The right security must be an integral part of each IoT design today. Infineon’s broad family of hardware security products enables solutions tailored to specific security needs to prevent the uncertainty of digital threats in your business. Hwai Lin Khor, Head of Sales & Business Development for Chipcard & Security, Infineon Technologies Asia Pacific shares more about the IoT Security and explains how do semiconductors bring security muscle to IoT in an exclusive interview with Electronics Maker.
Khor Hwai Lin is the Head of Sales and Business Development for South Asia and South Korea of Infineon Technologies Chipcard and Security business division. She has more than 10 years of working experience in the technology sector that spans across semiconductor, consumer electronics and enterprise computing. Prior to this role, she was a member of Asia Pacific strategy and market development team that conducts market and operation analysis, advises management on strategic initiatives and manages go to market projects.
Where do you see the biggest challenges on the way to a functional IoT?
The biggest challenge of a functional IoT is interoperability as there are different standards and protocols in the market. In order for a truly functional IoT, devices have to interact with one another seamlessly. A way to ensure continuous flow of data is to speak the same language. Yet even before universal language, connected devices need to establish trust and this is where security plays a key role.
What is the fundamental importance of securing IoT?
With the recent emergence of attacks on the host microcontrollers such as CLKSCREW, MELTDOWN and SPECTRE, it is of fundamental importance to apply the defense-in-depth concept for the protection of the IOT devices. Typically concepts such as achieving spatial separation of the host controller and security controllers are crucial to achieve a robust and longer life-span for the IOT devices. Secret keys and certificate credentials should be secured in tamper-resistant Hardware Trust anchors (such as Infineon’s OPTIGA™ family of products) to safeguard against hackers stealing the keys and credentials.
What are the IoT security trends to watch out for in 2018?
One of the security trends in IoT is security controller to counter physical hardware attacks on the Host controllers through the logical channels. For example, in the CLKSCREW attack, attackers use clock manipulation techniques on the host controllers to induce errors on the hardware. These errors are typically exploited to divulge secret assets or state of the execution state from the Host controller. The other examples are the MELTDOWN and SPECTRE, which target the widely used off-the-shelf controller. As such, it will be imperative for device makers to adopt the usage of tamper resistant hardware Trust Anchors, in addition to the Host controllers, to secure the cryptographic keys and root certificates. These trust anchors are highly effective to protect the high value assets against leakage and data extraction.
What measures can we take to ensure a more “secure” IoT ecosystem?
As a start, IoT device maker should adopt security best practices that are readily available. This includes refraining from using common default/weak ADMIN passwords for all IOT devices. This will see an improvement in the countermeasures against the malware / ransomware that we have witnessed that crippled the internet, telecommunications and even public services such as hospitals.
Next, the common practice of using a common security key for a fleet of IoT devices should be avoided at all cost. This creates a problem of fleet attack where the attack is able to gain access to millions of IoT devices just by breaking one. Instead, the practice of using a unique individual key for each IoT device should be adhered. This greatly increases the cost-benefit-ratio for attackers as they are not able to gain control of the whole fleet of devices just by breaking one of them.
To ensure the robustness and long life-span of the IoT devices, tamper-resistant hardware trust anchors (such as Infineon’s OPTIGA™ family of products) should be used for the secure storage of the cryptographic keys and certificates.
What is embedded security and how do semiconductors bring security muscle to IoT?
Most of the IoT devices are constrained devices that have very low CPU power and memory. Therefore, they are unable to support the elaborate suites of enterprise solutions such as antivirus or malware protection software. These devices therefore need to depend on the security design methodology used in embedded devices. This methodology includes both software practices and using tamper-resistant hardware Trust anchors.
Most of the off-the-shelf microcontrollers are designed with performance in mind. Even some of the microcontrollers which offer hardware features to support Trusted Execution Environment are still running the OS and application on the same physical piece of silicon.
Security controllers are designed with security protection as a core functionality. They offer various forms of protection (such as encrypted memory and bus system, techniques for error detections and countermeasures against extraction of secrets) against physical tampering and attacks (such as hardware reverse engineering, side-channel attacks and fault injection attacks). Typically, these security controllers are able to achieve a Common Criteria certification using Protection Profile such as “PP0084”
How does authentication help security?
For IoT devices to be successful and widely deployed there is a need to address the issue of “Trust”. This means ensuring the confidentiality, integrity, availability and authenticity of these devices and that information transmitted by these devices is not compromised in any way.
Authenticity means that the identity of the devices and servers can be trusted before any exchange of information takes place. This is to prevent fake devices from masquerading as the real devices and joining the information network as well as to prevent fake servers from corrupting the IoT devices.
Infineon’s OPTIGA™ family of products support both one-way authentication of devices as well as mutual authentication (i.e. both devices and the network server go through a cryptographic based challenge-response mechanism to prove their identities). Once authentication is successful, the identities of the devices /network can be trusted, thus ensuring that the transaction is legitimate and cannot be repudiated.
What are the security solutions Infineon provides to ensure a safe IoT environment?
Infineon Technologies has been leading the security industry for more than 30 years. Infineon offers turnkey embedded security solution that ensures the authenticity of devices on IoT network, checks the integrity of the system and maintains confidentiality of the data transferred. Our OPTIGA™ Trust family provides different levels of protection depending on use cases, from simple device authentication of devices on IoT networks to rich security functionality on servers and routers. The solutions are Common Criteria qualified and support the ECC and RSA cryptography protocols. Hence, these turnkey solutions provide peace of mind to the customer due to ease integration, short time to market and the assurance of the right level of security for their applications.