• About
  • Subscribe
  • Contact
Sunday, April 2, 2023
    Login
FutureIOT
  • Technology
    • Sensors and Instrumentation
    • Devices
    • Cloud and Platforms
    • Research and Development
    • Governance, Standards and Regulations
    • Application and Middleware
    • Security
    • Big Data and Analytics
    • AI and Machine Learning
  • Industry
    • Manufacturing
    • Transportation and Logistics
    • Retail and E-commerce
    • Banking and Financial Services
    • Government, Healthcare and Education
    • Industrial
  • Application
    • Smart Cities
    • Future Workplace
    • Commercial
    • Smart Home
    • Customer Engagement
  • Resources
  • Podchats
  • Videos
  • Events
No Result
View All Result
  • Technology
    • Sensors and Instrumentation
    • Devices
    • Cloud and Platforms
    • Research and Development
    • Governance, Standards and Regulations
    • Application and Middleware
    • Security
    • Big Data and Analytics
    • AI and Machine Learning
  • Industry
    • Manufacturing
    • Transportation and Logistics
    • Retail and E-commerce
    • Banking and Financial Services
    • Government, Healthcare and Education
    • Industrial
  • Application
    • Smart Cities
    • Future Workplace
    • Commercial
    • Smart Home
    • Customer Engagement
  • Resources
  • Podchats
  • Videos
  • Events
No Result
View All Result
FutureIOT
No Result
View All Result
Home Technology Cloud and Platforms

Embedded Security-as-a-Service to Prevent the Next Big Botnet Attack

FutureIoT Editors by FutureIoT Editors
May 2, 2019
Photo by Alexandre Debiève on Unsplash

Photo by Alexandre Debiève on Unsplash

Yoni Kahana, VP Customers, NanoLock Security
Yoni Kahana, VP Customers, NanoLock Security

By: Yoni Kahana, VP Customers, NanoLock Security

In recent years, dramatic attacks from the Mirai botnet attack of 2016 to Intel Spoiler in 2019 exposed the vulnerability of processors for electronic systems that undermined assumptions commonly held around the security of the processor and leveraging the root of trust in the system.

In embedded endpoint devices, today’s software security solutions are limited in scope. They can either disrupt the main functionally, demanding processing power and requiring integration of security features conflicting with the functional requirements, or not provide adequate levels of security, causing software to be potentially undermined by lower level software that breaks through the security measures.

The question is, as the IoT continues to expand and permeate new industries, where should we put our trust when it comes to security in electronic systems and what is the tradeoff? And what are the opportunities for new solutions that better address the needs of edge and embedded devices?

The role of the processor

Electronic systems control our world and surround us – from today’s modern automotive that features dozens of Electronic Control Units (ECU), to industrial Programmable Logic Controllers (PLC) responsible for manufacturing most of the products we consume, to the electronic modules in our home (e.g. routers) – electronics are the backbone that make up our increasingly connected lives.

All modern electronic systems include two main building blocks: the processor responsible for executing the state machine and the system software that eventually brings the functionality that users expect. This software, stored on the persistent memory (Non-Volatile Memory – NVRAM, or flash), survives when the power is off and is loaded to the processor and the RAM during boot time.

Because of the nature of interconnectivity and reliance on software installed in CPUs and online in electronic systems, the opportunity for hackers and cyber-criminals to cause disruption is increased. To prevent these types of attacks, security solutions have been integrated directly into electronic systems.

From car hacking, to camera attacks like the Mirai botnet attack in 2016, to attacks via the router like VPNFilter, this trend and subsequent risk will continue to increase as more devices join the network.

Once adversaries can modify the state machine or the system software, they can change the functionality of the system. These changes can create critical or safety issues depending on the system, expose sensitive data that should be protected, allow access to an unauthorized party and much more. And in order to get access, the adversary requires a way to manipulate the software that resides in the NVRAM.

Modern processors have security features that are meant to provide security layers which include secure boot, memory protection, different privileges to software processes, encryption, trusted execution environment and more. Generally speaking, these features are used to prevent adversaries from gaining access to and taking control of the system – these features are intended to prevent the modification of the original state machine, which controls the functionality of the system.

Therefore, the security of the processor is key to ensuring larger network and device security.

The limitations of the security that processor can provide

The aforementioned processor security features rely on the creation of different levels of trust. However, since the processor needs to support many different software designs and functionalities, the processor and the security features controlled by the software must also be protected by the processor.

This is a paradox - different software layers give different control privileges to the processor and attacks like denial of service (DoS) reveal that opportunities for attack lie within those layers. DoS attacks can be easy to execute by simply modifying one bit of the “secured software” which causes the wrong signature validation and halts the secure boot process. These types of attacks can even “brick” the device or allow for the move to recovery mode which can then be attacked in the same manner.

With recent attacks like Meltdown/Spectre, it was also demonstrated that due to the tradeoff between functionality and security, sometimes processor security features can be comprised at the processor level.

Nowadays, the management of end devices is critical for commercial systems and it is often assumed that software updates will be required for feature updates and security patches. But once the software on the processor is no longer trusted, the management of the electronic system cannot be trusted, and the software update mechanism can no longer be secured due to the now lack of trust in the compromised end point. This creates a major problem for the deployment of commercial IoT systems.

Additionally, these processor-based security features require additional resources in the form of additional silicon or additional firmware code, creating a cost increase for companies to purchase or upgrade processors that can adequately support the security features. It may be insignificant in some high-end applications that are less sensitive to cost, but it has an effect on low cost applications that can’t afford bill of material (BoM) increases.

