The rise of the Internet of Things (IoT) is not without danger, especially since the risks, which were once mostly confined to software, now extend to hardware, as well. Indeed, connected devices have become the new playground for cybercriminals. In this article, we describe examples of IoT security threats, limitations of security implementation in IoT devices, and promising security hardware products that might reduce these risks.
McKinsey & Company estimates that 20 to 50 billion devices will be connected to the Internet by 2020. Most of them will collect both private and confidential data and will be able to access other devices directly through the Internet. Until now, information security has focused mainly on the protection of personal data and the confidentiality of commercial data. However, as explained by researchers from the University of Cambridge in their paper about the standardization and certification of the IoT, the number of connected devices directly affecting our security and our daily lives will explode to include connected and autonomous cars, medical devices, and essential infrastructures like smart meters and electrical network systems. In order to fill this gap by 2020, Gartner estimates that IoT’s security spending will reach nearly $2.5 billion before approaching $3.2 billion a year later.
Examples of security threats:
The last few years bear witness to the massive growth and globalization of threats to IoT security, especially for sectors like healthcare, transportation, and smart grids, where the implications of a security breach are high. For example, a security breach can put the lives of patients at risk if present in a connected medical device, cause an accident for those on the road if an autonomous car is compromised, or threaten the security of the country’s electricity grid by allowing someone to hack the electricity meters, mess up safety valves, and much more.
Connected cars:
A Chinese student demonstrated that he could open the doors of a remote Tesla Model S. The intrusion had only a limited impact on driving, but it showed the risks inherent to connected cars. In a New York Times article, we learn that security researchers Charlie Miller and Chris Valasek have demonstrated that they can control a Jeep by taking a remote hand on the multimedia system. In this way, they managed to control the vital functions of the vehicle, including the engine, steering, and brakes.
So far, manufacturers have tended to favor technological advances over safety. However, once democratized, the connected car would still pose a large safety risk given these breaches and may limit the commercialization of autonomous vehicles if a secure solution is not identified.
Healthcare devices:
In August 2018, during the 26th edition of DEF CON, one of the most important conferences in the field of digital security, the safety of medical devices was once again one of the highlights of the event. Douglas McKee, a security researcher at McAfee, has worked on the reverse engineering of a health-specific network communication protocol called the Rwhat protocol, and he showed that it is possible for anyone connected to the same network to read the packets’ content through a simple frame analysis, gleaning sensitive information such as the name, date of birth, and patient’s room number, as well as their vital signs. He was even able to send packets, changing the heart rate displayed on the central monitoring station from 30 bpm to 180 bpm.
This demonstration shows the extreme vulnerability of connected medical devices and the interest of placing them in networks that are partitioned and, if possible, monitored. It also reminds us of the vital risks for the patient, because here, beyond the risk of loss of confidentiality, it is the life of the patient that can end up being threatened by a bad diagnosis, an incorrect medication, or the non-triggering of alarms on the vital signs, all of which could lead to the death of the patient.
Smart grids:
Smart grids are the energy infrastructure of supply networks that integrate the distributed actions of all connected users in order to efficiently deliver sustainable electricity. In 2015 and 2016, cyberattacks succeeded in penetrating smart grid control networks, shutting down power to a population of 1.4 million in Ukraine.
The U.S. Department of Homeland Security unveiled a security flaw that led to a denial-of-service (DoS) attack of the hardened grid and router company RuggedCom. In fact, an attacker can compromise the energy grid, since the company’s network has almost no checks or authentication steps. It is simply a matter of finding the key used to encrypt RuggedCom’s traffic. Such a breach make it possible to flood the bandwidth and resources of the entire smart grid management system.
Airplanes:
A team of security specialists managed to penetrate the system of a Boeing 757 remotely via radio waves in a disturbing demonstration that aims to draw attention to the inadequacies of aircraft computer security devices and the training of the personnel in charge of them. The details of the method used are confidential, and it is only known that the researchers used radio frequency to penetrate the aircraft’s onboard system.
