IoT Security: Challenges and Solutions
With more and more devices added to the Internet of Things (IoT) every day, the potential security threats caused by IoT “end devices” with minimum protection continue to grow. We are now living in a world where hackers may be able to gain access to our networks through refrigerators, baby monitors, thermostats, and even light bulbs. Indeed, it is no exaggeration to say that securing the IoT is paramount to our privacy, data security, and even personal safety.
Many of the simple devices that represent the end-points on the edge of the IoT use small, efficient and cost-effective 8- 16-, and 32-bit processors for embedded functions. The problem is that these devices do not have the computing and memory resources to incorporate contemporary security solutions with acceptable runtimes and resource allocation. Engineers building new connected devices must recognize this challenge and look to find lightweight, energy-efficient security solutions built for the IoT era.
IoT Security Threats
Those who raise the issue of IoT security threats are not scaremongering. The threats against IoT devices are very real. Just last year, a series of distributed denial of service (DDoS) attacks initiated by a botnet of hacked IoT devices caused GitHub, Twitter, Netflix, Airbnb, and many other high-profile websites to go offline. The attack was made possible because hackers could access IoT end-points such as wireless security cameras, routers, smart home devices, and other IP-connected products, which were then infected by malware known as Mirai. Mirai took advantage of the fact that the devices were using their default username and password settings, making them easy targets .
Despite a relatively unsophisticated approach, the Mirai attack was incredibly successful because of the sheer number of IoT devices that the malware was able to affect. And as we continue to increase the number of unprotected devices connected to the Internet, we give hackers growing points of entry.
While the Mirai attack focused mostly on consumer-oriented IoT devices, a great many commercial and industrial IoT (IIoT) deployments are also vulnerable to cybersecurity threats. Though a coffee maker or home router gone rogue may simply be a nuisance, a factory or oil platform’s sensors going offline could be a much more serious affair. IoT vulnerabilities also expose organizations to the possibilities of significant financial losses resulting from stolen data or the disruption of critical business processes.
IoT Security Challenges
An important element of establishing secure IoT communications is device identification and authentication using public key-based protocols. However, authenticating and securing IoT devices requires computationally intensive cryptographic operations. While the necessary computations may be relatively trivial to execute on a powerful processor, they take an unacceptable amount of time to run on 8- 16-, and 32-bit devices. In addition, the storage and memory overhead of these security protocols makes their use prohibitive.
Quantum computers pose another security challenge, especially to engineers designing devices that will be in the field for several years or more. While currently in its infancy, quantum computing threatens to significantly affect the security of conventional public key cryptographic methods by greatly reducing the time needed to crack their private keys. Cryptography that can survive in a post-quantum world is needed.
Securing the IoT
To help semiconductor vendors, IP companies, and IoT device manufacturers address these challenges, Veridify has developed a Group Theoretic cryptographic system designed to provide future-proof security for low-power IoT devices. Based on three distinct areas of mathematics (the theory of braids, the theory of matrices with polynomial entries, and modular arithmetic), the cryptosystem at its core has a specialized function known as E-Multiplication™. The combination of these mathematical tools within this specialized function delivers a strong security solution without the resource-intensive computations demanded by other methods.
Veridify’s approach enables ultra-low-power consumption and fast performance on resource-constrained systems, with an algorithm that runs in linear-time. It is suitable for 8-bit to 32-bit embedded processors with small memory footprints. This includes ARM-Cortex M0 and M3 cores, RISC-V processors, as well as 8-bit 8051-based microcontrollers. Protocols can be made resistant to man-in-the-middle and replay attacks, and encryption/decryption key management is mitigated because secure keys are generated for each authentication session. Finally, unlike classic cryptographic protocols, such as RSA and ECC, SecureRF’s Group Theoretic protocols are not susceptible to known quantum-based security threats.
With performance up to 100 times faster than today’s commercial security methods, Veridify’s Group Theoretic cryptosystem addresses the security needs of even the smallest devices entering the IoT and is available as a Security Tool Kit for several microcontrollers and as an IP core for FPGAs and ASICs.