By Jerome Rampon, CEO, Algodone
Internet of Things (IoT) promises great business opportunities for the semiconductor companies, system integrators, and service providers. However, IoT security is a major concern to this promised growth because there are many weak security links in the IoT ecosystem. This article proposes a way to secure IoT devices and standardize IoT usage through silicon licensing.
We are surrounded by IoT devices today. From connected household appliances, wearables, industrial robots, healthcare monitors, to smart cars, smart meters, and smartphones, billions of connected electronic devices are improving our lives and changing the world we live in.
The already realized and promised IoT market growth speaks volume for the future of IoT. In 2014, the size of the Worldwide IoT market is 2,690 Billion Euros. By 2020, it is projected to grow to 7,474 Billion Euros, representing 10% of global Worldwide GDP (Growth Domestic Product). According to IDC (International Data Corporation), among the 7,474 Billion Euros, only 1,700 Billion Euros will come from IoT solutions providers (technology and products providers along the supply chain). The most significant market growth, as predicted by most experts, will be driven by Business-to-Business (B2B) and Business-to-Business-to-Consumer (B2B2C) usages in 4 principal industrial domains:
- Industry/Building Construction (representing 20% of the market, closely linked to quality and monitoring processes through various sensors)
- Transportation, including Automotive
However, to enable the promised growth, we must resolve the security challenges. Security is a top concern of the IoT community because of the importance of the data at stake and the technical complexity existing in the communication network and cloud infrastructure. There are three main targets for hackers to access the functionalities and data of a connected device:
- the Device itself,
- the Cloud Infrastructure that includes conceptually IoT supervisors via servers,
- and the Network of communications.
Consequently, an essential pillar to secure an IoT device and preserve any stored data or communicated data relies on the protection of the IoT device itself throughout its entire life cycle, from conception to manufacturing to final use.
2. IoT Security Challenges
The IoT ecosystem involves many diverse players and each faces a distinct set of security challenges.
Software, either embedded or at the application level, remains the weakest link in the IoT ecosystem. It requires less resources to hack software systems compared to hardware, as manifested by the numerous data breach stories in the news. In addition, not all software providers have enough security expertise to take the necessary security measures. What makes it even worse for IoT software is the sheer magnitude of the different types of IoT devices available, hence the different types of software provided to support these IoT functionalities. All these broaden the spectrum of attacks in enterprises and at consumers level for IoT. Consumers OEM, Industrial OEMs and mobile networks operators (Telco or ISP) have to work together to provide an end-to-end security solution, taking into account hardware security.
2.2 Cloud Infrastructure
IoT devices often need to monitor and collect data as well as send the data to cloud for processing. Cloud infrastructure is also a prominent target of threats as it is observable and the surface of attack is large. Numerous efforts have been taken to improve cloud security:
- Security Operation Centers (SOC) have been elected to prevent and detect any unusual events and traffic over network communications.
- Various encrypted communication protocols, mostly based on hybrid solutions, which are a combination of core symmetric cryptography and asymmetric cryptography to encrypt core symmetric keys, have been deployed with HTTPS over the internet (the most known for end users).
- Cryptographic keys and signatures management combined with randomness generators are at the heart of a solid security solution. PKI, or Public Key Infrastructure, are components specialized to deliver trusted public cryptographic keys. It is used as roots of trust in many applications across Systems, Devices, Boards, and Chips.
IoT cloud security requires a tight combination of secured hardware devices and software processes to provide the end to end security. This is a not trivial task as there are many suppliers and stakeholders involved.
2.3 IoT Network
Most current IoT devices are connected through mobile (2G/3G/4G…) or local networks (Wi-Fi, Bluetooth, Li-Fi, with Ethernet gateways). Dedicated specific communication networks have emerged via LPWAN (Low Power Wide Area Network) infrastructure development, with a goal of low power consumption so that battery operated IoT devices can be active over decades. The LPWAN are in strong deployment phases with different protocols and deployment structures and business models, with two competing trends:
- The non-cellular based technology (Sigfox, Lora, Wize, Qowisio, …) created for new IoT use cases
- The cellular-based technology (LTE-M, NB-IoT) which uses existing mobile networks through adaptive layers
No matter what kind of network, cellular or non-cellular based, IoT network security is a real concern. First of all, there are limited cryptographic solutions in terms of communication protocols and deployment. Solutions with Hardware Secure Elements in devices are recommended to create a complete layer of security, however, they are not universally adopted, partly because the cost of adding hardware secure elements in the system is a barrier of adoption for endpoint IoT devices targeting a low price point.
As a result, many industrial use cases with safety requirements and high-security challenges (transport, energy, nuclear, military) need their own layers of security.
2.4 IoT Devices
Last, but not the least, is the security challenge of managing the IoT device itself. This is exacerbated by the fact that these IoT devices are connected and often reconfigurable throughout the device’s life cycle. When the firmware and hardware of the IoT devices are modified in the field (over the air or not), security is not anymore static at device manufacturing before sale or first deployment steps. Instead, security needs to be thought out and managed throughout the full lifecycle of the IoT devices. The responsibility of IoT device security management is hence increased. For example, new IoT devices may need to be integrated into a fleet of existing IoT devices with interoperability and security management (authentication of new devices, enrolment in the fleet, and sharing of communication keys). Some devices may become obsolete and would need to be securely removed from an IoT fleet or network. Identity management, for all these operations, and monetization of software/firmware updates are new areas of security challenges.
