With the widespread adoption of the Internet of Things (IoT) applications, IoT devices have gradually become a part of our daily lives. However, these products have also become targets for malicious attacks. Ensuring the security of IoT devices has become a crucial issue in the product development process. This article will introduce you to the network security challenges faced by IoT applications and the features of the solutions introduced by Silicon Labs to address these issues.
The Internet of Things devices have become targets for malicious attacks
IoT devices are permeating various aspects of our lives, and over time, both consumers and businesses have gradually adopted IoT products to enhance the convenience of daily life and work. However, hackers and malicious actors, who traditionally targeted computers, are now shifting their focus towards IoT devices. Strengthening the security of IoT devices has become a concern for product developers, governments, and consumers alike.
IoT attacks typically occur in two ways: remote attacks targeting devices over the internet and local attacks where attackers have physical proximity to the target device. Remote or logical attacks target software, while local or physical attacks target the chip within the device itself. In the past, most network attacks were initiated remotely by individuals, but in recent years, organized efforts have focused on attacks and ransomware for substantial sums, moving away from targeting individuals for a few hundred dollars to attacking and extorting millions from corporate.
Moreover, once hackers gain access to a corporate's network systems, they use existing tools to infiltrate and schedule attacks at specific times when defense systems are likely to be compromised, delaying the corporate's response time. Another trend is the shift of attacks from remote to local, partly because personnel responsible for securing corporate networks have performed well in defending against cloud-centric attacks, making it more challenging for attackers to breach IT infrastructure from the internet.
With the increased awareness of network security in enterprises, criminals are turning to pivot attacks. Pivot attacks target end node devices with the goal of exploiting them to attack higher-level infrastructure. Since end node devices were not traditionally considered targets and often have weak built-in security, coupled with the rise of IoT and Industrial IoT, there has been a significant increase in the number of underlying smart devices. This makes these IoT and Industrial IoT devices easily accessible in the market, allowing hackers to spend time searching for vulnerabilities and entry points, thus increasing the risk of intrusion into these IoT devices.
The focus of ransomware attacks is shifting from IT to OT centers
Ransomware has not only become more targeted but is also shifting its focus from Information Technology (IT) to Operational Technology (OT). This shift is due to the relevance of OT to the primary objectives of running a business, such as applications related to building automation, factory automation, or building control. Disruptions in business continuity for these types of operations can result in significant financial losses. Attackers are aware that these operations can cause substantial damage to businesses, making them willing to pay a ransom.
The ability to profit is driving the shift of focus towards OT as a target, but it's not the sole factor. Ease of deployment is also a significant reason, as operational devices, including manufacturing systems, robots, fire alarm systems, and access control systems, often lack built-in security due to cost considerations. The trends of the IoT and Industrial IoT are introducing devices into systems that didn't exist previously. Particularly for Industrial IoT, inexpensive sensors are often placed on the factory floor, sending data to the cloud. These devices may come from very small companies or startups that lack resources to focus on best-in-class security features.
Each sensor introduces a new attack vector and could become a method to cause critical systems to fail, with the downtime being used to ransom significant amounts for service restoration. Inexpensive sensors from around the world are more accessible in the supply chain and are studied and exploited in well-equipped hacker labs. For example, consider the scenario of a fire alarm system in a high-rise office building in the New York financial district being compromised. The alarm system might be triggered, evacuating people from a 300-story building. What if the access control system of the same building is also compromised? Strategically placed circuit breakers might even plunge an entire city into darkness. Imagine how much ransom a criminal could demand in such a situation, and demanding a ransom of a billion dollars, given the amount lost per minute, is not an implausible scenario.
Government attention to cybersecurity standards is increasing steadily
In response to the demands of cybersecurity, the California government in the United States enacted the California Consumer Privacy Act, which came into effect on January 1, 2020. The law mandates the inclusion of 'reasonable' security features applicable to the nature and functionality of the devices, as well as the information collected, contained, or transmitted by the devices. The design of these features must be capable of protecting the device and any information it contains from unauthorized access, destruction, use, modification, or disclosure. It also requires that pre-programmed passwords in each manufactured device be unique. In essence, the law demands that these devices be resistant to hacking. Many other U.S. states have introduced similar legislation, affecting approximately 30% of the U.S. population.
For the United States, the National Institute of Standards and Technology (NIST) serves as the governing body to determine what is considered 'reasonable.' We can anticipate that more legislation and court cases will continue to guide future laws. NIST has released NISTIR 8259A, establishing a cybersecurity baseline for scalable IoT devices, and led the development of the UL 2900-1 standard, which clarified the general requirements for software cybersecurity of network-connectable products specifications.
