Problem solve Get help with specific problems with your technologies, process and projects.

Securing IoT with a hardware root of trust

In our previous blog post, we discussed how concerns over online security and privacy began to work its way into the public consciousness during the early days of the PC revolution. Those concerns never really went away with smartphones and tablets, and have only multiplied as IoT devices continue to proliferate. At the same time, many industry players are now starting to wonder if the traditional way of addressing security concerns with frequent software patches and updates makes sense for IoT.

There is a growing awareness that IoT security shouldn’t be treated as an afterthought, but rather as a first-class design parameter. In a best-case scenario, this new approach to security for IoT will shape up to be a holistic one, with semiconductor companies seeing devices secured throughout their lifecycle from chip manufacture through day-to-day deployment and all the way to end-of-life decommissioning.

One of the most effective ways of achieving this goal is to equip IoT devices with a silicon-based hardware root of trust. And while hardware-based security may have previously carried a steep price tag, the relentless progression of Moore’s Law over several decades has helped to significantly reduce transistor costs, making this type of implementation quite feasible. So we can now think of IoT as having entered a transitional stage, with the industry actively reevaluating security strategies.

This isn’t surprising, as petabytes of sensitive data are being generated by a wide range of diverse IoT devices and platforms, including wearables, connected vehicles, medical equipment, maker boards and intelligent appliances in smart homes. An additional challenge is to avoid vulnerabilities in products that may be deployed in the field for 10 years or more. It’s difficult to contemplate every possible attack that might happen over a device’s lifetime, which makes it complicated to protect against newly discovered vulnerabilities and fresh exploits.

Differential power analysis (DPA) side-channel attacks are a relatively new method of compromising silicon that has been gaining a lot of attention in recent months. These attacks involve monitoring variations in the electrical power consumption or electromagnetic emissions from a target device. These measurements can then be used to derive cryptographic keys and other sensitive information from chips.

The threat of DPA side-channel attacks is quite real, as even a simple radio can gather side-channel information by eavesdropping on frequencies emitted by electronic devices. In fact, in certain scenarios, secret keys can be recovered from a single transaction secretly performed by a device several feet away. The internet of things already comprises billions of connected endpoints powered by chips, many of which are vulnerable to DPA side-channel attacks. Fortunately, a number of countermeasures are available to help protect chips from DPA attacks.

In conclusion, securing IoT will require a holistic approach that offers robust protection against a wide range of threats through carefully thought out system design using techniques like hardware roots of trust. This paradigm will allow companies to see devices secured throughout the product lifecycle from chip manufacture all the way to end-of-life decommissioning.

All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.