Articulating Value

A slower hand-off is often observed between technology security and CFO’s office. Despite several high profile breaches in recent times, corporate initiatives associated with spend on threat prevention or intrusions detection continue to be categorized as non-revenue generating portfolios.

In order to evangelize corporate shift from cost-center to differentiator, strategic objectives associated with business reliability, competitive advantage, product efficiency and revenue growth must be aligned with technology security. How? Figure below helps articulate cost of inaction along following pillars that are essential for an enterprise to gain Share of Wallet from customer.

∙ Cost of fixing – Hardware/Software solutions, Training, Consultancy and People cost

∙ Reputation value – Brand value, Customer perception and confidence

∙ Intellectual Property value – R&D information, Customer databases, Competitive information

∙ Operational efficiency – Productivity, Ability to service customers, Cost to server customers

∙ Financial impact from incidents – Direct financial loss from attack

IoT Security in the news

Similar to Keys Events elaborated above between 2011 and 2014, there have been famous cases of IoT and IoT-like devices being hacked, taken control of and to have caused physical damage in at least one case. Some instances were also demos of how to take over IoT devices. Few of them are listed here:

Medical devices - There was a demonstration recently about how a connected medical device, dispensing drugs to a patient in a hospital, could be hacked by a determined hacker. It was only a demo but the potential effect of such threat can be catastrophic

Stuxnet - This is the most famous case of Industrial Equipment being taken over by virus. 14 Nuclear sites in Iran were infected by Stuxnet virus which entered the control systems – connected device controllers and eventually the devices - running the nuclear research facility. The virus was designed to make the centrifuges run out of control, thus damaging them and they did damage them. This might be a rare occurrence because it was thought or rumored to be state sanctioned actions with active collusion of the controller manufacturers but it gives an idea about the potential of such actions 

Connected cars - This was also demo. A connected car expert was able to connect to the car and effectively stop the car. It was just a connected car – not a self-driving car. The possibilities of what could be done to a connected AND self-driving car are enormous. Sure, Google, Tesla and Uber are working on these threats but it needs to be 100% perfect

The three methods of defensive mechanisms in security

Irrespective of what we are trying to secure, the following three ways are always applicable. Each IoT system deals or will have to deal with different threats and will be required to deal with it in its own ways. The difference lies mainly in how each of the ways is applicable to what we are trying to secure and the methods of doing it. The goal is to block a threat or an adversary. While this broadly applies to security as it applies to any technology, we will keep the focus on IoTs here.

- Prevention of attacks

- Make the systems continue to work while under attack - systems should not go down during an attempt to attack

- Detect incoming attack, eliminate and recover from attacks

Let’s explore!

How do we prevent attacks on IoT devices?

Security is invariably tested against negative hypothesis, so it is not easy to guarantee a favorable outcome. IoT systems, as well as non-IoT systems, are often attacked because the designer assumes that a particular way of attacking will not happen or that the design can take care of all possibilities. With newer ways of hacking coming to light every day, prevention is only the first step. And it is not possible to prevent all attacks or hacks; we can only minimize them by following some of the methods given below.

What a hacker wants is a way to take control of the device in question. Once it is taken control of, a hacker can shut it down, change its actions but more critically, make it do actions that are dangerous with a potential to cause physical damage to equipment or life including, potentially, fatal consequences. 

The way an IoT device communicates with a controller to receive commands of what to do it by means of authentication. Using a pair of public and private keys. Typically, the keys of the device itself are embedded into the device. The way to hack and get these keys could be done in two ways.

- Invasive

- Non-Invasive

An attacker could get access to the physical device itself and get information about the keys by opening up the device – this is invasive. When an attacker gets access to a device, he or she could open it up, get the hardware details and/or details of the key stored in non-volatile memory, clone a similar device or worse still be able to control the original device. To prevent a hacker from accessing the private keys from a device, one of the methods being researched is to generate the keys based on the unique variations of the chip or integrated circuits (ICs) used in the device. Even though all similar IoT device use the same ICs, the manufacturing methods introduce a very minor but identifiable variation in some of the characteristics of the integrated circuits. This variation, or “signature” could be used in an algorithm to generate a unique key upon powering up of the chip. Since the key is not stored, physical possession of the device will not allow the hacker to re-create the signature.

