Editor’s note: John Jefferies leads security marketing for the Samsung ARTIK platform. He has been championing hardware, software and mobile security products for over twenty years. He previously posted on the top three IoT security trends to watch in 2018 and “What could possibly go wrong with IoT in 2018?”
For more information on IoT security, get the Samsung ARTIK white paper, “Trustworthy IoT”.
With businesses and manufacturers looking to connect seemingly everything to the Internet, the one critical factor that often gets overlooked is security. As I’ve discussed in two previous blogs, failure to build adequate security into your Internet of Things (IoT) initiatives can expose your business to a number of significant risks.
For example, hackers could steal confidential corporate or consumer data—either directly from IoT devices or by using them as pathways into backend business system and corporate networks. Attackers could take control of self-driving cars, industrial controls, and even robots, causing property damage, factory downtime, or personal injury. Or, cybercriminals could use your products to take control of critical infrastructure, ranging from HVAC systems to smart buildings, and demand ransom. These threats have the potential to damage your brand, put you in non-compliance with strict privacy laws, and cause major inconveniences to customers—perhaps even endangering their lives.
At a minimum, protecting your IoT systems against cyber threats and physical hacking requires 10 essential security components. These are deployed from edge-to-cloud in the Samsung ARTIK IoT platform, an integrated development platform consisting of systems-on-module (SoMs), software, cloud services, and, of course, security.
- Device Integrity Protection and Detection
Device protection and trusted code execution are central to IoT security. So ideally, any IoT device should have a secure boot capability consisting of several bootloader stages. At each stage of the secure boot process, software is verified using cryptographic checks and installed before the next bootloader stage is executed. The high security of the ARTIK platform requires each IoT device to support secure boot to validate the integrity of security-critical executables and stop the boot process if any executable is compromised.
- Hardware Root-of-Trust
Additionally, the secure boot parameters must be provisioned in hardware during the manufacturing process. On ARTIK SoMs, the secure boot verification process starts when the system is brought up from a cold boot. The first bootloader to get executed by the processor at power-on is implemented on ROM. This approach prevents unauthorized software from running when a device is powered up, and is essential to assuring device integrity and preventing hackers from injecting malware.
- Trust Chain
The ability to trust the software running on a hardware platform is one of the most fundamental principles of security. To ensure attackers cannot replace or modify software, each ARTIK-based IoT device must be equipped with an X.509 certificate issued by Samsung IoT Device certificate authority (CA) or third-party CA accredited by Samsung.
- Secure Updates
Each device must be able to update its firmware in a secure manner. With ARTIK, secure over-the-air (OTA) updates, combined with code signing, ensure that only signed, authentic code can run on a device.
- Protected Communication
Attackers may try to intercept or modify traffic between IoT devices or between devices and the cloud. Or they may attempt to send unauthorized commands or events to devices. Consequently, all transmitted data between each device and ARTIK cloud services (which run on the Samsung SmartThings cloud) must be protected. The ARTIK platform secures communications between different ARTIK-based devices and between those devices and the SmartThings cloud using encryption, industry-standard cryptographic algorithms, and mutual authentication using a shared root of trust.
- Secure Storage
IoT systems that don’t provide adequate protection for data stored locally on devices can adversely impact end users’ safety and put your brand at risk. Poorly-designed IoT systems without secure storage can also put you in non-compliance with a growing number of privacy regulations and guidelines. This means each device must provide secure storage to guarantee the confidentiality and integrity of data from any unauthorized access. The high security standards of the ARTIK IoT platform require each device to meet two storage requirements—it must provide secure storage to guarantee confidentiality and data integrity, and all storage security must be hardware-backed. Devices that do not meet these requirements cannot connect with the Samsung SmartThings cloud.
- Hardware Protection
Secure storage of sensitive data must be hardware-backed and all cryptographic keys must be stored encrypted in hardware-backed secure storage. Most ARTIK SoMs include a Common Criteria EAL5 hardware Secure Element, which is optimized for IoT and provisioned with X.509 certificates and corresponding keys and identities inside secure storage. This, along with Secure Element Secure APIs, protect these sensitive assets over the entire device life cycle, especially during execution of cryptographic algorithms depending on these keys.
- Device Identity
Each device must be identified uniquely. Each ARTIK SoM has a unique certificate injected during manufacture, which the SoM uses to establish its identity with the SmartThings cloud. The certificates are also stored in specialized hardware, making device identity resistant to software hacking.
- Mutual Authentication
As a key to secure communications, each device must provide certificate-based mutual authentication with the SmartThings cloud. The ARTIK platform also facilitates the onboarding process by using strong mutual authentication between a gateway device and the cloud registration servers. This prevents counterfeit or non-compliant devices from stealing cloud services and possibly damaging brand reputations.
- Disable Hardware Debug Ports
Effective IoT device security requires that external device ports be disabled or protected from an authorized use. ARTIK SoMs provide Joint Test Action Group (JTAG) ports for debugging of the platform. However, access via JTAG opens up methods to bypass internally defined security mechanisms. To address this vulnerability, ARTIK SoMs support Secure JTAG, which requires the use of a password unique to each SoM to access the JTAG chain.
An end-to-end platform for IoT security
Samsung created the ARTIK IoT platform to raise the overall security capabilities of IoT systems to counter growing threats. Samsung ARTIK is an end-to-end, edge-to-cloud platform which provides the 10 must-haves of IoT security. By building on ARTIK, you can bring new IoT products to market quickly without worrying about extensive security development.