Enterprises should ask themselves a few questions when adopting cybersecurity products to ensure the security of IoT devices.
Businesses can face huge challenges in achieving security when building IoT solutions. Suffice it to say, enterprise adoption of cloud platforms for protection solutions is nothing new, and there are many well-established practices and support frameworks that can help enterprises implement the right thing. When it comes to hardware, embedded IoT devices that will eventually connect to public networks are still uncharted territory for most.
The following will explore a few questions enterprises should ask themselves when adopting IoT devices, and provide some answers to help them make IoT devices as secure as possible.
When businesses authenticate individuals against a website or any form of online service, they often rely on multi-factor authentication (MFA) to avoid impersonation and identity theft. Multi-factor authentication effectively makes it impossible for cyber attackers to fake their online identities, as they may not have all the evidence needed to authenticate to said website or service.
For example, a cyber attacker may already know a user's passcode and even steal their phone, but they don't know the 6-digit passcode set on the phone, nor will they have access to fingerprints. In short: they will not be able to complete the login process and impersonate the user.
So is it possible to implement a similar mechanism to prevent identity theft of IoT devices? The answer is to use specialized hardware, such as a Trusted Platform Module (TPM). In short, such devices possess hardware-protected encryption keys. The private key, once stored in the module, never leaves the module, and the public key is then used to prove the identity of the device. Since the key cannot be forged, impersonating the device is effectively equivalent to gaining physical access to it, which of course creates other security issues.
Trusted Computing Base (TCB) refers to hardware, firmware, and software components critical to system security. Every aspect of an IoT device, from the aforementioned Trusted Platform Module (TPM) to its operating system (possibly real-time) kernel, will play a role in ensuring the overall security of the system.
When designing IoT devices, it must be kept in mind that the trusted computing base should be as small as possible. This way, the attack surface is minimized and errors or risks in the Trusted Computing Base (TCB) are reduced, allowing cyber attackers to bypass security protections and deploy malicious payloads that, for example, allow them to steal valuable business data.
If you can, try to build an operating system or real-time operating system that only allows the enterprise to release and enable the features that are really needed. Regardless, an enterprise's application code should run outside of the Trusted Computing Base (TCB) so that it can function without compromising security.
There are many reasons why IoT devices may fail. For example, it could be due to cyber attackers trying to take control of it by exploiting a vulnerability or attempting to brute force passwords. It could also simply be that the device has encountered a corner case and switched to an indeterminate state leaving it vulnerable.
Whatever the reason, it is critical to track these devices' failures so that they can not only be diagnosed and corrected, but potential attack vectors can be isolated and mitigated before they can be effectively exploited.
There are also solutions to help report bugs. Azure Security Center for IoT and its associated open-source agent is a great example of how to automatically collect and log events such as failed login attempts or connections from unusual IP addresses.