IoT deployments will not scale without trust
Low priority and dynamic
Very few developers have strong security experience
Even if there is no secure data/privacy issues
and must not be made an option
Updates become the malware infection vector
DDOS flatten battery
In the wall This is not the PC world, no reset, no reinstall
History of engineering closed systems
Somewhat secure thanks to isolation (SW, communication and physical) and obscurity (low volume)
Very little code reuse and design commonality between systems
These “Embedded” norms can’t survive in a successful connected IoT world
When you add networking everything changes
Exposed systems connected to the internet
Managing high complexity in networking stacks requires code reuse and modern dev approach
MCUs need to become accessible to a larger audience of developers
Few developers have security experience
mbed IoT Device Platform is the best starting point
Security is not a black and white thing. It is not either on or off. It must be deployed in proportion to the need for security.
Before security thread-models are defined it is important to have a holistic view of business requirements.
Then appropriate security choices can be made (the cost and effort to be expended on a security solution is a factor here).
Even the most basic application which has static service session information determined at the time of manufacture (e.g. a fixed symmetric key) need fairly sophisticated security functionality. Communication security (as implemented by mbed TLS) enables the device to have basic authentication, confidentiality and integrity for data sent to and from it over the internet. The mbed Cloud Connect service is also provides the security required to use a specific device with a particular cloud application. Many IoT platforms don’t provide much more security than this but at this level it is impossible to securely provision new keys/certificates onto the device or update its firmware. This severely limits the useful lifetime of the device (or risks relying on a device deployment investment with little security protection). Also this limited device security means that valuable secrets can’t safely be stored on the device. As a result this level of security is best suited to disposable devices where the value of device deployment does not need to be maintained and the secrets on the device are low value.
Many applications will demand a larger investment in security. Adding mbed OS uVisor capability enables greater protection of secrets scored on the device and provides greater trust for device identity, integrity. This in combination with mbed Cloud Provision and mbed Cloud Update allows deployed device to flexibly connect to new services and form new secure relationships over its lifetime while keeping pace with changes to security standards and newly discovered protocol vulnrabilites. This protects business investment in large device deployments. At this stage the device can be trusted to implement most common IoT applications and to store important secrets with adequate protection.
Beyond this some specialist applications may require higher levels of security such as resistance to LAB attacks while storing very valluable secrets. This would required the addition of more expensive hardware counter measures and anti-tamper features. This can be supported alongside mbed OS security features.
Mention mbed TLS website with list of vulnerabilities
Third party stacks
The future mbed roadmap will deliver pervasive security across all of our device services (mbed Cloud) and device software (mbed OS; mbed TLS; mbed for X). This security covers many different aspects and exists in may different layers of our mbed IoT Device Platform. Broadly speaking we can categorize all these security aspects into three distinct areas:
Device Security: This comprises of all security aspects implemented in mbed Device Sofware running on IoT end nodes. Our roadmap for this includes SW functionality to implement security related to connectivity, provisioning and device update. These higher level rich protocol/functionality modules will be supported by basic security components that include secure boot; secure storage primitives; low level key management; device identity and cryptographic libraries supporting both full SW implementations and secure interfaces to hardware crypto accelerators. These basic security components can, optionally, reside within and be protected by Trusted Execution Environments (TEE) or secure supervisory kernels such as the mbed OS uVisor when this is supported by the device hardware. This adds additional protection by providing secure isolation of system resources for each software component.
Communication Security: Based on widely deployed and most thoroughly tested security available for internet communication today. mbed Communication Security is implemented by the mbed TLS library which provides all the functionality required to implement the full TLS and DTLS protocols. The mbed TLS library is use in the device software and within the mbed Cloud services. This provide end-to-end communication security from each end node into mbed Cloud across the internet.
Management Security: Implemented within our mbed Cloud services this enables secure lifecycle management for large deployments of end nodes. This will encompass secure device connectivity; secure device provisioning and secure device update services. This is vital to enable IoT deployments to scale. Critically our update service will enable agile security to be implemented across the entire mbed IoT Device Platform. This protects investment in large deployments and enables our IoT security to evolve alongside state of the art internet security. It will also provide secure links into Cloud Application Platforms so that entire IoT applications can be fully secured.