Why an explosion in IoT devices significantly raises the threat level.
DECEMBER 5TH, 2019 - BY: YURI NAGANO
An explosion in IoT devices has significantly raised the security threat level for hardware and software, and it shows no sign of abating anytime soon.
Sometime over the next decade the number of connected devices is expected to hit the 1 trillion mark. Expecting all of them to be secure is impossible, particularly as the attack surface widens and the attack vectors become more sophisticated. In fact, a recent paper from researchers at the University of Michigan and Tokyo’s University of Electro-Communications showed how attackers could gain control of voice-controlled systems using amplitude-modulated light.
That’s just the beginning, too. The chain of communication for IoT devices is both multi-staged and unregulated.
“The IoT device connects through gateways to infrastructure services,” said Stuart Biles, an fellow and director of research architecture at Arm. “We find about 70% of security vulnerabilities are due to memory. But there are things you can do to help, like implementing CHERI (capability hardware enhanced RISC instructions) technology. A hidden 1-bit tag can eliminate forgeries.”
What becomes clear with IoT security is that it’s not just a single device that needs to be secured. It’s also everything connected to that device.
“The security risk is really a shared problem,” said Dan Lyon, senior principal security consultant at Synopsys. “You need to build a system with security in mind from start to finish. If you think about your development process requirements — design, testing — all of those things have to have a security aspect to them.”
There has been no shortage of research on this subject, particularly as the electronic content increases in safety critical applications such as cars and medical devices.
“You can think of a car being at the edge of a node and how anybody could access the electronic systems in the car,” said Ravi Subramanian, vice president and general manager of the IC Verification Solutions Division at Mentor, a Siemens Business. He noted that a trusted platform would need to be created where only authorized people can access the hardware and software to operate it or debug it.
Security becomes increasingly critical as more intelligence moves to the edge of the network. That, in turn, increases the value of the data, which helps explain why manufacturers of IoT and automotive electronics are seeing increased demand for effective security.
“For IoT, security initially was kind of an afterthought,” said Ben Levine, senior director of product marketing for Rambus.
But even companies that took security seriously from the outset learned that it’s not just the device security that matters, starting with the Mirai botnet attack. It’s also the environment it operates in and the use model for those devices. “There is no one size fits all for security,” Levine said.
Partitioning security One approach to security is to separate different functions within the same chip, or even within the subsystems of the chip. This becomes particularly important with some of the new SoCs, which may include general-purpose processors, a GPU, AI processor and specialized neural network logic, as well as various types of accelerators and simpler functions for networking and accessing external storage.
The security of the image processor, the host CPU and the root-of-trust processor (tRoot) all share external memory through a memory controller, said Mike Borza, principal security technologist for security IP at Synopsys. But sometimes the host CPU is not trusted by the image processor, or vice versa. And in some cases, the tRoot does not trust either component and protects the memory that it uses and encrypts it to keep it private to tRoot.
“If you look at the chip architecture, none of those separations are enforced, which can lead to escalating attacks as an adversary gets a foothold in the chip through one simple vulnerability,” Borza said. “Then they can use that to get more data, such as biometric data being processed in the image processor, and then use that biometric data to get access to your bank account, for example.”
Security by the numbers Recent research by the Ponemon Institute found that data breaches related to IoT devices have been increasing for the last three years. Of the 625 corporate governance or risk managers of organizations Ponemon surveyed, 26% saw a data breach in the last year, compared to 15% three years ago.
Respondents cited the cause of those data breaches as “unsecured IoT devices or applications.” Some 87% of respondents believed that a cyberattack, such as a distributed denial of service (DDoS), was ‘very likely’ in the next two years, with 84% saying a data breach would ‘very likely’ be caused by an IoT device or application. Furthermore, 59% of respondents said their IoT ecosystem was “vulnerable to a ransomware attack.”
Most security problems until now come down to basic lapses such as companies using a default password or no one updating the operating system on a device connected to the internet, said Martin Croome, vice president of marketing at GreenWaves Technologies.
Because systems aren’t updated, a bug discovered three years ago exists on a device and leads to a breach. He noted that such problems “probably account for 99% of the Internet of Things (IoT) devices that get cracked.”
Secure building blocks Arm is working to transform what it considers “a bit of a Wild West for IoT security” into something with “useful security building blocks” for everyone, said Rob Coombs, director at the architecture and technology group at Arm.
