In 2019 we have reached a new turning point in the adoption of IoT – more markets and industries are migrating to a cloud-based infrastructure, comprised of billions of connected edge device processors. Increased connectivity brings global communities together, but it also brings greater cybersecurity vulnerability.
The processor’s role in modern electronics
Electronics devices are the backbone that make up our increasingly connected lives: The very nature of this network interconnectivity and the reliance on the software installed inside of edge/ IoT devices with online electronic systems provides an increased opportunity for hackers and cyber-criminals to cause disruption. To prevent these types of attacks, security solutions are generally integrated directly into electronic systems, leveraging the processor’s security features.
Once adversaries can modify the state machine or the system software, they can change the functionality of the system. These changes can create critical or safety issues depending on the system, expose sensitive data that should be protected, allow access to an unauthorized party and much more. In order to get access, the adversary requires a way to manipulate the software that resides in the NVRAM/flash memory.
Modern processors have security features that are meant to provide security layers which include secure boot, memory protection, different privileges to software processes, encryption, trusted execution environment and more. Generally speaking, these features are used to prevent adversaries from gaining access to and taking control of the system and are intended to prevent the modification of the original state machine, which controls the functionality of the system. Therefore, the security of the processor is key to ensuring larger network and device security.
The processor’s security has limitations
A processor’s security features rely on the creation of different levels of trust. However, since the processor needs to support many different software designs and functionalities, the processor and the security features controlled by the software must also be protected by the processor.
This is a paradox - different software layers give different control privileges to the processor and attacks like brick the device reveal that opportunities for attack lie within those layers. Denial-of-Service attacks can be easy to execute by simply modifying one bit of the “secured software” which causes the wrong signature validation and halts the secure boot process. These types of attacks can even “brick” the device or allow for the move to recovery mode which can then be attacked in the same manner.
Nowadays, the management of IoT devices is critical for commercial systems and it is often assumed that software updates will be required for feature updates and security patches, as once the software on the processor is no longer trusted, the management of the electronic system cannot be trusted, and the software update mechanism can no longer be secured due to the now lack of trust in the compromised endpoint. This creates a major problem for the deployment of commercial IoT systems.
A new approach for protecting IoT and edge devices
An innovative approach to IoT security is to protect the device’s flash, even from the processor and the software that is running on it. Creating a root of trust in the secure flash that blocks write operations to the protected memory facilitates a hardware root of trust and authenticated, secure channel all the way from cloud to the flash, making it impossible for attackers to alter the firmware with any malicious code. This approach is agnostic to the processor and any software that is running on the device and avoids any latency in boot time or run time.
Since the solution has moved from the processor to the flash, this approach, agnostic of the processor and the OS, means that there is no need for additional resources on the processor side. Therefore, ironclad security can be achieved with low-power, low-cost processors, creating a more palatable cybersecurity solution for IoT manufacturers and IT management.
One example of the benefit of this approach in practice is in the smart city, made up of billions of devices connected to the most critical infrastructures in our society. All of these connected devices such as cameras, traffic lights, sensors, and meters are left out in the open, exposed and vulnerable to attack at every step in their lifecycle.
Now consider the example of a smart city infrastructure committee in charge of installing new security cameras. A flash-to-cloud security solution is built into the flash memory of the cameras during production -- before they’re ever exposed to external threats. The cameras are then shipped, connected to the network and network integrity is then checked by the operational control center.
Because the solution is installed at the point of inception, the device is not subject to attacks traveling to its destination, during installation and setup, implementation and throughout the device’s entire lifecycle.
One may assume that this cost burden would then shift to the flash side, however, because preventing writing to memory area is much simpler in the flash itself, it is an insignificant increase compared to the cost (in performance and price) of doing so in the processor.
When implemented into the flash side properly, there will be no performance impact on preventing unauthorized modification of the software, which eliminates the trade-off between security and functionality. This enables embracing security solutions in edge devices that until today couldn’t support that balance -- such as ECUs in cars, PLCs in industrial solutions, routers, and various other IoT devices.
What’s next?
Of course, today’s IoT devices require updates. By protecting the flash, we create a secure channel between the device’s flash all the way to the cloud that neither the network nor the software and processor within the device can breach, thereby extending the trust beyond the processor-to-cloud to flash-to-cloud.
The value of this new flash-to-cloud approach reaches beyond a technology paradigm change and simple software and hardware protection– it can also enable new opportunities and revenue engines for various vertical markets embracing IoT such as industrial, automotive, telecoms and others. A flash-to-cloud solution ensures that the IoT devices of both today and tomorrow are protected from the point of inception, throughout software and hardware updates, and eventual retirement.