to address the protection of the secret keys or the life cycle of embedded smart grid devices. This is a dangerous situation. The cryptographic algorithms are a good first step to ensure secure communications networks, but the lack of key and life-cycle security mean that alternate attack points are likely. An attacker might try to get communication keys by physically inspecting a smart meter.
Securing the IoT
Ultimately, the smart grid should teach us that security must be designed in from the start of any IoT deployment. Let’s look at the characteristics of an IoT and why it demands built-in security,
A multitude of remote, distributed sensors and control devices are deployed where they will not be supervised. Unlike an ATM with a security camera nearby, there is no oversight on a smart meter. This makes it easy for an attacker to acquire devices for study.
An IoT is likely to be deployed to help manage the health and safety of an important asset more efficiently. For example, a network of health sensors might monitor human lives and better control health-care costs. A network of automated vehicles could create safer and more energy-efficient transportation. These cases impact human health, associated medical costs, transportation safety, and energy efficiency. Such valuable targets increase the likelihood that attackers will try to exploit that IoT.
There are risks with machine-to-machine communication. When devices are communicating with each other with little human interaction, tampering may be difficult to detect until something catastrophic happens.
Tomi Engdahl says:
Securing The IoT
http://semiengineering.com/securing-the-iot-3/
Experts at the table, part 3: What happens when the Internet goes down; who protects the Internet itself when more devices are connected to it?
SE: The IoT’s big markets at this point are home, automotive, industrial, medical, but they’re independent at this point. Will they really blur together?
Logvinov: The companies that figure out how to make security available on multi-stakeholder platforms will be the most successful ones. That is the Holy Grail for technology right now, which is how to build systems with enough security—not 100% protection right now—from a unified platform point of view for multiple applications.
Nassar: Ultimately these services will be very valuable for consumers, being able to merge these different markets so a person driving home has a cell phone that can talk to other devices. This will come first for consumers. On the industrial side, we have to figure out how to serve that market.
Loh: Figuring out a secure platform is important, but having different levels of security is still important. Different uses have different bars.
Logvinov: Security is a self-regulating system to some extent because it is supply and demand. If someone demands features of certain kinds with certain levels of protection, we will deliver it. That would be a selling feature for a product, for a system, for a technology. If the constituency says they don’t care and they’re not willing to pay for it, those security concepts will never move forward. Part of it will be an education because consumers of this technology have to become aware of what is needed. Part of it is openness about what kind of threats can be exposed if the security is not implemented. And part of it about all of us learning how far to turn the dial to adjust it to the right level so it is secure enough, not too costly, and so it can be verified.
SE: There’s another piece to this, which is the Internet itself. There is the Internet we use, the deep Internet, which goes underneath that, and then the ‘dark Internet,’ which goes around that and which no one wants to talk about. But what happens if the Internet goes down or gets compromised?
Nassar: The consequence will be bigger with more IoT on it. This is where a lot of effort is going today at the government level. They’re not thinking about whether the Internet goes down. They’re worried about what happens if the Internet gets compromised. At this point the infrastructure is a government responsibility to protect against failures. It’s like the power grid. It’s not something you want to entrust only one corporation to make sure it’s running all the time. It’s physical security, and it’s a nightmare scenario for the government.
Logvinov: What we’re opening up is a whole new subject not just of security but of safety. That safety depends on devices to be constantly connected to the Internet the same way they’re connected to the power grid. That’s a whole new area that deserves its own consideration.
Nassar: If the power goes off there are consequences.
SE: A lot depends on GPS, cell towers and location. You can move cars from one side of the highway to another or change time stamps on banking transactions. What can be done about this?
Logvinov: I’m optimistic about this area. We have learned how to build drive-by-wire or fly-by-wire systems. Many of the concerns we’re discussing here are related to autonomous systems connected to the Internet, and those are similar to the concerns at the beginning of the fly-by-wire era.
Loh: I agree with that. Individual devices can get hacked, but all systems have some way of self-checking and redundancy. More than 15 years ago, when we were first designing base stations, we had full redundancy. There were two systems doing exactly the same thing. Any time there was a fault there was instant switching. Today, there are fail-safe mechanisms. Cars are very complicated.
Tomi Engdahl says:
Securing The IoT
http://semiengineering.com/securing-the-iot-3/
Experts at the table, part 3: What happens when the Internet goes down; who protects the Internet itself when more devices are connected to it?
Logvinov: The companies that figure out how to make security available on multi-stakeholder platforms will be the most successful ones. That is the Holy Grail for technology right now, which is how to build systems with enough security—not 100% protection right now—from a unified platform point of view for multiple applications.
Loh: Figuring out a secure platform is important, but having different levels of security is still important. Different uses have different bars.
Logvinov: Security is a self-regulating system to some extent because it is supply and demand. If someone demands features of certain kinds with certain levels of protection, we will deliver it. That would be a selling feature for a product, for a system, for a technology. If the constituency says they don’t care and they’re not willing to pay for it, those security concepts will never move forward. Part of it will be an education because consumers of this technology have to become aware of what is needed. Part of it is openness about what kind of threats can be exposed if the security is not implemented. And part of it about all of us learning how far to turn the dial to adjust it to the right level so it is secure enough, not too costly, and so it can be verified.
SE: There’s another piece to this, which is the Internet itself. There is the Internet we use, the deep Internet, which goes underneath that, and then the ‘dark Internet,’ which goes around that and which no one wants to talk about. But what happens if the Internet goes down or gets compromised?
Nassar: The consequence will be bigger with more IoT on it. This is where a lot of effort is going today at the government level. They’re not thinking about whether the Internet goes down. They’re worried about what happens if the Internet gets compromised. At this point the infrastructure is a government responsibility to protect against failures. It’s like the power grid. It’s not something you want to entrust only one corporation to make sure it’s running all the time. It’s physical security, and it’s a nightmare scenario for the government.
Logvinov: What we’re opening up is a whole new subject not just of security but of safety. That safety depends on devices to be constantly connected to the Internet the same way they’re connected to the power grid. That’s a whole new area that deserves its own consideration.
Loh: I agree with that. Individual devices can get hacked, but all systems have some way of self-checking and redundancy.
Tomi Engdahl says:
IoT cybersecurity: is EDA ready to deliver?
http://www.design-reuse.com/news/35745/iot-cybersecurity-is-eda-ready-to-deliver.html
“There is so much buzz around Cloud computing, IoT and Cybersecurity nowadays that just by attending all the conferences and talks on these three topics, you could never have to go back to your office”, jokingly said Rhines.
“In fact, all three topics share a common concern, security” he noted, “and while the cloud is exposing us more, IoT magnifies both the amount of data and the number of data collection sites”, he added, inferring that each new node potentially offers a new entry point to hackers.
IoT cybersecurity: is EDA ready to deliver?
http://www.design-reuse.com/news/exit/?id=35745&url=http%3A%2F%2Fwww.electronics-eetimes.com%2Fen%2Fiot-cybersecurity-is-eda-ready-to-deliver.html%3Fnews_id%3D222922773%26cmp_id%3D7
During a brief stint in Paris to visit customers and before hosting Mentor Graphics’ Integrated Electrical Solutions Forum (IESF Europe) in Munich, CEO Wally Rhines delivered a keynote speech to share his views on Internet-of-Things (IoT) cybersecurity and what could be the role of EDA, at the root of every design.
It is true that security breaches regularly make the news, from credit card databases to Facebook or iCloud accounts to medical records. That also includes virus exploits compromising industrial or military assets, the Stuxnet being the most famous one.
In fact, nowadays most security breaches are software-based, when an application can be compromised and data collected, either through social engineering, malware and viruses or Trojans.
Counter-measures for such attacks range from basic antivirus scanning software, to embedded hypervisors to hardware-bound secure applications tying their execution to uniquely identifiable hardware (for example an embedded secure element or even better, a Physically Unclonable Function derived from intrinsic hardware properties).
“But the threats extend way beyond software and some hackers will put a lot of effort into compromising a system’s security at silicon-level”, continued Rhines.
Well-documented examples include side-channel attacks for which counter measures include hardened IP to resist attacks and make key extraction more difficult. At board-level, counterfeit chips have also been widely reported, some are pure fake or cloned or even recycled parts de-soldered from eWaste, but you could also find additional chips spying on the board’s transactions.
“There is emerging customer demand for silicon authentication and sooner or later, some customers will say “I am not buying your chip if it can’t be traced””, said Rhines.
“Authentication is good but is not enough”, Rhines added, “what you need is a comprehensive design for security”.
Rhines sees there a new sector of activity for EDA, where companies like his will have to play a bigger role, with more IP emulation and verification strategies to ensure that the chip not only does what it is supposed to do, but does nothing that it is not supposed to do.
Some solutions he proposes include on-chip odometers that can address recycling threats (counting power cycles or memory accesses), activation IP that guarantees the IP-rights holder control over the chip operation, or dedicated co-processors for run-time Trojan detection. The latter delivered as IP could prevent undeclared communications or detect peripherals with a hidden functionality.