3. Silicon Licensing for IoT Security
To address the IoT device security challenge, we propose a new Silicon Licensing scheme to personalize each IoT device so that each of the billions of IoT devices can be uniquely identified and managed. Compared to Hardware Secure Element, the Silicon Licensing approach is a light weight security solution that can be used even for low price point IoT devices. In addition, licensed IoT devices also allow for a new business model so that IoT device makers can offer device-as-a-service, rather than sell IoT devices at low profit margin.
Silicon Licensing is enabled through a soft RTL IP that needs to be embedded in the host processor or microcontroller (will refer to as Host in the following discussion) inside the IoT device. Each silicon license is tied to the unique chip ID (the DNA) of the Host, such that the unique identity offered by the Host is extended to the IoT device itself. The key benefit of the silicon-based licensing is its secure nature because it takes much more significant effort and cost to hack a hardware device. Each license provisioned is for a specific IoT device, much like the ignition key of a car is unique to the car itself. With unique silicon licenses, even when a particular device is attacked, the whole fleet of similar IoT devices will still be intact.
Another key component of the silicon licensing scheme is the secure cloud-based server which is used to provision, manage, and store these unique licenses to allow only authorized parties the access to the license database. Silicon Licensing personalizes each IoT device and allows the transmission of sensitive data from a remote cloud server to and from the device with a personalized encryption layer so that sensitive data such as firmware upgrades can be transmitted securely to a specific IoT device. The following are some of the specific use cases that can benefit from Silicon Licensing.
3.1 In-field Upgrade
IoT devices need to be reconfigurable and upgradable throughout the device’s life cycle. Firmware over the Air (FOTA) can be done remotely to enable new features and functionalities, as well as to perform maintenance operations. However, for security purposes, such changes of device software or hardware must be certified or authenticated, i.e. only authorized entities (such as the device maker or the IoT operator) have the rights to modify the IoT device. This is to prevent any malicious update that could use standard update channels to modify and control the device with open doors. Additionally, this also ensures the integrity of the update to make sure nothing is added by an unauthorized third party.
Similar to software licensing used to control and manage software applications, Silicon Licensing is ideal for managing and controlling in-field IoT device configurations and upgrades. A feature or capability, which was designed in the system but not enabled, can be easily enabled through a new license and secure cloud-to-chip encrypted communication. One example of such use is to temporarily increase the bandwidth of IoT network to perform firmware update and change it back to the standard lower rate once the update is completed.
Because each license is personalized to a unique IoT device, it is possible to offer a finely controlled firmware upgrade to targeted IoT devices, opening doors for monetization opportunities.
3.2 Key and Signature Provisioning
IoT connection is useful to the management of device keys and signatures. Much IoT security is based on either permanent master keys on IoT devices or temporary keys that can be regularly updated onboard. The temporary keys are often used in critical systems to offer better security by limiting the time of potential attack. However, key updates require regular painful maintenance operations that cannot be performed remotely.
Silicon licensing can help simplify the renewal of IoT security credentials such as cryptographic keys, signatures and certificates remotely over potentially unsecure IoT networks. With its secured transmission container, the cloud license server can send new temporary keys remotely embedded in the silicon licensing, making IoT devices more secure through frequent temporary key updates.
3.3 Metering for Pay-per-use
Nowadays, many IoT edge devices are not simply dumb sensors which collect data that is then sent to the cloud for processing. Instead, they often have significant AI functionalities built in to offer preliminary data computation and processing at the edge so as to reduce the amount of data sent to the cloud. An example can be an intelligent video camera installed at retail stores to record customers’ traffic patterns and offer analysis so as to improve the retail store’s profit. Instead of selling these high-end IoT devices as products to profit from a thin cost-plus margin, these devices can be used as a platform to enable the pay-per-use business model so they can bring long-term recurring revenue to the IoT device makers.
Silicon licensing offers an ideal solution for this use model. The embedded silicon IP can be used to meter data processed at the edge IoT device and transmit such information back to the cloud server for processing and billing by the IoT device makers or IoT operators.
3.4 Health Usage Monitoring System (HUMS)
Continuous system monitoring is an area for IoT devices to help ensure the availability, reliability, and safety of any systems, for example, for industrial robots or autonomous driving vehicles. For such applications, it is important to retrieve real-time data so as to improve the maintenance accuracy based on information from various IoT sensors. Once again, through silicon licensing, such data can be securely transmitted from the unique IoT device to the cloud server so that proper alert on maintenance requests can be issued.
Through the discussion of IoT security requirements and the many different use cases that require secure and personalized IoT-to-Cloud communication, we have shown that Silicon Licensing is a novice concept to meet these requirements. While the concept and benefits of Silicon Licensing are easy to understand, it requires significant security expertise to create such a system with both the embedded silicon IP and the cloud server platform so as to withstand potential attack. Algodone’s Silicon Activation Licensing Technology (SALTTM) is architected to offer a light weight, low cost, and secure solution to secure the IoT devices. For more information, please visit www.algodone.com.