This article explores the equal
importance of software and hardware security for IoT devices and
provides actionable steps for securing embedded processors on RISC-V.
Technology
vendors of all shapes and sizes love to tout the security of their
products. But the reality is that today’s technology is overwhelmingly
insecure. Headlines detailing the latest attacks and their victims seem
to propagate at an ever-increasing rate, and the problem seems to be
growing with time.
Even the makers of IoT devices, despite corporate marketing rhetoric, seem anxious about the current state of security. In a
recent survey by the Eclipse Foundation, 46% of the IoT developers surveyed said that security was their top concern when designing IoT solutions. Similarly, in a
2014 BI Intelligence survey,
39% of respondents said concerns about privacy and security were the
top barriers for companies thinking about investing in IoT. Both of
these studies show that technology insecurity is negatively affecting
the spread and adoption of IoT.
Figure 1. Top IoT concerns for IoT developers. Graph from a recent Eclipse Foundation survey.
Figure 2. Concerns about privacy and security ranked as top barriers to investing. Graph from Business Insider 2014 BI Intelligence Survey.
This
concern is only exacerbated by the daily onslaught of cyberattacks in
the news—a seemingly never-ending stream of headlines emphasizing the
disastrous consequences of the lack of security in our connected
devices. From the
cyberattack on a Las Vegas casino
where attackers were able to successfully gain access to their secure
network via the wireless thermometer in a lobby aquarium, to t
he recall of over 800,000 Abbott pacemakers that were determined to be potentially deadly to their users, to the reality that
airplanes can be taken over while in-flight by an attacker on the ground. Attackers have never had more options, and our so-called defenses simply aren’t working.
Why the Lack of IoT Security?
IoT
is a hardware-anchored space, yet many IoT hardware design groups will
argue that security is the responsibility of software development teams.
However, there is one simple explanation why the hardware group must
own security: the majority of cyberattacks exploit bugs in software. So,
adding more software to protect your hardware clearly cannot be the
answer. All complex software has bugs, and only hardware can solve this
problem by eliminating the attacker’s ability to exploit software
vulnerabilities in the first place.
Securing Embedded Processors on RISC-V
A
complete security ecosystem is available to the RISC-V community, and
there are a few easy steps that any hardware designer can take to ensure
the security of their IoT solution.
Step 1: Create a Threat Model and Include it in Your SoC or ASIC Design Specification
Threat modeling is the process by which product security is optimized
via identification and prioritization of assets and vulnerabilities.
Threat models define countermeasures to prevent or mitigate threats to
the system. They are most often applied to software applications but can
be used for hardware systems with equal effectiveness. Security
consultants like
I/O Active or
BishopFox can provide advisory services and security assessments of your design.
Step 2: Implement a Design-for-Security Process in Your SoC or ASIC Design Flow
A vulnerability in hardware is a problem you can’t patch. Such a
vulnerability, rooted in a system’s underlying hardware, has the
potential to permanently open the door for attackers. It is important to
realize that overlooked hardware security vulnerabilities are beyond
the reach of reactive software updates. Thus, make sure that you’ve
included a design-for-security mindset in your design flow. Done
properly, this has the potential to flip the script: a hardware design
without vulnerability can enforce all of the necessary security for a
given IoT device. Firms like
Tortuga Logic can assist with the implementation.
Step 3: Research Security IP Providers and Decide Which Offering(s)
Best Meet the Requirements Set Forth in Your Security Threat Model
Roots of trust, encryption, authentication, trusted execution
environments, secure boot processes: all of these solutions and more may
need to be a part of your end product. Make sure that you have
conducted a proper survey of IP solutions relevant to your threat model,
and compare their merits and costs versus your needs and resources.
There are several vendors within the RISC-V community that offer
security IP solutions, including
Microsemi,
Intrinsix,
Silex,
Inside Secure, and
Rambus.
Step 4: Integrate a Sentry Co-Processor to Act as a Bodyguard for the Host Processor
Sentry co-processors protect against the exploitation of software vulnerabilities. Solutions like Dover’s
CoreGuard silicon IP integrate
with existing RISC-V processors to monitor every instruction the host
processor executes to ensure it complies with a set of security, safety,
and privacy rules. If an instruction violates an existing rule, the
sentry processor stops it from executing before any damage can be done.
Step 5: Integrate Your Security IP Solutions and Verify with the Rest of Your SoC or ASIC
Implementation is where the rubber hits the road. Work your design
magic, but remember that a system lives and dies by its verification
efforts. Smart hardware security is only as good as its verification
process. Tip: Let your customers understand your verification
process—don’t just ask them to trust you, show them that they can trust
you.
Security Should Exist in Hardware and Software
Software-only
protection of application and operating system code is a thing of the
past. Don’t waste any time getting out in front of attackers and
vulnerabilities with a powerful, hardware-based IoT processor solution.
No comments:
Post a Comment