“You have to trust someone!”
Tomi Engdahl says:
Plan Long Term for Industrial Internet Security
http://www.eetimes.com/author.asp?section_id=36&doc_id=1324538&
With industrial control systems becoming network-connected, security risks rise and will need a long-term solution.
While the term “Internet of Things” is arguably overhyped, there is compelling evidence that intelligent sensors and controllers connected into a globe-spanning network can vastly improve efficiency and productivity in many industries. But those connections introduce vulnerabilities to malicious intrusion into the equipment’s operation. Many developers have never faced these issues before. Companies creating industrial control equipment will have to begin adopting design practices and policies that address security, with an eye toward long-term sustainability.
As yet, network security is not an issue for many industrial control designs. Sensors and actuators in these systems may connect to a network, but that network is often confined to a single building or facility. A master panel or workstation is the central point of control for the network, as well as the recipient of all data. There is no outside access to either. In such situations, physical control of access to the network is possible, severely restricting the opportunities for malicious compromise of network operation. Even modest network security measures prove more than adequate, and high-level security measures can become more impediment than protection.
But increasingly, outside access is being made available. Industries have found great benefit in being able to monitor and control systems from outside the facility by linking to the master workstation. However, unless this linkage uses a dedicated, private network, the risk of intrusion rises dramatically. Malicious agents can bring vast computer resources to bear remotely and conduct a long-term, clandestine attack on the target system that would be virtually impossible if the attack had to be conducted entirely from within the facility.
A recently uncovered long-term campaign targeted several industrial control system user interfaces. The attackers spent years worming their way through network security barriers. Once the attack became known, vendors of the software that provided the point of entry quickly patched the hole and alerted their customers of the need to do the same. But propagating the fix to all the affected systems is an unstructured effort at best, and it may take considerable time to implement widely.
But it’s even worse than that. Network security is not a set-and-forget kind of thing. Not only are the attackers able to probe continually for vulnerabilities, but their resources and skills are also constantly improving. A security practice that was virtually bulletproof a decade ago now readily fails to protect against the greater caliber of today’s malware armory. Widely used 128-bit encryption schemes, for instance, seem adequate today but are likely to fall within a decade as computers follow Moore’s Law and double in processing power every year or so. And industrial control systems often need to provide an installed working life three times that long.
In light of the trend toward the Industrial Internet of Things, development teams must start thinking hard about network security and planning for its long-term viability. This means providing security at every point within the network, not just the external interfaces, and making provision for that security to be updated as threats change. Third-party and open-source software that’s incorporated into the design must be thoroughly examined before acceptance. Further, the use of such software should be fully documented, so that its presence is identified and apparent to the end user or whoever else will be responsible for long-term system security maintenance. That way, when something like the Heartbleed bug is discovered, those affected will be able to determine that they are vulnerable and need to take action
Tomi Engdahl says:
To Foil Cyberattacks, Connected Cars Need Overlapping Shields – IEEE Spectrum
http://spectrum.ieee.org/cars-that-think/transportation/self-driving/connected-cars-make-juicy-cybertargets
The electronic systems of a smart car present many weak points to would-be intruders, and the problem will get worse as cars start sharing information with each other and with the roads they drive on, argue two experts in automated automobiles. They recommend far more layers of cyberprotection than manufacturers have thought necessary.
Some of this scullduggery is already possible:
GPS jamming is cheap to perform (around US $20), and some more expensive GPS jammers go even beyond jamming and perform GPS spoofing (medium threat in our system), where they replicate signals and provide false locations. A professional car thief can continue about his/her business of stealing by using a combined GPS/GSM jammer to block the car’s antitheft system from knowing and reporting where the vehicle is.
After analyzing the various means of attack for factors such as the ease of use and the seriousness of consequences, the researchers conclude that the biggest threat to a lone smart car is interference with its global navigation satellite system. “Hence, secure GNSS signal is mandatory,” they say.
Some of this scullduggery is already possible:
GPS jamming is cheap to perform (around US $20), and some more expensive GPS jammers go even beyond jamming and perform GPS spoofing (medium threat in our system), where they replicate signals and provide false locations. A professional car thief can continue about his/her business of stealing by using a combined GPS/GSM jammer to block the car’s antitheft system from knowing and reporting where the vehicle is.
After analyzing the various means of attack for factors such as the ease of use and the seriousness of consequences, the researchers conclude that the biggest threat to a lone smart car is interference with its global navigation satellite system. “Hence, secure GNSS signal is mandatory,” they say.
Tomi Engdahl says:
More Things Are Critical Systems
http://semiengineering.com/more-things-are-critical-systems/
Connecting unrelated devices in the IoT means many more pieces now affect reliability and security.
Defining a critical system used to be pretty obvious. It was something that could affect the health and safety of people, such as the chip inside a pacemaker or insulin pump, a car’s braking system or an airplane’s guidance system. But as more devices are connected together, that definition is changing and expanding.
More devices are now considered critical, such as a connected baby monitor or a smart smoke detector, because wrong information can injure or kill people. In addition, new devices that are coming to market can affect the operation and security of other devices if they are part of a network. But not all of these devices are designed with the kind of quality controls or built-in security that critical systems require.
“The big challenge is focusing on what happens at different nodes on the network,” said Sudhir Sharma, high-tech industry director at Ansys []. “The industry claims to have a good handle on problems once data gets onto the network, but the gateways on the network are a big problem.”
One of the big challenges in the IoT world is that while many companies are building devices for it, no one really knows what it actually will look like or how the various pieces will fit together. Until a clearer picture emerges, and until there is a history of attacks and failures, it’s impossible to comprehend the weaknesses.
Safety vs. security
In the past, there was a sharp distinction between the ideas of safety and security, but those lines are blurring, along with the definition of overall device reliability.
“We tend to think of it as safety is protecting the world from a device, while security is protecting the device from the world,” said Felix Baum, product manager for embedded virtualization at Mentor Graphics []. “But a lot of companies are connecting things that do not make sense, exposing a device to the outside world. If you’re a consumer, that sometimes exposes you. If you program the temperature in your house using a smart thermostat, a thief can figure out when you’re not at home. To protect devices you don’t want to expose critical features. Connectivity is one area of exposure. But we also are not seeing a lot of appliance manufacturers doing due diligence in securing devices.”
Tomi Engdahl says:
Is Open Source Wireless Connectivity Worth the Security Risk?
http://intelligentsystemssource.com/is-open-source-wireless-connectivity-worth-the-security-risk/
The Heartbleed security breach, based on OpenSSL, raises the spectre of attacks across a range of wirelessly connected embedded devices. Rigorous software development processes are critical for protecting wirelessly connected devices in the Internet of Things.
Open Secure Sockets Layer (OpenSSL) is widely used to provide network security in many different kinds of computing systems, including wirelessly connected embedded systems in the emerging Internet of Things. OpenSSL is also the open source security library that allowed the widely publicized security breach called Heartbleed. While there are advantages to open source libraries such as OpenSSL, there are clearly risks as well, many of which stem from the development process itself. The main process used for development of OpenSSL is simple. First a programmer develops code, then a reviewer checks the code, and finally the code is released.
In retrospect, Heartbleed seems to be more of a warning tremor than a full earthquake. It showed the potential scope and depth of harm, but the consequences of this particular fault were relatively mild. Continuing to follow the same path, however, will undoubtedly lead to similar problems, and the ubiquity of the software is in itself a weakness, which can be exploited by those who choose to do harm.
Better Software Development Methods Needed
If the methods of development used by OpenSSL were demonstrably the state-of-the-art in robust software development, then there would not be much to debate. However security problems such as Heartbleed, Apple’s “goto fail” and GnuTLS have been caused by defects in software, not necessarily in the protocols or design. Across various industries there are well-established methods for developing high-quality software. The aerospace, industrial, medical and transport industries use software processes based on the “V” model development defined by IEC 61508, and the data shows that not only does it reduce defects significantly, but in many cases it also reduces the cost of software management over its lifecycle.
How would use of such methods have helped in the OpenSSL Heartbleed bug case? Let’s look at some specific development approaches that can help address security specifically.
“V” Model Development
In the Heartbleed situation, the information available states that the software failed to check the scope of a protocol variable and then processed it blindly. Standard V model development would include unit testing and boundary case analysis/testing that would have instantly alerted developers to the issue
It would be impractical from either a cost or resource point of view to propose that full V model development be used for all software, and it is not the intention of this article to state that open-source methodologies are “bad.”
Verification of Software Components
When a company wants to use any piece of equipment in a highly sensitive application area, you would expect the manufacturer of that equipment to verify that all components used reach the required level of quality. It is unclear how this occurs in companies managing large amounts of potentially sensitive customer data. This always happens in a manufacturing process where they check the supplier history, the strength of components, ISO9001 compliance, etc., but strangely not for security.
The Problem with “Free” Software and Security
If we accept that mistakes will always be made and systems will tend to become more complex, then continuing as things are now will probably result in further problems. Commercial devaluation of software does not help this process. The idea that software can be created and obtained for free is a bizarre concept for commercial companies to believe in. It also appears to focus only on the initial capital cost of software and not the ongoing maintenance costs. If the lifetime cost of development and maintenance of “free” software was truly accounted for, it would probably raise some corporate eyebrows.
It could also be quite difficult for any company involved in a “Toyota style” legal case where the consequences of software errors were much worse than compromised data. Imagine a defect, caused by a mistake by a hobby programmer in Australia and reviewed by a programmer working in his spare time in Argentina, which resulted in injury or loss of life.
The argument that software is open and therefore everyone will fix everything is clearly not sustainable anymore—the Heartbleed bug existed for two years before someone realized the problem. This would not be acceptable in any safety-critical or secure environment. There are several different issues.
Moving to Secure Embedded Software Components
The commercial market for standard software components has been damaged by free software from many sources. How this affects professional companies who need good quality code and support is not obvious. It seems that developers lose the benefits of scale that using specialist providers brings.
Tomi Engdahl says:
News & Analysis
Chip Industry’s IoT Facelift Comes With Security Wrinkle
Hardware security is the opportunity
http://www.eetimes.com/document.asp?doc_id=1324587&
MUNICH — Brimming with excitement, and with Europe already ahead of the pack, a maturing semiconductor industry looks expectantly to the Internet of Things (IoT) for yet another facelift, while also recognizing that the IoT security wrinkle may itself provide an opportunity via hardware-based security as the backbone of the connected world. But this will require semiconductor companies to move into software to address data, cloud, and usability management issues, so concluded a panel of four presidents and CEOs plucked from the upper echelons of the industry.
Predictions of connectivity applications were wide and varied, ranging from smart cars, smart factories and smart cities to smart lives, but Gregg Lowe, president and CEO of Freescale Semiconductor summed up the possibilities. “In 2016 we will have cars that can’t crash, can preorder a parking spot at your restaurant, and communicate with your car if you have a heart attack at the table.”
It sounds good, but on the path to IoT, the issue of data and device security looms large. For Reinhard Ploss, CEO of Infineon Technologies AG, this is actually a plus. “The semiconductor industry opportunity is hardwired security to provide a backbone to which all applications can be attached.” For this to happen, however, semiconductor companies must also move into software and data security. “We need the Cloud for ubiquitous usage,” he said, a point not lost on Carlo Bozotti, president and CEO of STMicroelectronics Application Gmbh, who responded, “The opportunity [for semiconductor companies] is in the cloud.”
Europe is already ahead of the US and most of the world in building out the infrastructure for the cloud and connectivity, according to Ploss, thanks to the infrastructure it has in place from its leadership in smartphones.
Still, said Clemmer, usability is a key issue for IoT devices
Tomi Engdahl says:
If it is a software provided, it can be hacked
Infineon Reinhard Ploss began by requiring that the IoT requires a secure channel. – This is my own datastani. Who manages it? It is absolutely essential to the security operation.
Plossin, the user can not install the IoT devices and Iiden security. This is an electronic firms do. – Keep in mind that security should be maintained, even when the internet is not available, Ploss said.
NXP’s Clemmer Rich reminded the security with the mercenary. – If you take the data security, software, it is always possible to hack. An iron-based security is the only possible way to go.
An important issue for the IoT’s case is who owns the data. Infineon Ploss believes that the end user gets to choose what data they share. – Sensor Networks produce a large amount of data, which most do not give a damn. It is the user’s discretion, wishes to share its data and get it to receive a service.
Source: http://etn.fi/index.php?option=com_content&view=article&id=2061:jos-se-on-softaa-se-voidaan-hakkeroida&catid=13&Itemid=101
Tomi Engdahl says:
Mitigate cyber security hazards in smart grids
http://www.edn.com/design/wireless-networking/4437144/Mitigate-cyber-security-hazards-in-smart-grids?elq=154061b26c17454397df1aead6e3340d&elqCampaignId=20152
Smart grids employ information and digital communication technology to gather information (such as about the usage demands of consumers) in an automated fashion, and they act upon it to bolster the reliability, economy, efficiency, and sustainability of generation and distribution of electricity. In the process, they advance consumer participation in grid operations, thereby facilitating the integration of all involved. The whole concept of smart grids addresses environmental issues and power delivery constraints and disturbances
The security of smart grids is one of the most daunting issues. Gaining access to the entire network has never been easier, for nodes (mostly meters) in case of such grids, cannot be all guarded by secured servers or be kept under surveillance all the time. Imagine the colossal amount of losses a fame-hungry hacker could cause to the utility, if he were to exploit any of the vulnerabilities of these grids. All that one has to do to attack is to become a customer of the utility. Not only does this provide ease of access to the nodes, but the existing state of lack of security of the supervisory control and data acquisition (SCADA) systems, which are the very heart and soul of these grids, is of great concern
Traditional Network Objectives
The four main objectives that traditional information technology (IT) and SCADA networks focus on are confidentiality, availability, integrity, and timeliness.
Confidentiality means that only the authorized person should have any access to information related to the specific systems (or the users of the grid). Any user’s information could be readily available in the grid network, and if this data is not secured, it could easily spell a disaster in the attacker’s hands.
Availability means that any component of the system should be available for use as and when it is needed. In the context of a smart grid, it could simply mean that power supply is available in an uninterrupted fashion to the user.
Integrity or authenticity implies that any correspondence received from the user’s end (or any node of the grid) should be thoroughly authenticated, and only then shall it be acted upon. This means that not only the contents of each message should be verified and authenticated, but the source of the message shall also be confirmed.
Timeliness expresses the time criticality of control systems. It includes the timeliness of any related data being delivered in its specific, given time period, i.e., the data is only valid in its given time period, and the responsiveness of the system. Hence, it should be made sure that only the right data is processed at a given time.
Threats and Vulnerabilities
Vulnerabilities gives attackers access to the network, enabling them to break the confidentiality and integrity of the transmitted data, destroy the timeliness of the service, and/or make the service unavailable.
Types of Attacks
Attackers can affect the system in many ways, which are mainly classified as attacks on components, protocol systems, or topologies.
New Challenges
Unfortunately, a rubric security solution such as one used for an IT network, cannot be used for smart grid applications because there are many dissimilarities in terms of usage, topology, etc. between the two. IT networks have a flexibility of rebooting or updating in case of any malfunctioning whereas this is not possible with Smart Grids as a system cannot shutdown even for a small duration
The following points should be considered while developing such solutions:
• It should be compatible with any kind of operating system.
• System performance should not be hampered.
• It should be easily upgradeable without much hardware changes.
• It should be tolerant to minor instances of misuse by the operator.
• Security solution should not be as large or expensive as to make its use prohibitive.
Looking Ahead
Security systems for future smart grids should:
Inculcate the Internet protocol version 6 (IPV6) as a smart grid communication protocol along with synchrophasor security, behavioral economics, and remote controllability of energy sources.
Use PKI in the smart grid, as discussed above.
Resolve privacy concerns regarding customer information and the power system data transfer via the smart grid.
Implement a robust security approach for the smart grid as a future priority to achieve proper authentication in any device communication via the smart grid.
Secure the trusted device profile and implement and develop the smart grid certificate lifetime.
Address all the newly created vulnerabilities of the smart grid.
Tomi Engdahl says:
Helping to Overcome Internet of Things Security Challenges with Wireless Infrastructure
http://rtcmagazine.com/articles/view/103796
Some key embedded security technologies can be used both in the IoT endpoints and sensors, as well as in the IoT infrastructure to provide a defense in depth against tomorrow’s cyber threats. It is important that these measures be incorporated as the network is established and not as afterthoughts.
The embedded devices or “things” are typically linked to a physical item and have the primary function of communicating with that physical item. That communication might be read-only (i.e. monitoring) or read/write (monitor and control), and the data that is communicated can be read or initiated by either humans or machines (M2M). These physical systems can include smart meters and electricity control breakers for power control, or valves and flow meters for oil and gas. Either way, the quality and security of the data is paramount to the reliable function of the system. These embedded devices are networked (to receive or provide data), but are typically not linked directly to the Internet, as they are normally connected to a proprietary network that is usually local to the facility where the “things” are physically located. This could be an electricity substation, or a whole oil and gas plant, depending on the scale of the system. In the days before IoT, this was a relatively secure network, as access could only be obtained by being physically present at the site, and so could be contained using physical security measures (security guards, barbed wire, etc.). As the cost and convenience of wireless networking has spread to these local networks, the physical security measures may not be quite as effective, since hackers could reside outside of the physical site and still gain wireless access to the network. So effective protection is required on both the embedded devices and the local network, but this is still relatively low on the security risk spectrum, compared to where this data goes next
For our ubiquitous IoT world, the data from these embedded devices now needs to be aggregated and fed to the people or machines that will use this data. This could include management and billing for the electric grid, and plant logistics, yield management, safety and control for oil and gas plants. Assuming that these consumers of the data are not physically located on site, this data will need to speed its way to another location, typically using the same Internet that everyone else in the world is connected to. Quite how much data leaves the site really depends on the application of the data, and also on how much local intelligence, aggregation and storage is available.
