New Horizons for Chip Design


Creating IoT Security from Silicon To Software

Attackers often take advantage of the complexity that comes with balancing greater end-user convenience with traditional security. Behind that cool and responsive interface of an IoT device is millions of lines of code and superfast processing. The weakest link is something basic — a faulty implementation of a protocol, or a lack of a trusted security zone on a chip. Exploitation, in either case, requires very little skill. Thus, a lot of the attacks today are carried out not by criminals with elite skills but those with very basic programming skills.

Given the low bar to entry for these attacks and the increasing importance of these devices in our day-to-day lives, there are new liabilities directly associated with IoT device hacks. In 2017, the U.S. Federal Trade Commission (FTA) imposed fines on a popular vendor of wireless routers and internet cameras. The agency also served notice to all vendors that going forward they will need to justify the security (or lack of security) of their products.

In addition, the personally identifiable data associated with these personal devices will also need to be protected. In May of 2018, the European Union’s General Data Protection Regulation (GDPR) went into effect, setting legal guidelines for the collection and processing of personal information of those living within the European Union. And, although GDPR is aimed primarily at EU residents, other countries and individual states within the U.S. are considering similar regulation or legislation to slow the rate of data breaches overall. The consequences of not following these new regulations may include large fines, if not just reputational damage.

Therefore, it is always better for a vendor to make sure that the device is designed right, configured right, and loaded with the highest quality software before it is released. Once a vulnerable piece of hardware is out in the real world, there are real costs associated with service recalls or physical replacement. For a tiny mobile device, the cost may be as simple as an over-the-air update or a full unit replacement. For an automotive recall, or for a series of industrial control systems deployed out in the desert, the costs of recall or replacement may run into the millions, including days of lost productivity.

Ensuring integrity in devices begins early in the software design process and continues throughout all aspects of manufacturing a device, releasing it, and its eventual end of life. Many devices store and process valuable information within the silicon, such as service subscriptions, health records, credit card and banking information, and similar data on behalf of their owners. These devices must be protected against threats and misuse. Today, deeply embedded security has never been more critical.

A trusted platform module (TPM) enables chip manufacturers and their OEM/ODM customers to create a strong cryptographic device identity that is permanently bound to that unique device instance. This identity may be used by the manufacturer on the owner’s behalf to provide security maintenance or enable new features and services over the entire lifecycle of the device. A critical element of retaining an owner’s trust in a device is that the device’s integrity can be measured and demonstrated. This trust can then be extended to the network and other connected devices.

The costs of software remediation for IoT devices are not trivial either, especially if the software development lifecycle ended with the product’s release; if so, there could be additional costs in man-hours needed to remediate a critical vulnerability. If a standing software development team doesn’t currently exist, then a new team must be assembled or outsourced to create a workaround if not a full patch for the reported vulnerability. Even then the software update will need to be deemed compatible with the device and other software before it can be distributed to all users.