So, how can companies ensure that their IoT devices on the network remain secure?

New solutions for a more secure IoT devices

An innovative approach to IoT security is to protect the device’s flash, even from the processor and the software that is running on it. Creating a root of trust in the secure flash that blocks write operations to the protected memory facilitates a secure channel all the way from cloud to the flash, making it impossible for attackers to alter the firmware with any malicious code. This approach is agnostic to the processor and any software that is running on the device and avoids any latency in boot time or run time.

And since the solution has moved from the processor side to the flash side, this approach, agnostic of the processor and the OS, means that there is no need for additional cost resources on the processor side. Therefore, ironclad security can be achieved with low-power, low-cost processors, creating a more palatable cybersecurity solution for IoT manufacturers and IT management.

One may assume that this cost burden would then shift to the flash side, however, because preventing writing to memory area is much simpler in the flash itself, it is an insignificant increase compared to the cost (in performance and price) in the processor.

When implemented into the flash side properly, there will be no performance impact on preventing unauthorized modification of the software, which eliminates the trade-off between security and functionality. This enables embracing security solutions in end devices that that until today couldn’t support that balance -- such as ECUs in cars, PLCs in industrial solutions, routers, cameras and other IoT devices.

Of course, today’s IoT devices require updates. By protecting the flash, we create a secure channel between the device’s flash all the way to the cloud that neither the network nor the software and processor within the device can breach, thereby extending the trust beyond cloud-to-processor to cloud-to-flash.

What’s next?

The cloud-to-flash approach goes beyond purely hardware/software security and protection; This shift enables new opportunities and revenue engines for various vertical markets embracing IoT.

The value of this new approach reaches beyond a technology paradigm change. It also changes the commercial view of security and management and opens the door to deriving revenue from security in IoT.

About Author:

Yoni Kahana is VP, Customers, for Israel-based IoT cybersecurity management startup NanoLock Security and a 20+ year cybersecurity industry veteran for Fortune 500 companies like General Motors and Qualcomm. NanoLock’s edge device management and protection platform uses a cloud-to-flash protection approach that configures the mechanism for secure updates and trustworthy management – essential for deployments of IoT devices in crucial applications in emerging tech such as smart cities, autonomous vehicles, industrial, telecoms and others.

Related:  How to choose the right industrial IoT platform
Tags: Industrial IoTNanoLock SecuritySecurity-as-a-Service
FutureIoT Editors

FutureIoT Editors

No Result
View All Result

Recent Posts

  • HSM convergence creates a service-based market
  • Singaporeans get round-the-clock telemedicine service
  • Observations and impressions at Mobile World Congress 2023
  • AutoStore introduces enhanced workstations
  • 581 million labels get smart with IoT

Categories

  • Agriculture
  • AI and Machine Learning
  • Application
  • Application and Middleware
  • Automotive
  • Banking and Financial Services
  • Big Data and Analytics
  • Blockchain
  • Case Studies
  • Change Healthcare
  • Cloud and Platforms
  • Commercial
  • Construction
  • Consumer
  • Customer Engagement
  • Devices
  • Future Workplace
  • FutureCFO
  • Governance, Standards and Regulations
  • Government, Healthcare and Education
  • Hospitality and Tourism
  • Industrial
  • Industry
  • IT-OT integration
  • Manufacturing
  • Networking
  • Research and Development
  • Retail and E-commerce
  • Security
  • Sensors and Instrumentation
  • Smart Cities
  • smart contracts
  • Smart Home
  • Start-ups
  • Technology
  • TIBCO
  • Transportation and Logistics
  • Uncategorized
  • Videos
  • Whitepapers

About FutureIoT

Asia’s ONLY dedicated IoT publication

The race to harness the power of Internet of Things (IoT) is here. FutureIoT is dedicated to individuals, as well as public and private organizations looking to tap the potential of IoT to transform the way we live, work and do business. FutureIoT is the dedicated media that provides the single source of truth about IoT, the technology, its application and regulation, originating from Asia. << Read more >>

Quick Links

  • Subscribe
  • Contact
  • Privacy Policy
  • Cookie Policy
  • Terms of Use

Categories

Recent News

Photo by iMin Technology: https://www.pexels.com/photo/person-standing-in-front-of-a-monitor-holding-a-pack-of-food-and-12935041/

HSM convergence creates a service-based market

April 1, 2023
Minmed Telemedicine Clinic

Singaporeans get round-the-clock telemedicine service

March 29, 2023
  • Privacy Policy
  • Terms of Use
  • Cookie Policy

Copyright © 2022 Cxociety Pte Ltd | Designed by Pixl

No Result
View All Result
  • Technology
    • Sensors and Instrumentation
    • Devices
    • Cloud and Platforms
    • Research and Development
    • Governance, Standards and Regulations
    • Application and Middleware
    • Security
    • Big Data and Analytics
    • AI and Machine Learning
  • Industry
    • Manufacturing
    • Transportation and Logistics
    • Retail and E-commerce
    • Banking and Financial Services
    • Government, Healthcare and Education
    • Industrial
  • Application
    • Smart Cities
    • Future Workplace
    • Commercial
    • Smart Home
    • Customer Engagement
  • Resources
  • Podchats
  • Videos
  • Events
Login

Copyright © 2022 Cxociety Pte Ltd | Designed by Pixl

Login to your account below

or

Not a member yet? Register here

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In