The United States is not the only country committed to ensuring the security of IoT devices. The United Kingdom and other European countries are currently collaborating within the European Telecommunications Standards Institute (ETSI) to formulate similar normative security features for consumer IoT. ETSI is recognized by the European Commission and is responsible for developing European Information and Communication Technology (ICT) standards. NISTIR 8259A shares many similar themes, requiring security features such as software/firmware updatability and ensuring the integrity of software, which will necessitate secure boot and secure updates for embedded device firmware. In addition, ETSI has also launched the EN 303 645 standard, which is the first cybersecurity standard for global consumer IoT devices and aims to combine technical and organizational measures to achieve good practices in cybersecurity.
The platform for safeguarding the security requirements of IoT devices
In order to assist customers in addressing the challenges posed by evolving security trends and complying with regulations, Silicon Labs has introduced Secure Vault, an award-winning platform designed to protect and future-proof IoT devices. Recently, it became the first IoT security solution to achieve PSA Certified Level 3 status. One of the key categories of Secure Vault involves providing new security features, including secure device identity, secure key management and storage, as well as advanced tamper detection.
As part of this process, Secure Vault utilizes unique digital fingerprints generated by physically unclonable functions. This can then be used to create AES symmetric keys, which physically disappear when the system loses power, making the AES symmetric key virtually non-existent even when the chip is powered off. This is an extremely effective solution to address key management challenges, and this feature can be extended to support a multitude of keys based on the needs of the developer's application. Secure Vault also includes a tamper detection system; once a tampering event occurs, the device shuts down, and the keys cannot be reconstructed. Secure Vault is the most advanced hardware and software security protection suite available today, providing secure device identity certificates. Conceptually similar to a birth certificate for each chip, it enables post-deployment security, authenticity, and attestation-based health checks, ensuring the authenticity of the chip throughout its lifecycle.
Secure Vault also supports advanced tamper detection features, allowing developers to set appropriate response actions when the device encounters unexpected behaviors (such as extreme voltage, frequency, and temperature variations that may indicate vulnerabilities). Secure Vault also supports secure key management and storage, a central component that encrypts keys and isolates them from application code, using a master key encryption key (KEK) generated by physically unclonable functions (PUF) to prevent direct access to IoT devices and their data hardware.
The wireless SoC that supports the security features of Secure Vault
Silicon Labs has introduced a series of products enabled with Secure Vault, including the EFR32FG23 Sub-GHz Wireless SoC, EFR32MG24 Series 2 Multiprotocol Wireless SoC and EFR32MG27 Series 2 Multiprotocol Wireless SoC. All Series 2 products can be included in the Secure Vault category, including xG21, xG22, xG23, xG24, xG25, xG27 and xG28.
The EFR32FG23 Flex Gecko Sub-GHz Wireless SoC is an ideal solution for sub-GHz IoT wireless connectivity for smart home, security, lighting, building automation, and metering. The high-performance sub-GHz radio provides long range and is not susceptible to 2.4 GHz interference from technologies. The single die, multi-core solution, provides industry leading security, low power consumption with fast wakeup times, and an integrated power amplifier to enable the next generation of secure connectivity for IoT devices.
The EFR32MG24 Series 2 Multiprotocol Wireless SoCs are ideal for mesh IoT wireless connectivity using Matter, OpenThread and Zigbee protocols for smart home, lighting, and building automation products. With key features like high performance 2.4 GHz RF, low current consumption, an AI/ML hardware accelerator and Secure Vault™, IoT device makers can create the smart, robust, and energy-efficient products that are secure from remote and local cyber-attacks. An ARM Cortex®-M33 running up to 78 MHz and up to 1.5 MB of Flash and 256 kB of RAM provides resources for demanding applications while leaving room for future growth. Target applications include gateways and hubs, sensors, switches, door locks, LED lighting, luminaires, location services, predictive maintenance, glass break detection, wake-word detection, and more.
Also, the EFR32MG27 SoC expands Silicon Labs’ Zigbee portfolio and has been developed specifically for low power, small form factor end-devices. The integrated DCDC Boost provides IoT device makers the ability to run down to 0.8 Volts, enabling the use of single-cell alkaline and button cells to reduce the device form factor and cost.
Additionally, all Series 2 products include an integrated security subsystem and can fully leverage Secure Vault technology. Secure Vault provides leading security software features and Physical Unclonable Function (PUF) hardware technology to significantly reduce the risks of IoT security vulnerabilities and intellectual property compromise.
All current Series 2 products are easily migratable using Simplicity Studio 5 development tools. They can utilize development kits, SDKs, mobile apps, Silicon Labs' energy profiler, and patented network analyzers to expedite time-to-market for products.
Conclusion
IoT devices are widely used in personal, home, and business environments. However, this also provides a potential attack vector for malicious actors. Therefore, the security of IoT devices should not be considered an optional feature but a necessary one. Silicon Labs' Secure Vault comprises a comprehensive set of cutting-edge advanced security features designed to address evolving IoT threats significantly. It greatly reduces the risk of security vulnerabilities in the IoT ecosystem, minimizing the impact of intellectual property or revenue loss due to counterfeiting. Adopting Secure Vault can enhance the security of IoT devices, making it worthwhile for manufacturers developing related products to further explore and implement.