IoT devices are faced with a great security challenge and their security appears particularly important. On one hand, though IoT devices have had a long existence, legacy IoT devices and their application protocols contain a variety of vulnerabilities due to the ill-conceived security design. On the other hand, as noted in the analysis of IoT security events, asset exposure, and IoT threats, cybercriminals have begun to leverage vulnerabilities and weaknesses in IoT devices to impose severe threats on individuals, enterprises, and even countries. In response to the grave security situation, we put forward an IoT security protection approach with the focus on device protection to improve the security of the entire IoT.
IoT Device Protection System
Viewpoint 7: As security events occur from time to time, IoT devices that contain security issues will potentially impose daunting threats. Therefore, the IoT device protection capability is urgently needed to address the security challenge. As IoT devices feature simple functions and structures, their security protection involves information protection and anomaly analysis of the devices.
Currently, IoT threats tend to originate from vulnerable IoT devices. Based on security technologies of cloud, management platforms, and borders, we propose an IoT security protection system with device protection as its core to provide two capabilities for IoT devices: information protection capability and cloud-delivered anomaly analysis capability for devices. The former assures security of fingerprints and keys inside IoT devices during the actual use of these devices; the latter, in addition to the analysis of the abnormal device status, ensures that devices can upload certain information to the management platform in a secure manner in scenarios (such as power station and sluice) with maintenance difficulty.
Figure 5-1 shows the IoT device protection system. Critical information inside an IoT device, including keys, passwords, fingerprints, and voiceprints, can be placed on chips which will protect them by using their own security capability. The printed circuit board is responsible for hiding the debug interface and imposing access restrictions on it, such as setting the password for access to the console port and setting the access restriction for the debug interface. Firmware is software code to implement these protection functions. If hardware and firmware are properly designed, it is impossible for attackers to obtain key information and the debugging function without removing the chips. Firmware, if necessary, should provide a trusted base to prevent malicious applications like malware from compromising devices or tampering with key information.
The firmware, operating system, and file system act as middleware to lay the foundation for upperlayer applications. Their security is centered on controlling upper-layer applications’ access to memory, external hard drives, and other resources of IoT devices.
As the middleware provides enough APIs, the application-layer security can be assured as long as applications invoke these APs to implement various functions. In practice, only several options are available for the operating system or file system.
Therefore, first of all, device vendors should identify known security issues, for example, retrieving vulnerabilities in embedded Linux systems, embedded Android systems, and Real-time Operating System (RTOS) from the CVE Details website39. After that, vendors should protect against these vulnerabilities through various means such as keeping the kernel up to date and fixing vulnerable source code.
Since IoT devices are usually limited in performance, security analysis, and processing capabilities, the cloud is needed to provide powerful computing capabilities for anomaly analysis based on information uploaded by these devices. Upon security analysis by the cloud, the devices need to deal with any anomaly identified by the cloud. From the angle of behavior, special attention should be paid to two kinds of IoT device behaviors: process behavior and network behavior.
The former enlightens us how to handle information inside devices, while the latter tells us how information comes into and out of the devices. For instance, if malware compromises a device successfully, there must be a process of information interaction to ensure that the malware is planted and enabled. Therefore, device behaviors can be roughly classified as process behavior and network behavior.
For the sake of security, the deviceside firewall (such as iptables) should, with aid of policies dispatched by the cloud, provide network control functions to prevent malicious connections. Besides, IoT devices should come with process control capabilities to kill malware processes. As protection policies are determined by the cloud upon anomaly identification and analysis, IoT devices should be able to receive policies from the cloud through an appropriate channel. In this way, information upload, anomaly analysis, and policy reception and execution can form a closed-loop process. Two other sensitive issues also require attention:
information protection and security upgrade.
The former involves protection of device information and network information. Device information includes keys, fingerprints, and other key information, while network information refers to information to be uploaded, such as the domain name request information and NetFlow data. For network information protection, IoT devices and the cloud, in addition to introduction of strong enough authentication and encryption mechanisms, should establish a security channel between each other.
Device information protection, however, should be achieved via
a set of security mechanisms like secure storage, Trusted Execution Technology (TET), and hardware debugging policies. If software upgrade is required, a secure file transmission channel should be set up between devices and the cloud for upgrade package transmission. Meanwhile, devices should handle upgrade packages in a secure way to prevent malicious upgrades.
This chapter introduces the security protection system for IoT devices.
Security vendors should work with device vendors closely to address security issues and improve the security analysis capability of the cloud, in a bid to build a controllable IoT ecology chain to assure IoT security.