Some years ago smartphones were easily hackable. That has changed significantly in recent years, and the goal is to make IoT devices as secure as smartphones.
“We’re on a good path to make a big difference for IoT security,” Coombs said, pointing to Arm’s platform security architecture (PSA). The most basic part of PSA is its first step, where device makers are encouraged to think about their own security requirements by creating threat models and getting a clear picture of their own security needs. In the second step, makers need to map out a good security architecture for themselves, and the third step is to implement those measures. The final step is certification, with makers taking their security measures and having them tested at a lab, said Coombs.
“When you have a chip on a device — if you think, ‘Why do I trust this device? Why do I trust the data coming from this device? — it critically depends on the quality, the robustness, effectively of that root of trust buried deep inside that chip. So we’re trying to create a reference implementation for that with root of trust,” he said.
Power matters One of the big challenges for security involves power. While passive security such as hiding keys uses little or no power, active security to prevent tampering, obfuscate activity, and provide biometric access can be much more effective. But all of those approaches also require power.
Mentor’s Subramanian said there is a “big revolution” going on in the hardware architecture space to process sensory information. Instead of processing the information using general-purpose engines, the information is processed with domain-specific engines. That also opens new opportunities for blocks that can process facial gestures or audio gestures or biometric identification with greater energy efficiency. So rather than just image capture, there is an emphasis on image recognition.
The consumer market is filled with sensory functions. Newer BMW models incorporate gesture recognition, which allow users to start and stop music with the wave of a hand. The latest smartphones have facial recognition and sometimes also an iris scan function as a security measure for the user to access their devices. Then there are also voice recognition functions for users of Amazon’s Alexa and Apple’s Siri.
“We’re seeing a lot of the chip technology for that advancing at a furious pace in order to get you the most energy-efficient implementation for that market,” Subramanian said. And that opens other opportunities to verify the correct gesture or facial recognition or voice recognition is being applied.
Sensory functions on ML algorithms One of the big shifts in this part of the market involves sensors, which are advancing at a very fast rate in existing and new markets. In the past, sensory chips were restricted to a handful of industries.
“Now it’s really expanding,” Subramanian said. “The key aspect to creating both the big challenge with the big opportunity now is that once you capture this data from the sensors, you then typically need to be doing something with it based on the application (such as voice or facial recognition).”
Biometric data can optimized using AI, said Kris Myny, team leader for R&D at Imec. “Novel user interfaces are being developed with lots of fascinating novel technologies and applications.”
With neural networks and deep learning algorithms, systems can recognize voices or fingerprints rapidly and efficiently using very little power, said Myny. This also may be addressed at the system level because there is no need to continuously track fingerprints, facial features, or recognize voices, so the hardware can be switched off when not needed. And with gesture recognition by means of camera or ultrasound technologies, power consumption can be optimized with better technologies and at the system level, as well.
The latter is the approach used by GreenWaves Technologies, which develops low-power chips for biometric devices. “We can be an always on device that can wake up power-draining security devices,” said Martin Croome, vice president of marketing for GreenWaves.
The low-battery chips can detect gun shots, breaking glass, people screaming, and other distress signals, he said, noting the company’s chips are targeted for ultra-low-power IoT devices, including wearables.
Time to market Competition is high in this market, and there is enormous pressure to get to market quickly. But this also is a rapidly changing market, and the price of missing out on changes in power or security features can be significant.
“If you have an algorithm that takes five joules of energy per minute and another implementation that takes one joule of energy per minute, literally, the battery can last five times longer, which is the newer implementation,” said Subramanian. “There are periods of time, where you have to do training and there is learning, and then there are periods of time when you have to take what you learn and start using it to recognize things. The energy consumed in both of those cases are very important.”
Consider, for example, speech recognition on smartphones. Users may need to ‘train’ the application by storing audio clips to improve accuracy. This type of machine learning application is accelerating because more applications are using voice or an image as a ‘gateway’ to an application.
Conclusion With security breaches for IoT devices being commonplace, there’s an increased need to protect devices from the hardware, chip-level on the edge from start to finish. Best practices such as Arm’s PSA is being adapted by some chip makers with the goal to protect IoT devices in its most simple forms to its more complicated versions found on automated vehicles.
Meanwhile, advances in sensory functions as well as IoT are pushing forward power efficiency.