So, a defense in depth strategy needs to implemented, to help protect all the vulnerable parts of the network from all types and methods of cyber-attack. Luckily, technology is available that if used when the network is being designed (rather than as an afterthought), could dramatically reduce the chance or effect of an attack. Much of this technology has evolved to meet the security needs of the Department of Defense (DoD), which has been operating secure remote networks for decades, and where a compromise in any part of the network could be fatal to national security and hence not an option.
Firstly, security. The small separation kernel is the only software item at the highest privilege level, and if designed properly it will not contain untrusted elements such as device drivers or software stacks, as they can now reside in the lower privilege guest OSs. This substantially reduces the “attack surface” of the highest privileged software.
Secondly, flexibility, suitability and performance. By having multiple guest operating systems in their own secure domains, we can now choose which OS best suits which domain. Before virtualization, a single OS had to control all the tasks in the router, and that generally meant adding general purpose functionality to an RTOS, or sacrificing real-time performance by using a GPOS.
Tomi Engdahl says:
Is Open Source Wireless Connectivity Worth the Security Risk?
http://rtcmagazine.com/articles/view/103779
The Heartbleed security breach, based on OpenSSL, raises the spectre of attacks across a range of wirelessly connected embedded devices. Rigorous software development processes are critical for protecting wirelessly connected devices in the Internet of Things.
Moving to Secure Embedded Software Components
The commercial market for standard software components has been damaged by free software from many sources. How this affects professional companies who need good quality code and support is not obvious. It seems that developers lose the benefits of scale that using specialist providers brings. HCC, an embedded software vendor, has always focused on high quality, reliable components, such as failsafe file systems, but we are working on components developed to standards of verifiability. Ultimately many of these will achieve certification under the IEC 61508 SIL3. We strongly believe that key components of embedded software should be developed once and reused in many environments. Providing these components with the necessary life-cycle support and documentation can make this level of quality more affordable across the industry.
The security of devices has become a critical issue for both device manufacturers and consumers. Wireless embedded devices have specific security issues based on their applications, though a large part of making them secure requires a rigorous approach to the development of software for them. As in similarly sensitive fields such as aerospace and medical, a formal approach to development will significantly reduce the probability of a major incident with a product
Tomi Engdahl says:
DeepCover Secure Authenticator for Embedded Security
http://www.eeweb.com/company-news/maxim/deepcover-secure-authenticator-for-embedded-security/
Designers can now perform secure wireless data communication on their embedded systems without needing the host microcontroller, but by simply using a single MAX66242 DeepCover Secure Authenticator from Maxim Integrated Products, Inc.
The DeepCover Secure Authenticator (MAX66242) is a transponder IC that combines an ISO/IEC 15693 and ISO 18000-3 Mode 1-compatible RF front-end, an I2C front-end, a FIPS 180-based SHA-256 engine and 4096 bits of user EEPROM in a single chip. A bidirectional security model enforces two-way authentication between a host system and the MAX66242. Each device has its own guaranteed unique 64-bit ROM ID that is factory programmed into the chip. This ROM ID is used as a fundamental input parameter for cryptographic operations and serves as an electronic serial number within the application.
The MAX66242 secure authenticator is an advanced tag that combines a wireless NFC/RFID interface with an I²C interface. Designers can now collect vital system data from portable devices even when the main energy source on the master device is not functional.
The MAX66242 enables wireless, contactless data collection between a host and slave device.
Tomi Engdahl says:
Test Your Way to a Better IoT
http://www.eetimes.com/author.asp?section_id=36&doc_id=1324680&
Better design and test procedures will lead to much lower maintenance costs than for systems where those precautions have not been taken.
The Internet of Things (IoT) promises a lot. By providing simple sensor and actuator nodes with both local intelligence and access to compute resources spread across the network, it promises to provide the infrastructure not just for smarter systems but systems of systems. Simply by adding new software and compute power, it will be possible to deploy additional services without having to change the things themselves.
But with such power comes a greater responsibility. Week after week of announcements of successful hacks — an increasing number of which are focused on embedded systems and other things at the edge of the network — underline how important security is to this new generation of devices. And they need to be able to ensure resilience under other problems, such as failing sensors, applications failing to access them correctly or errors in the data they are passed.
Because many of the devices will often be practically inaccessible, the “patch and pray” strategy used for many desktop software packages is unlikely to be an effective strategy for many forms of IoT devices. They will need to be shown to be secure against a wide range of attacks. Patching can only be used for extreme situations where certain types of hack were unforeseeable at the time of design. This puts a much greater emphasis on the design and test strategy used to implement IoT devices.
IoT devices are likely to be designed independently of each other making it almost impossible for the device design team to test for specific problems caused by other parts of the system.
The UK has taken a lead on the issue of trustworthy systems with the release of a standard designed to improve the ability of software to avoid failures and resist attacks. The Trustworthy Software Initiative has backed the British Standards Institute’s PAS 754:2014 standard, which identifies five aspects of software trustworthiness — safety, reliability, availability, resilience, and security — together with ways in which to achieve them.
There is, however, a spinoff benefit to taking trustworthiness into account. Better design and test procedures will lead to much lower maintenance costs than for systems where those precautions have not been taken.
Tomi Engdahl says:
Experts Call for Secure Sensors
http://www.eetimes.com/document.asp?doc_id=1324733&
Sensor nodes are the most vulnerable point of attack in an Internet of Things ecosystem, so securing the trillions of sensors industry experts expect is of the utmost concern.
“Once you get the sensor data out to the gateway, everything behind that is as good as any enterprise security. Now that we’re moving to such a large number of sensors, the problem is expanding quite a bit,” Sandhiprakash Bhinde, director of innovation and future IoT solutions at Intel, said at the TSensors Summit. “There are 50 billion devices and most of them are unprotected. Every time something gets hacked it’s a loss of economic value.”
Bhinde pointed to a 2012 malware attack on Saudi Arabia national oil firm Aramco that halted 30,000 network workstations, as well as a physical attack on a Pacific Gas & Electric substation in California — those networks presumably were more fallible than expected.
“I think, bottom line, this is just the tip of the iceberg,” Bhinde told attendees, adding that home devices aren’t safe either. “Most houses have a lot of different types of devices and I think the problem really amplifies when… you don’t know who’s looking at them or what data is coming out of those devices.”
Software-based sensor attack rates are rising as sensor data is often unprotected by APIs, creating a number of challenges for both end-user devices and larger network systems. In-system memory buffers and sensors with always-on capabilities allow for easy access to sensor data, Bhinde said.
Tomi Engdahl says:
Three security practices that IoT will disrupt
http://www.networkworld.com/article/2599231/data-protection/three-security-practices-that-iot-will-disrupt.html
As the field of IoT devices continues to grow, so do the threats to well-established security practices
Right now, there are hundreds of companies churning out “Internet of Things” (IoT) devices as fast as they can.
Today we’re seeing IoT devices, even medical devices, ship with:
default passwords such as “1234”
vulnerable services such as “telnet” enabled
firmware updates that depend on (easy to spoof) HTTP calls
web applications that allow users to easily bypass authentication
…and other vulnerabilities that we (as a security community) thought we addressed more than a decade ago.
However, there are some organizations with the courage and foresight to swim against the tide of insecure IoT devices.
For developers and IoT vendors, there is a “Top 10 IoT Vulnerability” guide now available from OWASP (the organization that previously brought you the “Top 10 Web Vulnerability” list) and a resource site called “BuiltItSecure.ly” that digs into security best practices on several popular IoT platforms.
For consumers and businesses, organizations such as the Internet of Things Security Laboratory promise to list and rate devices by their “hackability,” allowing people to make informed decisions before buying insecure devices.
Tomi Engdahl says:
For developers and IoT vendors, there is a “Top 10 IoT Vulnerability” guide now available from OWASP (the organization that previously brought you the “Top 10 Web Vulnerability” list)
OWASP Internet of Things Top Ten Project
https://www.owasp.org/index.php/OWASP_Internet_of_Things_Top_Ten_Project#tab=OWASP_Internet_of_Things_Top_10_for_2014
and a resource site called “BuiltItSecure.ly” that digs into security best practices on several popular IoT platforms.
http://builditsecure.ly/
Tomi Engdahl says:
The OWASP Internet of Things Top 10 – 2014 is as follows:
I1 Insecure Web Interface
I2 Insufficient Authentication/Authorization
I3 Insecure Network Services
I4 Lack of Transport Encryption
I5 Privacy Concerns
I6 Insecure Cloud Interface
I7 Insecure Mobile Interface
I8 Insufficient Security Configurability
I9 Insecure Software/Firmware
I10 Poor Physical Security
Source: https://www.owasp.org/index.php/OWASP_Internet_of_Things_Top_Ten_Project#tab=OWASP_Internet_of_Things_Top_10_for_2014
Tomi Engdahl says:
Coming Soon: Murder By Internet
http://www.cio.com/article/2852589/security0/coming-soon-murder-by-internet.html
Imagine a fleet of quad copters or drones equipped with explosives and controlled by terrorists. Or someone who hacks into a connected insulin pump and changes the settings in a lethal way. Or maybe the hacker who accesses a building’s furnace and thermostat controls and runs the furnace full bore until a fire is started.
Those may all sound like plot material for a James Bond movie, but there are security experts who now believe, as does Jeff Williams, CTO of Contrast Security, that “the Internet of Things will kill someone.”
Williams, whose firm provides application security, doesn’t know exactly how IoT might be used to kill someone or what device will be implicated in the nefarious scheme, but considers it a certainty that a connected device will play a role in a murder.
Similarly, Rashmi Knowles, chief security architect at RSA, said something similar in a recent blog post, imagining criminals hacking into medical devices and starting “a complete new economy” by blackmailing victims.
“Question is, when is the first murder?” wrote Knowles.
Today, there is a new “rush to connect things” and “it is leading to very sloppy engineering from a security perspective, which makes … internet of things devices very attackable — the way web applications were 10 years ago,” said Williams.
Tomi Engdahl says:
With the rise of the Internet of Things, what measures can we take to better secure ourselves in regards to home devices (laptops, smart-tvs, etc)?
mikkohypponen:
Well, you won’t be running an antivirus on your washing machine or toaster, that’s for sure.
The real-world attacks against IoT devices are still limited – mostly because the ways of making money by hacking washing machines and so are limited.
As a result, the IoT security solutions aren’t really widely available yet. They will be in the future though.
Source: http://www.reddit.com/r/IAmA/comments/2o1il1/i_am_mikko_hypponen_a_computer_security_expert/
Tomi Engdahl says:
Hacker Guru: “The Internet of Things is a new worm can”
All fanatical Internet of Things, IOT to. The renowned security researcher, even hacker guru held Samy Kamkar predicts that the future we will see a lot of attacks against the IOT-products. Over the years, Kamkar has found a number of significant security holes (PHP, credit cards, iOS, Android, Windows phone).
He believes that most of the Internet of Things in the product developers are trying primarily to design and publish products, and ensure safety.
“The Internet of Things will open a new jar of worms,”
Often, the Internet of Things products used in Linux. It can almost imagine itself to confer protection against attacks. Belief is wrong.
“Linux has its own vulnerability and attack vectors which people should pay attention to”
Source: http://summa.talentum.fi/article/tv/uutiset/115176
Tomi Engdahl says:
Two key issues that govern success in IoT in the future:
1. Solve real problems
We need to be very open to different ideas, to be able to test them as quickly as possible and to start implementing the best.
2. Keeping in mind the safety
No one knows how to secure all connected equipment. This requires the active preparation and anticipation of problems.
“We already have the technology and talent to new large entities”
Source: http://summa.talentum.fi/article/tv/uutiset/115276
Tomi Engdahl says:
Protect Your Designs from Malware
http://www.eeweb.com/company-blog/maxim/protect-your-designs-from-malware/
Security for embedded systems should be a top priority considering that we are in the age where everything that depends on cyber technology are prone to malware attacks. The intrusion of malicious threats to the designs may cause a range of harmful effects most especially if it concerns about health, personal and financial issues. This application note will tackle on protecting embedded system designs with the help of Maxim’s DeepCover MAXQ1050 Secure Microcontroller.
Embedded system security is a growing concern. There are new attacks on embedded systems every day, including on systems involved with health or safety. One type of attack is malware injection, the insertion of malicious code into a webpage. Once an attacker has succeeded in making a device run a fraudulent piece of software, this unauthorized software can:
Send confidential data externally: If used in the medical industry, malware injection could cause devices (such as a portable ECG) to inadvertently transmit personal health information. In perhaps a more wide-reaching effort, malicious software could make an encryption key to accessible to the public.
Force the device to operate incorrectly: A famous example of this is the Stuxnet virus, which after infecting programmable logic controllers (PLCs), forced centrifuges to run at different speeds than expected.
Induce an unpredictable device behaviour: This includes behaviors that could threaten human life.
A properly secured boot process allows only authorized software to run on a given device. It thus prevents malware injection, even during update phases. To bring a high level of trust, a secure boot must rely on proven cryptographic algorithms. This, however, creates several challenges:
The most appropriate algorithms are asymmetric ones, which require intensive computing power.
The keys associated with these algorithms must be protected.
The implementation must be flawless.
In many systems, these requirements can be challenging to implement. However, adding a secure microcontroller as a coprocessor like the MAXQ1050 can efficiently support a secure boot implementation while guaranteeing a very high level of security.
Tomi Engdahl says:
Whitelist Helping Identify Industrial Control Malware
http://www.eetimes.com/document.asp?doc_id=1324859&
Cyberattacks on industrial controls systems (ICS) such as SCADA have been increasing, as the discovery of the Blackenergy and Havex malware this year indicates. And the increase has been dramatic. According to a recent report from NSS Labs, reports of ICS cyberattacks have risen 600% since 2010.
Unfortunately, according to Billy Rios, a security specialist and the founder of Laconicly, much of the binary code in ICS systems is not digitally “signed,” making it difficult to determine which code segments have been corrupted or simply do not belong. To ease that determination task, Rios started a personal project to create a whitelist of SCADA installation files that are known good, gathered from original installation media and running systems. He has released that whitelist as a free online service under the name WhiteScope.
The WhiteScope project gives users the ability to compare the file contents in their systems against the files in the whitelist using file hashes. It can be a tedious process,
However, Rios says that WhiteScope is not a fully comprehensive database, so a miss when seeking to compare a file does not necessarily mean that the subject file is invalid.
WhiteScope – An Online ICS/SCADA Whitelist
http://www.icswhitelist.com/static/about.html
WhiteScope is a free service that compares file contents and file hashes with “known good” files from ICS/SCADA installation media.
WhiteScope maintains a database of file hashes, registry changes, processes, and loaded modules for ICS/SCADA software. These artifacts were gathered from installation media and running systems. The whitelists can be used for initial triage during incident response engagements, security assessments, intrusion detection/prevention products.
Tomi Engdahl says:
Embedded security rises and falls with crypto key management
http://www.edn.com/design/systems-design/4437801/Embedded-security-rises-and-falls-with-crypto-key-management
Embedded systems face ongoing threats of penetration by persistent individuals and organizations armed with increasingly sophisticated tools. On-chip security features do serve as fundamental enablers for secure systems but can provide a false sense of security without a broader view of security policies. Consequently, the trend toward enterprise-level security lifecycle management emerges as the most promising solution for hardened security in embedded systems underlying the explosive growth of interconnected applications.
Semiconductor manufacturers have made great strides in providing strong hardware-based foundations for security.
Growing hardware support for security does not necessarily translate into greater assurance of continued security. According to Kerckhoffs and Shannon, companies should assume that the algorithms and, in the present context, the physical circuits used to execute cipher operations are compromised from inception. Basic security policies including layered security and compartmentalization do provide important benefits in complicating the task of would-be attackers. Yet, the notion of security by obscurity has repeatedly been proven inadequate. Current events show that the secrets contained in any system can be exposed by an insider, by a persistent individual, or by organizations with national resources behind them.
Tomi Engdahl says:
Future-proof secure hardware root of trust technology
http://www.edn.com/electronics-products/other/4437838/Future-proof-secure-hardware-root-of-trust-technology
Elliptic Technologies has unveiled tRoot, its future-proof secure hardware root of trust technology targeting the increasing security challenges in the Internet of Things (IoT).
tRoot is a highly-secure foundation of trust that enables connected devices to securely and uniquely identify and authenticate themselves to create secure channels for remote device management and service deployment for further revenue opportunities.
IoT devices will identify, communicate and automate amongst themselves with respect to other devices and the cloud. However, with these opportunities come enormous threats. Devices and machines with sensors, actuators and other data sources transfer information into aggregation points and gateways that can funnel through limitless paths with varied levels of complexity. Addressing security concerns in this challenging environment with a robust and flexible solution is essential for widespread IoT service deployments.
Tomi Engdahl says:
Soon, almost every network has IoT-hacking
In 2020, the world of 20 billion networked device so-called Internet of Things. Or 50 billion depends on the teller. IDC predicts that in two years from 90 per cent of the global IT networks have been IoT data theft.
The figure is strikingly high. At the same time, it shows how important element of security is the future IoT networks.
IDC also predicts that after five years 90 percent of all IoT devices from collecting the data is located in the cloud services.