Alternatively, the attacker could listen to the communication and get the information about the keys being exchanged – a non-invasive way. This is equally damaging. This is very similar to one of the oldest ways of intercepting Wi-Fi communications to steal passwords. With the key in hand, the hacker will have freedom to do what he or she chooses. Enhanced ways of encryption of Network communication is a way to prevent this and these methods are generally common to IoT and non-IoT systems and could be explored as a standard network security issue

What happens when a system is attacked? Can we continue to function when the system is being attacked. How do we do it?

Denial of service attacks is one of the common ways of bringing down a website. There are established ways of how to make the site continue to work even in the case of such attacks. It takes added significance in case of IoTs because IoTs are expected to function while being attacked primarily because some of the IoTs are in life saving situations as in medical devices or potential to create catastrophic damage in cases like connected and self-driving cars.

It’s all about trust isn’t it?

This brings us to trusted computing base. What is it? This is the software and hardware that are part of the system that need to be trusted by the system for it to work correctly and securely. In case of IoTs, this base is large. There could be hundreds of devices, controllers, servers and so on. And all these need to be “trusted” by the system for the whole system to work correctly and more importantly continue to work correctly in case of a malicious attack. If any one of this computing base is compromised, the whole system becomes vulnerable.

So the goal is to shrink the trusted computing base – reduce the number of devices that are critical to make the system work. Only a few pieces of hardware are trusted to hold keys; not all software is trusted in the system; not trusting external devices like memory sticks, disks etc. And more importantly, use encrypted computation! The hacker who gets his/her hand on the data wouldn’t be able to use it because the data is encrypted. The untrusted server in the system that receives and processes the data works on encrypted data and does not have direct access to the data itself. And the server will send back the results in an encrypted way. With the keys being stored in a small set of trusted computing base, the system might continue to work. Is this 100% fool proof? No, it is not. This depends on how well the computing server that operates on the encrypted data is itself protected, whether any communication inside that is hackable. But what this does is to eliminate the number of points of access for the hacker and the ability to impact the system from many points to a few. There are processors that are designed or being designed that can take care of protecting the internals of the server itself

How do we detect attacks? How do we diagnose them? And how do we recover from attacks if it does bring down the systems?

Just like in computer systems, IoT systems also depend on intrusion detection to be able to say that it has been attacked. Taking the Stuxnet example again, the scientists at the labs where this happened didn’t know for a long time that their systems were affected. They kept noticing the ill effects of Stuxnet without knowing what was causing it. If a system comes down or is compromised, it is because of a malicious code entering the system, software has been corrupted or changed to make the system behave in ways not intended and in cases with an aim of making operations that could create major harm to property – at it happened with Stuxnet - and life as could happen with connected cars. Even the data could have been changed by the hacker with an idea of producing unintended result.

One way of doing it is by means of redundancy in computations and processing, each isolated from one another so even if a system is affected, the redundant system is not. It doesn’t appear easy because it is not. Designing an approach that gives the system a confidence that the processing and the data are accurate is important. How does the computational result of an un-compromised look like? By having a reference to that, it is possible to identify that a system has been compromised.

Finally, to be able to design and build secure IoT systems, efforts need to be made on all parts of the system

Hardware

∙ Servers

∙ Communication devices

∙ IoT devices

Firmware

∙ Storing and retrieving keys

Operating System

Communication

∙ Encryption of communication

Application Design

∙ Data Encryption

∙ Limiting Computing base

Data

Redundancy of operations

While this blog posts covers some aspects of IoT security, it doesn’t cover it in its entirety. Security of applications, hardware, computing and data – be it in IoT systems or otherwise – is a multi-billion dollar industry and constantly evolving. As the mechanisms to secure system improve, so do the hackers and they become smarter. It is a constant cat and mouse game and one who is a step ahead of the other wins. And any system designer and application designer should strive to be the one with that extra step.

We welcome comments and critiques as we try and learn more….!!

This article was originally posted on LinkedIn.