By: Rob Spiger
IoT security is becoming an imperative. By 2021, it is forecast that 35 billion Internet of Things (IoT) devices will be installed worldwide, a number expected to grow to over 75 billion by 2025,
according to Security Today. The IoT revolution will increase the number of
computing devices by orders of magnitude. However, these devices will be built from the same imperfect software that we use today, and manual remediation will be much less practical or even
unfeasible due to devices being too numerous, too inaccessible, or simply lacking a suitable interface.
As people increasingly rely on connected devices to make their everyday lives easier, it is imperative that device manufacturers and architects incorporate a security by design approach to
protect the device throughout its whole lifecycle, from conception right through to the end of its lifetime. If security is an afterthought for developers, the device presents a vulnerable point
for hackers to access or tamper with large amounts of personal or operational data being processed by the device and shared with the cloud. The impact of such a vulnerability can be hugely
detrimental.
All Internet-connected devices should be designed to protect themselves against network-based attacks. As such, device vendors must employ a wide range of hardware and software-based protection
technologies to keep devices secure. Unfortunately, bugs and misconfigurations still lead to damaging exploits despite this. Furthermore, recovering a badly compromised computing device today
usually involves manual intervention. For example, a new firmware or operating system must be loaded from an external storage device or a second computer before then being re-joined to network
services using passwords or other credentials, often under conditions of physical security.
Technologies that support reliable and secure remote computer management and recovery are already available for more costly devices. For example, service processors or baseboard management
controllers (BMCs) are employed to manage desktops and servers, and intelligent backplanes are used to manage blades in data centers. However, these technologies are either unsuitable or
inefficient for IoT due to their cost, form factors, power needs, or the lack of an out-of-band management channel.
For devices to be secured from the start, it is imperative that developers have a robust starting point to work from. With many complexities and vulnerabilities within IoT devices, it is
essential to have the ability to identify where these vulnerabilities are and a foundation for understanding how they can be best safeguarded.
The National Institute of Standards and Technology (NIST) is ensuring that engineers have the best tools to support the resilience of platforms against potentially destructive attacks with the
three principles stated in its Platform Firmware Resiliency Guidelines (NIST SP 800-193). It outlines a collection of fundamental hardware and firmware components needed to boot and operate a
system to protect the platform against unauthorized changes, detect unauthorized modifications that occur and recover from attacks rapidly and securely.
Within the protection principle, the guidelines outline mechanisms for ensuring that platform firmware code and critical data remain in a state of integrity and are protected from corruption,
such as the process for ensuring the authenticity and integrity of firmware updates. The document also defines mechanisms for detecting when platform firmware code and critical data have been
corrupted, leading to the recovery principle. During this process, the guidelines summarize the mechanisms for restoring platform firmware code and critical data to a state of integrity in the
event that they are detected to have been corrupted, or when forced to recover through an authorized mechanism. The recovery aspect is limited to the ability to recover firmware code and critical
data.
This standard provides a set of baseline security provisions for all consumer IoT devices. It is intended to be complemented by other standards, defining more specific provisions and requirements
for testing and full verification, such as the principles and technologies set out by the Trusted Computing Group’s (TCG) upcoming
Cyber Resilient Module and Building Block Requirements specification.
This specification defines a minimal set of hardware and firmware capabilities or mechanisms that enable cyber-resilient devices to be built, even at the lowest end of the cost, performance and
complexity spectrum. This includes IoT devices and microcontrollers used in a wide range of applications. It also supports more complex devices by providing resilient capabilities to
subcomponents of devices that may have their own computing resources, critical firmware and critical data.