Source: http://www.etn.fi/index.php?option=com_content&view=article&id=2166:pian-lahes-joka-verkossa-iot-tietomurto&catid=13&Itemid=101
Tomi Engdahl says:
7 steps to security for the Internet of Things
http://www.edn.com/electronics-blogs/eye-on-iot-/4437871/7-steps-to-security-for-the-Internet-of-Things-?_mc=NL_EDN_EDT_EDN_today_20141208&cid=NL_EDN_EDT_EDN_today_20141208&elq=ec0ac1e560c248fe9cab225dafc71db7&elqCampaignId=20555
The Internet of Things (IoT) will be everywhere in many shapes and forms. But security is one of the hurdles that could trip up the growth of the IoT. Following security principles used in enterprise computing can help clear that hurdle.
What does enterprise-class security really mean in the case of an IoT cloud-based platform? Here are seven key principles.
End-to-end security mechanisms: Mobile apps and connected devices must be authenticated separately. Both the mobile app and the end user’s credentials must pass authorization. The identity of the connected device is best maintained in hardware. That is, the device’s credentials can be burned into its connectivity module at the factory, so it’s not exposed to anyone. This dramatically raises the bar for spoofing. Someone would have to steal your device, your mobile app, and your password.
End-to-end data encryption: Standard-based encryption from device to mobile app is arguably one of the best deterrents of data theft. Many services encrypt data once it gets to their datacenter, but in many ways data is more vulnerable when it’s in transit. The challenge with doing this from end to end is making all the authentication and key management happen without user configuration, so the data encrypts automatically.
Access and authorization control: This means giving different user types different levels of data access. Consumers might let their utility link to their thermostat to turn down the AC on peak power days. But the utility would be able to using the data for power consumption analysis only. Or maybe consumers would give retailers limited access to monitor their AC for proactive maintenance and repair.
Activity auditing: IoT device manufacturers and service providers need to keep log records so that any breaches can be traced back to the source. Auditing data is also an important way to identify patterns that can pinpoint problems before they happen. Additionally, it’s a way to rate vendors. If businesses could compare the security practices of vendors in an open and honest way, cloud providers and IoT service providers would have a huge incentive to invest in security.
Hardened cloud infrastructure: Hosting data in the cloud can be far more secure than keeping it at home or in a company-run datacenter. Cloud providers can invest more money and personnel in strengthening their operations against attack. But you still see hackers gaining entry into well-known organizations. How do you know security best-practices are followed? ISO 27001 is a security certification standard that specifies security management best-practices and comprehensive security controls for datacenters and other environments. For example, Amazon Web Services (AWS) is compliant with ISO 27001.
Equal protection across multiple protocols: Devices will communicate over WiFi, cellular, ZigBee, Bluetooth, and other wireless (and wired) protocols. Security has to be equally strong across all of them, regardless of whether the mobile app is talking to a connected device over the Internet or locally (e.g. at home, on the same WiFi network as the connected device).
Education: Vendors have to be ready to teach consumers and buyers — through easy-to-read web pages or through their customer service desk — why security is important and why they need to think about it. Sadly, human error is still one of the biggest cybersecurity vulnerabilities.
Together these measures will significantly increase the security for the Internet of Things.
Tomi Engdahl says:
Case study: prototyping IoT ideas
http://www.edn.com/electronics-blogs/eye-on-iot-/4437685/Case-study–prototyping-IoT-ideas
Tomi Engdahl says:
Intel Unifies and Simplifies Connectivity, Security for IoT
Announces Platform, Products and Expanded Company Ecosystem Designed to Accelerate Adoption and Innovation
http://newsroom.intel.com/community/intel_newsroom/blog/2014/12/09/intel-unifies-and-simplifies-connectivity-security-for-iot
NEWS HIGHLIGHTS
Intel® IoT Platform unifies gateway, connectivity and security components to simply deploy IoT.
Designed to provide a repeatable foundation for devices to deliver trusted data to the cloud.
New integrated hardware and software products based on the platform.
Announces new relationships with Accenture*, Booz Allen Hamilton*, Capgemini*, Dell*, HCL*, NTT DATA*, SAP*, Tata Consultancy* and Wipro* to develop and deploy solutions on the Intel IoT Platform.
The new products from Intel include:
Wind River Edge Management System provides cloud connectivity to facilitate device configuration, file transfers, data capture and rules-based data analysis and response. This pre-integrated technology stack enables customers to quickly build industry-specific IoT solutions and integrate disparate enterprise IT systems, utilizing API management. The cloud-based middleware runs from the embedded device up through the cloud to reduce time to market and total cost of ownership.
The latest Intel® IoT Gateway will integrate the Wind River Edge Management System via an available agent so gateways can be rapidly deployed, provisioned and managed throughout the life cycle of a system to reduce costs and time to market. In addition, the gateway includes performance improvements, support for lower cost memory options and a broader selection of available communication options. Intel IoT Gateways are currently available from seven ODMs with 13 more releasing systems in early 2015.
To get value out of the data generated in deployments using the Intel® IoT Platform, developers need a powerful yet easy-to-use approach to big data analytics. Intel is expanding its cloud analytics support for IoT Developer Kits to include the Intel® IoT Gateway series, in addition to Intel® Galileo boards and Intel® Edison Modules. Cloud analytics enables IoT application developers to detect trends and anomalies in time series at big data scale.
McAfee, a part of Intel Security, announced Enhanced Security for Intel IoT Gateways in support of the Intel IoT Platform. This pre-validated solution adds advanced security management for gateway devices.
Intel Security also announced that its Enhanced Privacy Identity (EPID) technology will be promoted to other silicon vendors. EPID has anonymity properties, in addition to hardware-enforced integrity, and is included in ISO and TCG standards. The EPID technology provides an on-ramp for other devices to securely connect to the Intel IoT Platform.
The Intel API and Traffic Management solution utilizes Intel Mashery solutions to enable creation of building blocks that make it easy to build new software applications. Customers of the Intel IoT Platform today have access to the Intel Mashery API management tools to create data APIs that can be shared internally, externally with partners or monetized as revenue-generating data services for customers.
Tomi Engdahl says:
5 ways to prepare for Internet of Things security threats
http://www.networkworld.com/article/2855207/internet-of-things/5-ways-to-prepare-for-internet-of-things-security-threats.html
For businesses and consumers alike, the Internet of Things is helping create smarter, more efficient devices. For enterprise IT and security professionals, it’s also creating a headache.
Many businesses are eager to deploy smart devices and the Internet of Things (IoT) to capitalize on the many benefits. That excitement, however, may be clouding their judgment when it comes to the security risks. A recent survey of both IT executives and professionals published by cybersecurity company Tripwire found that 63% of C-level executives said they were likely to adopt the IoT to increase productivity and efficiency, while just 27% reported being “very concerned” about the security risks.
On the other hand, just 30% of responding IT professionals said their company is even equipped to determine whether IoT products would be secure in their environment, and 59% of those working in mid- and large-sized businesses said they believe the Internet of Things could potentially become “the most significant security risk on their network.”
Tomi Engdahl says:
IoT’s security threats, IT bosses weight
IoT will bring more intelligent devices, as well as business and consumer needs. Enterprise IT and security professionals, in particular objects or things internet also cause headaches.
Today, many companies are taking eager to use the IoT devices and systems, for example, to remain competitive. Qualified IT management task is to control it, however, that this does not entail excessive security risks.
Kyberturvaa offer Tripwire recently published study showed that almost two-thirds of the top-level company executives believe the IoT’s to overwhelm their productivity and efficiency.
Safety risks were very concerned, only 27 per cent of respondents for IT and business professionals departments, Network World writes .
On the other hand, only 30 percent of CIOs say that their companies used only known to be safe for IoT products.
In contrast, 59 percent of large and medium-sized enterprises of the leaders is of the opinion that things can not open the internet security companies a real worm jar; they like the IoT: s most significant cyber risk.
IoT is already all over the labeled cyber attacher the playground. The security provider Proofpoint revealed last January, the first certified devices against the attack of intelligent homes.
According to the company malicious bot attack targets were over 100 000 consumer device with e-mails sent through the network spread to about 750 000 malware.
Proof Net, only a quarter of malware spread the devices had computers or smart phones. The rest were smart TVs and refrigerators or similar devices.
Corporate world is closely looked example is the US department store Target huge data breach last year.
The attackers were able to Target systems, intelligent air-conditioning systems and sensors via the IoT, security, investigative Brian Krebs revealed the extent of the attack.
“IoT has sought specifically to savings. On the other hand, the fact that service providers are forced to double the security systems and the increased scrutiny, create more costs,” he says.
“Speaking of costs, service providers, solutions will tend to be cheaper than their own specialist staff recruitment and training,” he continues.
Target and its service provider’s antics are still under the magnifying glass. The scandal showed everyone at least clearly IoT’s risks.
In the past, companies did not have to worry about cyber security, at least not when they purchase office equipment.