Industrial manufacturing:
Connected devices and the IoT revolution allow manufacturers to precisely supervise and remotely control the entire production chain and assets. However, these are also new doors for hackers who can target the numerous possible entry points, with the hyperconnectivity of the production chain leading to costly and dangerous acts like sabotage and theft of data or industrial patents.
According to a survey by Deloitte, almost a third of manufacturers have never undertaken to evaluate the cyber risks associated with industrial control systems in their manufacturing facilities. Of those who did this type of evaluation, almost two-thirds used internal resources. However, such a bias could lead to flaws in the evaluation process.
This is why segmentation and isolation should be distinguished. Segmentation involves setting up several buffer zones around industrial control systems. By using a distributed control system, that is, autonomous controllers distributed in a system with a centralized operation monitoring function, manufacturers can segment their IoT and withstand several points of failure, for example, in case of a DoS attack. In other words, the manufacturing equipment is connected but operates behind many layers of security.
On the other hand, even segmentation presents risks. According to the same survey, half of the manufacturers have reported they detected flaws despite segmentation. This probably explains why some manufacturers go further by opting for isolation. Forty-three percent of executives in the industrial sector, believing that the mere fact of being connected leads to risks that are too high, have adopted a technique called air gapping, which consists of isolating network installations by preventing them from establishing connections with the outside.
Constraints to the implementation of IoT security:
The Internet of Things brings a real change in the implementation of security devices. Indeed, several constraints related to connected objects must be taken into account:
- Power: Small embedded objects have limited computing power. Several operations cannot be performed simultaneously within a reasonable amount of time. For example, Apple advised developers not to implement features that require long running times on the Apple Watch and to use darker theme colors, since brighter colors require significantly more energy to display. However, many different strategies are being deployed to turn these devices off when they are not in use. For instance, for short-distance connections of less than 100 meters, radio frequency transmission seems particularly appropriate for such applications as the sensor network of connected car traffic.
- Connectivity: Many IoT devices use protocols like Bluetooth, ZigBee, 6LoWPAN, or near field communication protocols — technologies with limited range and throughput that do not always allow for a sufficient level of security.
- Management of updates: It is essential to enable system updates without interfering with the use of the devices on the system. This is particularly striking in the case of connected cars that cannot be driven when the software is being updated. For example, the software update of Tesla Model S lasts up to 45 minutes without the possibility to cancel the update.
- Ergonomics: Size and design influence user-acceptable security measures, as with, for example, the screen size for typing a password.
Toward secure IoT components: Processors as an example
Hardware-rooted security provides vulnerability protection of a digital system design against physical attacks. This protection comes in the form of a physical device rather than from software features. Processors are supposed to be one of the most secure components of any machine.
RISC-V is an open-source processor architecture that has already been the subject of several successful high-performance silicon implementations. The objective is to propose a new range of processors based on a modern, fully open, and royalty-free instructional game. It offers a comparable alternative in terms of performance, compactness, and energy efficiency to current proprietary solutions, particularly ARM processors.
The European Union is reinforcing the RISC-V architecture via the ultra-low power processor initiative called PULP, which is based on the open-source RISC-V processor instruction set. The goal of PULP is to meet the computing requirements of IoT applications that require flexible processing of data streams generated by multiple sensors such as accelerometers, low-resolution cameras, microphone arrays, and vital sign monitors. As opposed to a single-core microcontroller, this ultra-low-power parallel and programmable architecture enables the computing requirements of these applications to be met without exceeding a power envelope of a few megawatts, which exactly corresponds to the energy needs of IoT devices.
Note that there are also several proprietary processor architectures with enhanced security features in development today that can perform even better than RISC-V.
Conclusion:
Despite its considerable development and its millions of connected objects, it is imperative that the IoT provide impeccable protection to increase its field of application and to be able to integrate the worlds of industry, healthcare, home devices, and transport, which require flawless security.
Transformation is on the way, good practices are being infused, and strong methodologies are set up, including an assessment of the risks with threat modeling, the establishment of data transit monitoring supported by artificial intelligence, and the development of secure device updates by encryption.