The proliferation of IoT devices within not only the consumer, but also the commercial management space, is now becoming astounding. While various IT tools exist for the management of endpoint devices in business, little attention is given to the security of the devices themselves.
For devices explicitly provisioned into an organization’s network ecosystems, it is crucial that the resiliency of the devices is understood to prevent systemic security issues in the future. Devices and their management
IoT ecosystems are necessarily made from devices, but the actual control that the security team has over the device is frequently at the mercy of the manufacturer. In B2B relationships, these customer companies frequently have influence over the device manufacturer’s feature roadmap simply due to their purchasing power. This is also true with standard security features.
In order to ensure the security of their device endpoints, it is crucial for organizations to establish security best practice standards for their device manufacturers and create basic controls to ensure that these are being adhered to.Security features and their accessibility
Given that best practices need to be defined for device security, it’s important to establish what the core features are that we expect from our devices? Each device implementation is of course application specific, however, the following provides a set of features a reasonable security professional can expect of endpoints.
Application Code Signing – At the core of any secure device implementation lies a code signing mechanism. The software developer for the device generates a digital signature of the code prior to release and the device is designed not to boot if the signature doesn’t match. Proper code signatures prevent the device from being re-purposed via malware for other malicious intent.
Secure Boot – In order for the code signing to be effective, it must occur within an environment that cannot be tampered with by a potential hacker. A secure boot process starts up the device, verifies the code signature and permits boot only once the image is verified. The secure boot code itself is frequently embedded within a secure micro to prevent access to common debugging tools.
Secure Micro – A secure micro is usually a sub-processor of a standard system on a chip (SOC). This secure region is not accessible to standard code running on the processor and is designed specifically to run sensitive operations such as encryption/decryption, signature verification and key handling.
Hardware Root of Trust – In order to run an effective IoT ecosystem, each device within it must have a unique and immutable identity. Through the use of the secure micro a unique root of trust is established within the device allowing for not only authentication, but targeted provisioning of firmware and secrets in the field.