Now that the traditional fools equipment is replaced with the linked intelligent devices, IT departments and other purchases must decide together
Gartner CEO Hugh LeHong warned a year ago smart device companies caused by the flood of security risks. Today, these problems are widespread in all the hospitals always expensive equipment rooms, coffee vending machines.
“CIO shall avail themselves realize this thing. Even if the company does not even own a smart sales devices, their management, information security, software licenses and maintenance explore together the business departments with the people,”
IBM global leader in network architecture Kirk Steinklauber compared last month’s blog on smart devices update problems with nightmares.
“Just as we did not have enough problems with computers, smart phones and tablets in keeping up to date. The situation is challenging when companies flooded with millions of new devices that have been updated, and which must be kept clean bugs,” he wrote.
Moreover, the problem is not only the equipment, but also of their software applications.
All this further increases the need for cooperation between the IT department and the others. It’s considered to establish clear policies smart devices and dotting management and supervision.
Management and control of the challenges IT departments have already received a lot of workers a taste of their own devices (BYOD) become more common. Bug prevention is much more difficult after the house systems, access equipment has already been introduced.
Despite everything, things the Internet is still in its infancy. The world’s biggest technology firm in the industry either not completely understood all of the IoT and the output of the little aspects and nuances.
Standards, platforms and common operating systems agreeing looms in the future. The situation reminds iOS and Android, the recent battle of mobile systems.
Competition for the Riptide has taken a hard class IT experts to the test of IoT to understand.
Cisco Systems was one of the first of this fact, which granted the IT giants. It announced in October a new, IoT’s education, security, and personnel providing services for the consortium.
As Cisco’s decision is only a couple of months, the remains of the IoT’s security for a long time as a gray area, and a cause for even in large companies.
Some people think that the IoT’s security risks foolish you should wait for clarification of the situation and stay far away from it.
Challenges and temptations is enough, because properly managed things the internet can open up great opportunities for both companies and national economies. Risks are available for both early adopter that the second remaining in the train.
Source: http://www.tivi.fi/cio/iotn+turvauhat+itpomojen+puntarissa/a1035382
Tomi Engdahl says:
Belden buys Tripwire for $710m: Will keep network burglers out of Internet of Things things
Firm hopes to fatten bottom line
http://www.theregister.co.uk/2014/12/10/belden_buys_tripwire/
Signal transmission firm Belden has agreed to buy security tools firm Tripwire for $710m in cash.
The deal, announced Monday, is expected to close in the first quarter of 2015, subject to customary closing conditions.
Tripwire’s security and compliance products, such as Tripwire Enterprise, will be further developed and marketed to industrial and broadcast markets as well as existing corporate clients. Tripwire’s widely used technology helps clients detect, prevent and respond to myriad security threats.
“We look forward to incorporating Tripwire technology into selected Belden products and providing Tripwire with access to existing Belden customers that are anxious to improve the robustness and security of their networks,”
Tomi Engdahl says:
5 rules for playing nice with IoT gateways
http://www.edn.com/electronics-blogs/eye-on-iot-/4437896/5-rules-for-playing-nice-with-IoT-gateways-?_mc=NL_EDN_EDT_EDN_today_20141210&cid=NL_EDN_EDT_EDN_today_20141210&elq=74338f0c2fb74ad88516d8ddfd90e6bb&elqCampaignId=20600
If the IoT is to prosper, it will need to scale massively. Devices old and new, complex and simple, intelligent and, well, not so intelligent will all need to work together without getting in one another’s way. One of the IoT’s main challenges will be the design of devices and their gateways to support interoperability.
As I mentioned in my last blog, the essential function of any IoT gateway is to establish and maintain a secure, robust, fault-tolerant connection between a cloud service and edge devices. Essentially, the gateway is the traffic cop of the IoT. It manages all the on-ramps and makes sure the traffic flows into and out of the cloud smoothly.
Here are some thoughts to consider when designing a modern IoT device.
Please talk to me
Respond quickly
Don’t be chatty
Never just go away
Tolerate multiple masters
Tomi Engdahl says:
7 steps to security for the Internet of Things
http://www.edn.com/electronics-blogs/eye-on-iot-/4437871/7-steps-to-security-for-the-Internet-of-Things-?elq=190523212ef04f7c9ea29730d384904d&elqCampaignId=20596
What does enterprise-class security really mean in the case of an IoT cloud-based platform? Here are seven key principles.
End-to-end security mechanisms: Mobile apps and connected devices must be authenticated separately. Both the mobile app and the end user’s credentials must pass authorization. The identity of the connected device is best maintained in hardware.
End-to-end data encryption: Standard-based encryption from device to mobile app is arguably one of the best deterrents of data theft. Many services encrypt data once it gets to their datacenter, but in many ways data is more vulnerable when it’s in transit
Access and authorization control: This means giving different user types different levels of data access.
Activity auditing: IoT device manufacturers and service providers need to keep log records so that any breaches can be traced back to the source. Auditing data is also an important way to identify patterns that can pinpoint problems before they happen.
Hardened cloud infrastructure: Hosting data in the cloud can be far more secure than keeping it at home or in a company-run datacenter. Cloud providers can invest more money and personnel in strengthening their operations against attack. But you still see hackers gaining entry into well-known organizations. How do you know security best-practices are followed? ISO 27001 is a security certification standard that specifies security management best-practices and comprehensive security controls for datacenters and other environments. For example, Amazon Web Services (AWS) is compliant with ISO 27001.
Equal protection across multiple protocols: Devices will communicate over WiFi, cellular, ZigBee, Bluetooth, and other wireless (and wired) protocols. Security has to be equally strong across all of them
Education: Vendors have to be ready to teach consumers and buyers — through easy-to-read web pages or through their customer service desk — why security is important and why they need to think about it. Sadly, human error is still one of the biggest cybersecurity vulnerabilities.
Together these measures will significantly increase the security for the Internet of Things. But the IoT will be at risk if end users believe the added steps required for strong security outweigh the value. Automated, push-button functionality absolutely can be done, but it is very difficult to develop well, and it requires an engineering team with deep experience.
Tomi Engdahl says:
Embedded security rises and falls with crypto key management
http://www.edn.com/design/systems-design/4437801/Embedded-security-rises-and-falls-with-crypto-key-management?elq=190523212ef04f7c9ea29730d384904d&elqCampaignId=20596
Embedded systems face ongoing threats of penetration by persistent individuals and organizations armed with increasingly sophisticated tools. On-chip security features do serve as fundamental enablers for secure systems but can provide a false sense of security without a broader view of security policies. Consequently, the trend toward enterprise-level security lifecycle management emerges as the most promising solution for hardened security in embedded systems underlying the explosive growth of interconnected applications.
Commercial embedded systems promise to test these fundamental principles beyond that seen in any other application area. In marked contrast to more conventional secure systems, these systems can be openly acquired by potential attackers, who at their leisure can work to tease out literally every bit of secret information using readily accessible tools.
Semiconductor manufacturers have made great strides in providing strong hardware-based foundations for security. More and more MCUs and specialized processors now include on-chip hardware accelerators for crypto operations, allowing secure real-time communications without loss of performance or increased communications latency. The trend continues in 2015 for inclusion of even more comprehensive hardware support for security.
Growing hardware support for security does not necessarily translate into greater assurance of continued security.
Inevitably, however, application and system security depend on preserving the secrecy of the all-important cipher key. Indeed, key protection is as old as cipher systems themselves. For protecting national security and military communications, security organizations have long relied on hardware key fill devices
For an embedded design organization, the industry is redefining the physical fill device through enterprise-level security lifecycle capabilities. Typically offered on a proprietary basis by individual semiconductor manufacturers these services provide key generation and protected storage in a secure environment.
Tomi Engdahl says:
Competition For A Place In The Internet of Things
http://www.tripwire.com/state-of-security/security-awareness/competition-for-a-place-in-the-internet-of-things-2/
The Internet of Things (IoT) is the newest buzzword on the block as it promises to connect our lives together in an ecosystem that understands how we live, work and play.
Whether we want to turn on the heat at our homes, use a webcam at work to connect with our international colleagues or be able to maintain our cars with the push of a button, the Internet of Things has the ability to help us connect the components of our lives into a mesh of interoperability.
However, it also has the potential to be a minefield of vulnerabilities that unsavory actors may want to exploit.
There is no shortage of information about the product horizons and possibilities for IoT—the options are endless. With this blue ocean opportunity, I believe the competition to be first to market will drive products to end users quickly (and often prematurely, from a security perspective).
Vulnerability Coordination for the Internet… of Everything
http://www.tripwire.com/state-of-security/vulnerability-management/vulnerability-coordination-for-the-internet-of-everything/
The Internet of Things, or IoT, is a fancy way of saying ‘same problem, different day’ in terms of security.
