Internet of Things

Tweet

Secured IoT Devices

Authenticating these devices and their connections

Image Source: Yingyaipumi/Stock.adobe.com

By Jon Gabay for Mouser Electronics

Published April 19, 2022

Introduction

As more devices connect to the globally accessible Internet, there is a growing concern for safety, protection, and privacy. Everything is attainable: phones, laptops, desktops, TVs, home interfaces, and medical devices. Even military systems rely heavily on the IoT, as the Internet helps connect ships, planes, tanks, drones, soldier wearables, and bases to improve operational awareness.

By now, even the everyday consumer is familiar with passwords, person (vs. robot) identification, machine (IP and MAC address) identification, and location identification (through GPS or cellular location). There are more machine-to-machine communications than people-to-people, which means authentication techniques will vary. But as with any connected device, bad players can do a lot of damage to people and property.

With military, governmental, civic, responders, and critical infrastructure online, machines are becoming more vital to authenticate who they are talking to and know that their communications are safe and secure.

While encryption and authentication techniques have gotten more sophisticated, it can be a cat and mouse game. As one safeguard falls, the next layer is imposed.

As a residential user of IoT, facility supervisor, or IoT device designer, it is essential to understand the basics of IoT authentications to protect yourself, your product designs, or your establishments.

What is Safe?

The Internet was never architected to be a secure network. What originated as an information-sharing platform between government research facilities and universities with the Transmission Control Protocol/ Internet Protocol (TCP/IP) using payloads for data, embedded with wrappers to control routing source and destination, has evolved. Data can take multiple paths and even arrive out of sequence, requiring reassembly. Signaling protocols, including passwords, are typically not encrypted or scrambled, and access to a network means access to any device on that network.

The World Wide Web expands threats as wired and wireless networks can be jammed, and IPs and MAC addresses can be spoofed. With the high-speed 5G connectivity, a lot of data can be stolen very quickly.

There are valid reasons to be concerned. It isn't just a garage door opener, Portal, Echo, or Alexa at stake. As our IoT and network-connected technologies continue to advance, lives can halt very quickly. Significant services, networks, and even medical devices have the potential to be compromised.

IoT Screen Door Security

There are many ways into the data stream. IoT devices are particularly vulnerable since, often, they are buried wireless nodes that can be locally jammed and spoofed. Some studies, such as the Palo Alto Networks' IoT Security Threat Report from 2020, say that 98% of IoT traffic is unencrypted, making field equipment cheap and easy to make (Figure 1).

For example, a semi-sophisticated burglar could take control of your alarm system, video camera feeds, and Wi-Fi by jamming and spoofing while sitting in your driveway.

To combat local or endpoint incursions, employ encryption wherever possible. Many devices offer encryption options. In addition to changing passwords and logins, alternate between encryption methods. It is also helpful to review the login histories that devices provide. A review of these logins can alert you if an attempted unauthorized login occurs.

Unfortunately, there are many ways into the data stream network. Non-local incursions ocurr when someone takes control of a wireless router, an access point, a central office switch and router, a wired-to-wireless link transport, or an international funnel router. These attacks are referred to as "Man in the Middle" attacks in which equipment manufacturers leave back doors into their equipment for law enforcement and intelligence services.

Figure 1: 98% of IoT traffic is unencrypted, according to Palo Alto Networks' IoT Threat Report. (Source: Gorodenkoff/Adobe Stock)

Insertion into the communications data stream is the most direct way to threaten security. The transmit and receive paths for data are intercepted and manipulated through redirection. Once in the data stream, anonymous spamming, DDoS attacks, and malware can cause the hijacking of a device. Malware can creep in if hackers are clever enough to mimic firmware upgrades that let their code control.

Modern Approaches and Techniques

One-way, or symmetric authentication, is the simple process of offering a username and password for entry into various systems when prompted. Doing so authenticates a user at one end of the network connection. A problem here is that usernames and passwords are gathered and stored in many locations and devices, making this technique somewhat convenient but relatively ineffective for any real security.

With two-way authentication, another layer is added to the username-password requirements. The two nodes in communications need to verify something they possess. This could be an assigned temporary password issued by another pier or even a biometric fingerprint (Figure 2).

Three-way authentication adds more hurdles and requests for verification. The more constraints required, the longer processes become for users. This can deter many time-sensitive applications and users. Public key cryptographic authentication is more secure than usernames and passwords and can be more resilient against brute force attacks.

Figure 2: An added layer in the form of biometric fingerprinting. (Source: DG-Studio/AdobeStock)

Cryptographic keys are the de facto mode of authentication in protocols like SSH, which are already widely used in IoT devices. Shared Secret Authentication, which is symmetric, shares private data via secure communications. The technique is effective if there is no intercepted 'man-in-the-middle' attack. Decentralized access and control can make man-in-the-middle attacks more difficult to perform compared to centralized authentication. It is essential to note that secure communication is required to set up a secure transmission.

At a facility, biometrics is an option for manned devices. Fingerprint identification, retinal scans, and facial recognition are all other layers of protection prompted when sensitive data is accessed. This is not feasible for machine-to-machine authentication, however. Machines must rely on cryptographic private and public keys.

Public keys are widely used and are generally safe. Third-party authorities and corporations can be the authority of a digital key certificate or identity certificate. A unique hex string can be generated by running an algorithm like RSA on the certification to authenticate credentials. Individual certificates can be combined as a chain and propagate until they reach a trusted global server.

