Bench Talk

(Source: Immersion Imagery/Shutterstock.com)

In a marketplace where 26 billion Internet of Things (IoT) devices are expected to go live by 2020 (Gartner), it is critical to secure the enormous amount of data that these devices would generate. Transmitting data to and from the cloud involves many intermediate hops that increase latency. As such, the cloud can’t exclusively secure end-to-end IoT architectures. Designing security intelligence closer to IoT devices is a more meaningful solution for many reasons.

In most IoT architectures, an edge gateway is where the bulk of the ingress and egress data are processed (Figure 1). A gateway aggregates data over various network segments, which might be running Wi-Fi, Bluetooth^®, Sigfox, cellular, or Ethernet. This mix of protocols adds to the attack surface, but the importance of securing this point-of-data ingestion and aggregation is significant. Real-time security analysis, filtering, and processing of security data at the edge gateway improve the security posture of traffic flows on premises as well as from and to the cloud.

The sheer scale of the IoT helps threats evolve rapidly. IoT gateways often have direct peer-to-peer connections with on-premises devices (similar to the broker in a Message Queuing Telemetry Transport network). In the event of an attack, the proximity of security-hardened gateways provides a rapid response for controlling and minimizing damage to enterprise assets.

Figure 1: Edge gateway diagram (Source: Texas Instruments)

Another advantage of IoT gateway security is that it helps reduce a network’s attack surface. When the gateway handles the bulk of the edge analytics and computing, IoT traffic has to traverse fewer hops, which reduces the risk of unauthorized access and man-in-the-middle attacks.

Industry 4.0 use cases involve legacy networks, protocols (e.g., Modbus), and devices that are connected to industrial IoT infrastructure through gateways. Open connectivity exposes legacy equipment to new threats that they were never designed to encounter. In such scenarios, the only option is to integrate security features in the IoT gateway, which acts as a security proxy for the legacy equipment it connects.

IoT gateways also act as security agents for resource-constrained IoT devices, sensors, and actuators that lack the CPU horsepower, battery life, and storage to handle complex cryptographic security functions such as secured access, authentication, and encryption.

On virtualized platforms on which multiple virtual devices run on a hypervisor, the virtual gateway instance can act as the trust anchor for the entire hardware platform. It can execute various trust functions, such as mutual authentication, certificate-based access control, remote boot, update attestation, firewalling, and deep packet inspection. The software-based security functions are isolated from each individual virtual machine’s guest operating system. This configuration is analogous to deploying a security gateway inside the device rather than in front of it.

Considering these use cases, an IoT gateway must always be designed to secure threat-prone IoT architectures. IoT gateway security has two aspects.

• Secure the devices
• Secure the gateway.

In IoT environments, both the devices and the gateway are prone to various threat vectors, including spoofing, denial-of-service, hardware or software tampering, data theft, and elevation of privilege. Considering the intended use cases where the gateway would be deployed, you can use various threat-modeling techniques to identify the security controls to be implemented in the gateway to protect IoT devices. For example, when an IoT gateway acts as a security proxy for legacy networks and devices, it can implement firewalls (hardware-based or software-defined), rule-based traffic filtering, and whitelisting.

It’s important to note that these security features are designed to protect devices connected to the gateway; unless the gateway itself is secured, all accompanying security technologies would become useless if the gateways were compromised. To secure the gateway, it must be designed with endpoint security controls.

Identity and Access Control

The gateway needs a root of trust to identify itself on the network before it can participate in data exchange. A gateway can be designed as a trust anchor and equipped with key-based access control to grant access to authorized users and devices only. To protect the secrets (keys and certificates), secured storage or vaults can be implemented.

Often, gateways are exposed to extreme outdoor environments. Tamper-resistant hardware can protect them from physical damage.

Over-the-Air Updates and Secure Boot

Over-the-air updates ensure that the gateway is running the latest software and firmware free from common vulnerabilities and exposures. Secure boot enables the gateway to boot firmware images whose integrity and authenticity have been cryptographically verified. This precaution prevents booting the gateway with malicious firmware.

Visibility and Threat Detection

Fine-grained event logging provides sufficient visibility into the processes running in the gateway, which is useful for security audits and also automates threat detection and troubleshooting. In IoT environments, where accessibility could be constrained, it’s more practical to automate threat detection by using machine learning or artificial intelligence. Machine learning enables us to identify behavioral baselines and can detect or even prevent anomalies.