United States - Flag United States

Please confirm your currency selection:

Bench Talk for Design Engineers

Bench Talk

rss

Bench Talk for Design Engineers | The Official Blog of Mouser Electronics


Securing IoT and IIoT Environments, Part 2
On June 9, 2017 in All, IoT by Michael Camp
Michael Camp

Security consultants have long advocated “layers of security” for both physical and data systems. The strategy still applies when you are protecting the remote IoT and IIoT devices that are outside of your immediate control. In Part 1 of this series, we looked at protecting the MCU and boot process. In Part 2, we’ll look at protecting data and physical devices.

Protecting Data

A determined attacker with much to gain from a hack will gladly disassemble even the most rugged device to find its vulnerabilities. Shipping production hardware with debug interfaces is a great way to make the hacker’s lives easier. It is well within the resources of hackers to purchase JTAG or SWD probes to read and write RAM, or re-flash on-chip memory. Peripheral TPM chips generally use an I2C or SPI interface directly to the MCU to prevent easy bus snooping, but are still vulnerable. The TPM hardware is delivered with a pre-programmed key that is never exposed to the rest of the system, and additional keys are typically derived from the factory-installed key, and never leave the module itself.

Eliminating debug interfaces provides an additional deterrent to malicious tampering.

Protecting Physical Devices

It may be impractical to keep an eye on your sensing devices 24/7, particularly if you have deployed thousands of them. For this reason, it makes sense for your devices to keep an eye on themselves, and let you know if something undesirable happens.

Desktop computers have included intrusion detection switches for years that are capable of reporting when the enclosure is opened, but software to actually take action on such an event is relatively rare. Cover open alarms are more common in a server environment where out of band management software is much more widely used.

The principle is easily extended to IoT devices, where reporting the open/closed state of a switch is fairly trivial. Adding software to send an immediate alarm when the enclosure is opened provides a minimal degree of assurance that the device has not been tampered with. At the very least, the operations team that monitors the alarm can disregard data received from the sensor that was interfered with.

Up next in Part 3, we’ll look at protecting the network.



« Back


Michael Camp's Blog

Related Posts

  • Securing IoT and IIoT Environments, Part 3

    In parts 1 and 2, we looked at protecting the MCU, data, and physical access. In the final part of this series we will examine network security.

  • Securing IoT and IIoT Environments, Part 1

    Security consultants have long advocated "layers of security", which still applies when protecting IoT and IIoT devices. Today, we'll look at protecting the MCU and boot process.

  • New Tech Tuesdays: Precision Agriculture Takes Flight: Enhancing Farming Efficiency with Drone Technology

    The global demand for sustainable and efficient farming methods is driving the adoption of drone technology. Drones offer benefits in seed plantation, crop monitoring, and precision agriculture. Learn how the IMU Sensor Evaluation Board for the WSEN-ISDS 6-Axis Sensor enhances agricultural drone designs.

  • New Tech Tuesdays: Drones: From Recreational Toy to Essential Tool

    Drones have progressed from their recreational origins to become indispensable tools in a wide range of businesses and applications. Farmers, emergency managers, and urban planners may all readily obtain off-the-shelf drones for immediate use, making aerial imagery more accessible than ever before.

  • Shaping Smarter Cities: IIoT Irrigation Monitoring Key to Indoor Agriculture Success

    Agribusiness is a habitual early adopter of high-tech, and now IIoT is becoming the newest tech to be embraced by Controlled Environment Agriculture (CEA).

  • Part Traceability Needs to be Taken Seriously

    I was on a standards writing committee call two weeks ago discussing part traceability with customers on the committee. I wanted them to accept this requirement in the standard “c. Maintain inventory control of received parts sufficient to have positive traceability as to the supplier of the parts. Parts from different suppliers will not be comingled.” The thinking here is that by having this traceability, customers will know whose product is giving them problems. I was amazed by the response.
8209 Views
Tagged With: IIoT, hardware protection, IoT

Search

Categories

Featured Authors

All Authors

Show More Show More
View Blogs by Date

Archives