As with any emerging technology, committees propose standards and practices that assure reliable and safe environments for whatever they are regulating. The X.509 digital certificates issued and controlled by globally trusted certificate authenticity authority are standardized in the IETF RFC5280 specification and prove ownership. The issuer verifies the authenticity and uses a key that supposedly only allows communications with the certificate's owner.

The asymmetric public key cryptosystem adds a higher level of security to dissuade those who may have the means of inserting themselves into the data stream but not real-time horsepower to break a key. Since all data is exposed to sniffers along the chain, it can be recovered and post-processed until a key is determined. This may not allow real-time control and access, but it does mean that no data is sacred, and any data transferred in the network can be broken with enough compute-intensive resources.

Adding hardware to an IoT device can reduce processing requirements and time to validate. With the Trusted Platform Module (TPM) approach, a chip or module can be added to an IoT device to store device-specific keys for authentication. TPMs can be implemented without special hardware, if you devote process resources to the task. This can be included in the firmware or software the IoT device is running. Isolated IoT devices can use Shared Access Signature (SAS) tokens, Uniform Resource Identifiers (URI), for clients that cannot be fully trusted. In this case, access can be to a limited subset of functions to assure a hostile force cannot perform a complete takeover of an IoT device.

Regardless of the tactic, the goal is to prove possession of a key without revealing the key's contents. This allows for validation of each endpoint, the device and remote host memory integrity, and the firmware or software tampering. It is usually conducted using a checksum or CRC for associated blocks of firmware or software.

The Quantum Quandary

As the world of quantum computing heats up, it is now possible for corporations, governments, and even individuals to possess and employ quantum computers to break encryption in real enough time to cause damage. The U.S. government is looking into the risks of blockchain and vulnerabilities pertaining to threats posed by quantum computers.

While it is not feasible to incorporate blockchain protection in a thermostat, it is considered an option for high-security sites. The question remaining is how easy it is to break using quantum computers.

When multiple states of a digital string can be present at once, algorithms, like Shor's algorithm, can be used to factor denominators very quickly. At the heart of cryptography is the ability to use real random numbers from a trustworthy random number generating source. In most cases, pseudo-random number generators are used since generating a valid random number is difficult.

Knowing how many bits are used in the pseudo-random string can significantly reduce the processing required to break a code. Sequential attacks which yield a generated key can be examined to greatly reduce processing time and use statistical algorithms to crack the code even more quickly.

The use of quantum technology to encrypt and protect is not out of the question (Figure 3).  As scientists learn how to entangle photons and electrons with higher stability and endurance, soon quantum encoding will let each endpoint know if anyone is observing or tampering with the data stream. While this seems too far in the future for anyone other than governmental research facilities and universities to witness, already, China has demonstrated a long quantum secured link for critical communications on relay drones that can be deployed quickly and change position when needed.

Figure 3: As scientists learn more about quantum tech, added layers of security become possible. (Source: Andrew Derr/AdobeStock)

Conclusions

For endpoint users of a device, many devices can take advantage of encryption. Use it and switch it every so often. Also, change out passwords on a semi-regular basis, using a wide variety of number and letter combinations. Don't be predictable and use the same prefix or suffix on new passwords. This includes local as well as cloud services Also, set up a name and password and encryption for your wired or wireless routers.

For facility managers and security supervisors, set up and use a secure boot through a reliable Root of Trust (RoT). Since remote and distributed software updates can be initiated over a network, a secure device boot is an excellent way to start securing the IoT devices in your realm. A reliable root of trust can use a hardened hardware module to perform attestation (firmware measurements, runtime state analysis, identity reporting, etc.).

A reliable root of trust can also help protect and secure storage. This covers sensitive data areas preventing access. In addition, the Root of Trust can set up a secure state if there is a software failure or error during initialization.

As a designer of IoT devices, understand what is established and in place for interoperability. This can differ for wired versus wireless links. Wireless links need solid Transport Security and Successor Protocols (TSL/SSL), Internet Protocol Security (IPsec), and Private Preshared Keys (PPSK). Wired links need a firewall in addition to IPS security.

As designers, it is also important to know what's coming. One technology to watch is fully homomorphic encryption (FHE). This technique allows multiple additions and multiplications to cypher text while still providing valid results. With HFE, you can work on data without decrypting it, eliminating data theft chances.

We have options and opportunities that continue to grow, but remember, nothing is entirely safe if the data stream can be accessed. Individuals may be very low-priority targets, but the larger targets, once compromised, affect us, especially in times of international turmoil. The IoT world may be growing, but that does not mean it is secure. We must remain vigilant and continue to develop solutions to combat the unforeseen.

Jon Gabay is a contributing writer for Mouser Electronics. Jon Gabay is a mad scientist with no hostility. He doesn't want to rule or blow up the world. He wants to make it a better place. Studying electrical engineering, he has worked with defense, commercial, industrial, consumer, energy, and medical companies as a design engineer, firmware coder, system designer, research scientist, and product developer. As an alternative energy researcher and inventor, he has been involved with automation technology since he founded and ran Dedicated Devices Corp. up until 2004. Since then, he has been doing research and development, writing articles, and developing "Gizmo Blocks" for next-generation engineers and students.