Most security professionals I know groan and roll their eyes each time they hear this buzzword –knowing that buzzwords aside, code is code, and all code contains security vulnerabilities. This is true no matter if the code is running on a server, desktop, laptop, tablet, phablet, phone, industrial control system, car, insulin pump, fitness tracker, home temperature control system, or refrigerator.
The issue we’re seeing in these latter products is that vendors—who have never run code inside these devices before or haven’t previously exposed their code to the Internet—are often the same vendors manufacturing them.
Tomi Engdahl says:
How New-Gen MCUs Handle Security in Cars
http://www.eetimes.com/author.asp?section_id=36&doc_id=1325016&
The incessant evolution of communication networks inside vehicles is quickly reducing the capacity of current security measures.
How many of us remember a time when car windows had to be cranked up and there were no seatbelts to secure us in case of an accident? A “secure vehicle” was one with locked doors.
With the introduction of the Advanced Driver Assistant System (ADAS) — with ABS, airbag, brake control, steering control, engine control, cruise control, stop-and-go, autonomous parking, integrated navigation system (GPS and Gallileo) — there is no question that the ecosystem of the automobile is becoming more interconnected and increasingly complex, but electronic devices have also replaced more trivial functions like light control, air conditioning, power windows, engine starting, door opening, adjustable and heated seats… The list of available options goes on.
Though progressing from a purely mechanical environment to the sophisticated universe of electronics has provided an added value in terms of comfort, as well as active and passive safety for driver and passengers, at the same time — because those engine control units (ECUs) are interconnected — significant security issues regarding privacy and data reliability arise.
For example, some decades ago, CAN was not designed to be robust in terms of security. In fact, any CAN message inside the car communication bus was broadcast to any other component and did not support any authorization, authentication, or encryption protocol.
Modern cars exchange messages using the CAN bus to open doors and start the engine. Those messages are swapped between an ECU inside the car and one inside an electronic key. If this system were compromised, a thief could easily steal the car. Also, a hacker could access the GPS inside the car to monitor frequent locations to find out where the driver is and when he leaves the car unattended.
Furthermore, wireless communication channels such as Bluetooth, GPRS, or UMTS for Internet mobile functions like email, SMS, video streaming, video calls, and so on, have enlarged the “attack surfaces” for hackers who could compromise any communication and driving system, or insert malicious software to steal data like a vehicle’s position in real-time, frequently used routes, and full conversations, by remote access.
By definition, an “open system” is exposed to a continuous increase of attacks through several methods. The incessant evolution of internal and external communication networks inside vehicles quickly reduces the capacity of current security measures to provide adequate protection for these systems.
Until now, only theoretical proposals have been suggested to protect cars from internal and external attacks, and the possibility for hackers to control any driving system (brakes, ABS, airbags, navigation), thus risking the vehicle occupants’ lives, is more real than we have suspected.
Those groups have proposed sophisticated software application models using cryptographic communication protocols, and also have proposed some very interesting guidelines, from a hardware point of view, to build more robust microcontrollers that can avoid illegal firmware alterations, unauthorized intrusions, and illicit misuse.
Tomi Engdahl says:
Protect your device’s credentials!
http://blog.nxp.com/protect-your-devices-credentials/
Welcome to our Connected World, in which the Smart Grid, Smart City, Smart Home, Industrial Internet and Connected Car are becoming a reality. A world where advanced control, monitoring and automation help increase productivity, reduce environmental waste, and improve people’s safety and quality of life.
In this world closed systems are vanishing, networks are highly interconnected (sometimes unintentionally), and for convenient remote access external devices are being connected to sensitive networks. Therefore sensitive information must be secure without affecting the network’s effectiveness. However each of the billions of devices in the field, from communication gateways to data concentrators, plays a key role in the overall infrastructure security. Each is a potential entry point into networks.
Investigations have shed light on the levels of protection and device integrity, particularly concerning how the keys involved in verifying software origin and version are handled. Heartbleed clearly revealed that security is essentially a matter of implementation. As no software-only based solution has been proven secure, it is important to isolate the keys from the application software, and to apply state-of-the-art tamper resistant techniques to guarantee integrity and/or confidentiality.
As the Internet of Things grows, security needs will continue to evolve and the deployment of a global and unique strong identity for each connected device becomes essential. This will require continuous developments in both hardware and software as end-to-end security is vital and will need to be performed at the application level. That also means looking at how devices are upgraded in the field and how counterfeit devices can be easily identified so any vulnerabilities or backdoors can be nullified.
- See more at: http://blog.nxp.com/protect-your-devices-credentials/#sthash.JszxW4mM.dpuf
Tomi Engdahl says:
Michael Mimoso / Threatpost:
Vulnerability in embedded web server software from 2002 leaves about 12M home routers exposed — 12 Million Home Routers Vulnerable to Takeover — More than 12 million devices running an embedded webserver called RomPager are vulnerable to a simple attack that could give a hacker man …
12 Million Home Routers Vulnerable to Takeover
http://threatpost.com/12-million-home-routers-vulnerable-to-takeover/109970
More than 12 million devices running an embedded webserver called RomPager are vulnerable to a simple attack that could give a hacker man-in-the-middle position on traffic going to and from home routers from just about every leading manufacturer.
Mostly ISP-owned residential gateways manufactured by D-Link, Huawei, TP-Link, ZTE, Zyxel and several others are currently exposed. Researchers at Check Point Software Technologies reported the flaw they’ve called Misfortune Cookie, to all of the affected vendors and manufacturers, and most have responded that they will push new firmware and patches in short order.
The problem with embedded device security is that, with consumer-owned gear especially, it’s up to the device owner to find and flash new firmware, leaving most of the devices in question vulnerable indefinitely.
“The vulnerable code is from 2002 and was actually fixed in 2005 [by AllegroSoft, makers of RomPager] and yet still did not make it into consumer devices,” Tal said. “It’s present in device firmware manufactured in 2014 that we downloaded last month. This is an industry problem; something is wrong.” – See more at: http://threatpost.com/12-million-home-routers-vulnerable-to-takeover/109970#sthash.qay5bYS0.dpuf
Tomi Engdahl says:
Embedded security rises and falls with crypto key management
http://www.edn.com/design/systems-design/4437801/Embedded-security-rises-and-falls-with-crypto-key-management?_mc=NL_EDN_EDT_EDN_today_20141218&cid=NL_EDN_EDT_EDN_today_20141218&elq=2c0040928de34be4b9f2bf91178fe23a&elqCampaignId=20789
Embedded systems face ongoing threats of penetration by persistent individuals and organizations armed with increasingly sophisticated tools. On-chip security features do serve as fundamental enablers for secure systems but can provide a false sense of security without a broader view of security policies. Consequently, the trend toward enterprise-level security lifecycle management emerges as the most promising solution for hardened security in embedded systems underlying the explosive growth of interconnected applications.
Semiconductor manufacturers have made great strides in providing strong hardware-based foundations for security. More and more MCUs and specialized processors now include on-chip hardware accelerators for crypto operations, allowing secure real-time communications without loss of performance or increased communications latency. The trend continues in 2015 for inclusion of even more comprehensive hardware support for security.
Tomi Engdahl says:
The number of cyberespionage attacks across the Web rose 15 percent between 2011 and 2013, according to a report by Verizon. The annual cost of a successful cyberattacks increased to $20.8 million in the financial sector, $14.5 million in technology and $12.7 in the communications industry, according to a Heritage Foundation report released just before the attack on Sony. The average cost for hacks at retail stores doubled in just a year to $8.6 million per company.
Most attacks targeting the US come from China and France, in addition to those originating on American soil, according to Internet research firm Norse. State-sponsored hacking is “undeniably on the rise,” said Kurt Stammberger, senior vice president of market development at Norse.
Source: http://www.cnet.com/news/sony-and-the-rise-of-state-sponsored-hacking/
Tomi Engdahl says:
Mike Masnick / Techdirt:
Chrome Security Team Considers Marking All HTTP Pages As ‘Non-Secure’
https://www.techdirt.com/articles/20141213/07112629425/chrome-security-team-considers-marking-all-http-pages-as-non-secure.shtml
Tomi Engdahl says:
Retailers Seem Less Concerned About Data Security
Despite the data disasters at Target and Home Depot, retail CIOs have a below-average interest in upgrading cybersecurity
Overall, 23 percent of CIOs say that increasing cybersecurity will be the most significant reason for IT investments this year.
But for now, the focus is on profits. “Retailers are under enormous strain to keep afloat.”
While many retail CIOs did not place security atop their priority lists, they’re not ignoring it. “I definitely put security near the top, in light of recent events like Home Depot,” says Jack Wood, CIO of Wayfair, a $916 million online retailer. “Anything that touches customer data tends to be a priority for us. Cybersecurity ranks among the highest for those.”
Wood says he’s addressing security by examining Wayfair’s technology stack and making risk assessments to ensure that he has made the right investments.
Source: http://www.cio.com/article/2860697/it-strategy/cios-need-to-snap-out-of-complacency.html?page=3