Electronics Weekly Electronics Design & Components Tech News
The IoT has revolutionised different industries, enabling advanced industrial systems, autonomous vehicles and smart homes. As IoT devices become increasingly prevalent, ensuring their security has become crucial.
IoT devices are more susceptible to attacks and security threats because security solutions compatible with IoT devices and applications are non-existent due to memory, power and area constraints. This increases the importance of ensuring security in IoT device design through electronic design automation (EDA) and tools used for designing and verifying electronic systems such as PCBs and ICs.
Challenges of IoT security
IoT devices are currently deployed without effective security mitigations against various attacks commonly expected in server-class systems. Where security defences do exist in IoT systems, mitigations are implemented in an unplanned manner, relying on the developer to make good security decisions. Such defences can be easily bypassed by attackers.
Weak authentication and authorisation mechanisms, inadequate encryption protocols, vulnerabilities arising from unpatched devices and the risk of insecure network connections are the key security risks and vulnerabilities of IoT devices. A single vulnerable IoT device can become a back door for hackers, enabling them to launch attacks, such as distributed denial of service, and spread malware.
Similarly, unencrypted data transmission in many IoT devices makes them easy targets for interception by anyone with network access. Additionally, the communication channels that connect an IoT system’s various components can serve as the origin for IoT device-targeting attacks.
The constraints of these devices, such as limited computational capacity, lack of in-built security controls and low-power design, often lead to a lack of sufficient support for crucial security features such as authorisation, encryption and authentication.
Security in EDA
The growing security risks in IoT devices at the hardware, software (code injection and client-side scripting), primitive (cryptanalysis), and usability (phishing, pretexting, and social engineering) levels have increased the importance of security in EDA.
Risks from fault injection, cold boot and side-channel analysis have been common during hardware operations while notable risks during hardware design and manufacturing cycles include hardware Trojans, cloning, reverse engineering, and intellectual property (IP) theft.
A secure system requires implementation support at every level. A security mechanism’s strength is assessed by assuming that the underlying implementations fulfil a specific set of security requirements, such as confidentiality and integrity, which are enforced subsequently at the lower levels.
The techniques commonly used for security implementation include fault-tolerant designs and watermarking, dynamic code integrity verification, static code encryptions in secure cores, disabling unused finite states and restricting logic “don’t cares”.
Securing weak points
IoT devices are commonly deployed in locations that are easily accessible for long periods. This makes them susceptible to physical tampering, including manipulation of switches and unauthorised access to management, debugging and test ports. Side-channel attacks allow the extraction of data such as encryption keys by monitoring electromagnetic emissions, temperature fluctuations or power consumption.
Thus, IoT devices must be secured against access to IP and data by physically barring access and eliminating all means of unwanted connection. Any interface utilised for test or administration purposes during development must be removed, made physically inaccessible, or disabled from the device.
Every test access point on the device must be locked or disabled. For devices requiring an administration port, robust access controls, including restricted ports, secure protocols and strong credential management, must be ensured. Design measures such as active masking or shielding must be considered for high-security deployments to protect against side-channel attacks.
A hardware-based, tamper-resistant capability must be used to store critical data items and trusted authentication/cryptographic functions, which are needed for the boot process, must be run for the device’s secure boot. The limited secure storage capacity of the device must hold the bootloader’s read-only first stage and all other data needed for verifying the firmware authenticity.
Using two-factor authentication for sensitive data access and a reliable and trusted time source for digital certificates are crucial.
Additionally, secure protocols such as HTTPS and SFTP must always be used in place of weak solutions such as HTTP Basic Authentication. Credentials must not be exchanged over weak solutions or in clear text.
Secure design and coding techniques, industry-standard cypher suites and the strongest available encryption algorithm, specifically the most recent encryption protocol version, must be employed. Encryption keys must be stored in a hardware security module (HSM), trusted platform module, or secure access module. The device should support secure remote key rotation for encryption keys.
Device integrity critically relies on executing a trusted boot sequence. The availability and integrity of the service can be protected by encrypting any management data. Security must be incorporated into every stage of the software development lifecycle, including using code analysis tools, code reviews, secure source code storage and traceability, and secure software design. With sufficient encryption using secure sockets layer/transport layer security, the device can establish end-to-end secure communications.
Implementing security
IoT penetration testing, threat modelling and firmware analysis are crucial to ensuring IoT security in EDA. IoT penetration testing is primarily a simulated attack performed to identify device vulnerabilities and improve data security. Specifically, IoT penetration testers conduct real-world evaluations of the entire IoT system. IoT penetration testing is primarily a simulated attack performed to identify device vulnerabilities and improve data security.
Threat modelling is another popular method for identifying security issues in IoT networks or devices. In this method, a checklist of the most probable attack methods is created and countermeasures are suggested to mitigate them. Threat modelling ensures system security by providing an analysis of required security controls.
Firmware analysis is an important part of IoT security testing. Security testers examine the firmware to identify vulnerabilities such as buffer overflows and back doors that can have substantial implications for an IoT device’s overall security programme.
Hardware security verification approaches such as formal verification require logic verification of target design that must satisfy a pre-defined set of security properties. Side-channel analysis exploits the side effects generated by additional circuits or Trojan activation such as extra path delay, heat and power, which are measured to detect hardware Trojans.
A recent study designed a hybrid platform that integrates online dynamic detection/analysis and offline static detection/analysis to automatically detect IoT firmware vulnerabilities. The evaluation of the platform on real IoT devices demonstrated that it could effectively identify different security weaknesses and risks in firmware, such as exploitable vulnerabilities and dangerous processes.
The risk assessment process involves the identification of risks related to all assets in an organisation, including risk estimation and prioritisation. Operationally critical threat, asset and vulnerability evaluation, the National Institute of Standards and Technology, and the International Standards Organization are the cybersecurity risk frameworks used for IoT security.
Every IoT component has its own software, and thus, security assurance for IoT applications is best achieved by adopting a defence-in-depth strategy, which in turn warrants having a secure software development lifecycle practice in place. The key objective is to build security within these applications’ lifecycle from ground zero that gradually and potentially reduces the flaws in design, security, deployment and implementation.
Future trends
HSMs offer a suitable hardware-based mechanism to prevent the exposure of private keys and are a popular technology among customers intending to secure their digital certificates and keys. Their integration into the IoT devices’ software stack is challenging, however.
HSMs enhance IoT communications security. This physical module, in the form of a cryptographic chip, can be connected to a high-speed bus or soldered onboard the device. It provides entropy-based random key generation and a secure key vault store, advanced anti-tampering mechanisms for the chip’s non-volatile memory’s physical protection and implements cryptographic operations on-chip. However, interfacing an HSM through cryptographic token interface standards, for example, Cryptoki, is a difficult and time-consuming task due to the implementation complexity.
The future of IoT security in EDA hinges on the integration of technologies such as AI and blockchain. A recent study proposed an IoT security design based on identity re-encryption and blockchain.
Leveraging proxy re-encryption, the study transformed IoT device-collected data into a secure ciphertext format and the encrypted data was stored on the blockchain. Results showed that the proposed approach had advantages such as fast encryption speed, good stability and high security, which improves the IoT security performance.
The study also underscores the critical need for prioritising security in IoT device design through EDA, highlighting the increasing vulnerabilities faced by IoT systems and the necessity for robust security measures.
