Protecting IoT devices from cyberattacks: A critical missing piece: Page 5 of 13

August 10, 2017 //By Alan Grau, Icon Labs
When it comes to protecting IoT devices from cyber attacks, both device hardening and security appliance approaches each has its supporters, but there are trade-offs between “device-centric” and “appliance-centric.”

Secure boot relies on signed code images to enable validation of the image during the secure boot process. The code images are signed by the device OEM using the OEM’s private key. The OEM’s corresponding public key is used by the device to validate the signature for the firmware image.

Secure firmware update, like secure boot, validates new code images that have been signed by the OEM during the upgrade process. If downloaded images are not valid, they are discarded and the upgrade is not performed. Only valid images are accepted and saved to the device.

 

Data-at-Rest (DAR) protection

IoT devices, unlike enterprise servers, are not locked away deep in a data centre. Many are located in the field with the risk of theft or physical attack. Any sensitive data stored on such a device should be encrypted, ensuring it is protected from attempts to read from the device, either by copying the data from the device, or by physically removing the flash drive and reading data directly.

Data-at-rest (DAR) protection encrypts data stored on the device, providing protection against these attacks. Many IoT devices don’t have the computing power to support full disk encryption, but sensitive data such as credit-card numbers or patient information should always be encrypted. Care must be taken to store the encryption key in protected memory on the device or in a secure location such as a USB drive or network server.

The DAR solution should ensure unencrypted data is never stored on the hard drive. Protected data should be encrypted before it is written to a file. Encrypted files should be encrypted in memory and remain in RAM, never written back to the file system without being encrypted ensuring data cannot be leaked due to a power failure.

Design category: