Securing Devices in the Internet of Things

Similar documents
SECURING DEVICES IN THE INTERNET OF THINGS

SECURING DEVICES IN THE INTERNET OF THINGS

Building Trust in the Internet of Things

Security: The Key to Affordable Unmanned Aircraft Systems

Achieving End-to-End Security in the Internet of Things (IoT)

Teradata and Protegrity High-Value Protection for High-Value Data

THE RTOS AS THE ENGINE POWERING THE INTERNET OF THINGS

Transforming Security from Defense in Depth to Comprehensive Security Assurance

Securing Privileged Access and the SWIFT Customer Security Controls Framework (CSCF)

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

Combating Cyber Risk in the Supply Chain

White Paper. Why IDS Can t Adequately Protect Your IoT Devices

CyberArk Privileged Threat Analytics

6 Vulnerabilities of the Retail Payment Ecosystem

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Aerohive and IntelliGO End-to-End Security for devices on your network

Protect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com

ATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK

JUST WHAT THE DOCTOR ORDERED: A SOLUTION FOR SMARTER THERAPEUTIC DEVICES PLACEHOLDER IMAGE INNOVATORS START HERE.

CS 356 Operating System Security. Fall 2013

Protect Your End-of-Life Windows Server 2003 Operating System

BUILDING A NEXT-GENERATION FIREWALL

Protect Your End-of-Life Windows Server 2003 Operating System

Christopher Covert. Principal Product Manager Enterprise Solutions Group. Copyright 2016 Symantec Endpoint Protection Cloud

PCI DSS v3.2 Mapping 1.4. Kaspersky Endpoint Security. Kaspersky Enterprise Cybersecurity

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Improving Security in Embedded Systems Felix Baum, Product Line Manager

Internet of Things Toolkit for Small and Medium Businesses

NEW LIFE FOR EMBEDDED SYSTEMS IN THE INTERNET OF THINGS

Securing IoT with the ARM mbed ecosystem

Simplify PCI Compliance

10 FOCUS AREAS FOR BREACH PREVENTION

THE STATE OF ENDPOINT PROTECTION & MANAGEMENT WHY SELF-HEALING IS THE NEW MANDATE

AKAMAI CLOUD SECURITY SOLUTIONS

AVAYA SDN Fx HEALTHCARE SOLUTION BRIEF

McAfee Embedded Control

Mitigating Security Breaches in Retail Applications WHITE PAPER

Challenges and. Opportunities. MSPs are Facing in Security

Using Threat Analytics to Protect Privileged Access and Prevent Breaches

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access

Privileged Account Security: A Balanced Approach to Securing Unix Environments

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft

PrecisionAccess Trusted Access Control

Best Practices in Securing a Multicloud World

Employee Security Awareness Training

McAfee Embedded Control

Say Yes to BYOD How Fortinet Enables You to Protect Your Network from the Risk of Mobile Devices WHITE PAPER

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Elevation of Privilege

WHITE PAPER. AirGap. The Technology That Makes Isla a Powerful Web Malware Isolation System

PROTECTION FOR WORKSTATIONS, SERVERS, AND TERMINAL DEVICES ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY

Eliminating the Blind Spot: Rapidly Detect and Respond to the Advanced and Evasive Threat

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Five Steps to Improving Security in Embedded Systems

MODERN DESKTOP SECURITY

Multi-Layered Security Framework for Metro-Scale Wi-Fi Networks

Complying with RBI Guidelines for Wi-Fi Vulnerabilities

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

SECURITY PRACTICES OVERVIEW

NETSURION DEFENSE AGAINST BACKOFF: How Netsurion Effectively Protected Against Threats

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

TRAPS ADVANCED ENDPOINT PROTECTION

The Problem with Privileged Users

An ICS Whitepaper Choosing the Right Security Assessment

McAfee Embedded Control for Retail

Secure Application Development. OWASP September 28, The OWASP Foundation

Security Enhancements

THREAT INTELLIGENCE: UNDERSTANDING WHAT IT IS AND WHY YOU NEED IT

INSIDE. Symantec AntiVirus for Microsoft Internet Security and Acceleration (ISA) Server. Enhanced virus protection for Web and SMTP traffic

The 2017 State of Endpoint Security Risk

Total Security Management PCI DSS Compliance Guide

BUILDING A SMARTER SMART GRID: COUNTERACTING CYBER-THREATS IN ENERGY DISTRIBUTION

Cybersecurity for Health Care Providers

The Value of Automated Penetration Testing White Paper

Perimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN

Make security part of your client systems refresh

Cybersecurity and Hospitals: A Board Perspective

Mobile Field Worker Security Advocate Series: Customer Conversation Guide. Research by IDC, 2015

Mobility, Security Concerns, and Avoidance

The Top 6 WAF Essentials to Achieve Application Security Efficacy

Computer Security Policy

THE ACCENTURE CYBER DEFENSE SOLUTION

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Virus Outbreak

SIEMLESS THREAT DETECTION FOR AWS

How CyberArk can help mitigate security vulnerabilities in Industrial Control Systems

Designated Cyber Security Protection Solution for Medical Devices

Insider Threat Program: Protecting the Crown Jewels. Monday, March 2, 2:15 pm - 3:15 pm

Trusted Computing Group

mhealth SECURITY: STATS AND SOLUTIONS

Application and Data Security with F5 BIG-IP ASM and Oracle Database Firewall

Kaspersky Enterprise Cybersecurity. Kaspersky Security Assessment Services. #truecybersecurity

WHITEPAPER. Vulnerability Analysis of Certificate Validation Systems

Virtual Patching in Mixed Environments: How It Works to Protect You

10 Steps to Virtualization

Security Solutions. Overview. Business Needs

CipherCloud CASB+ Connector for ServiceNow

Cyber Security Solutions Mitigating risk and enhancing plant reliability

SECURE SYSTEMS, NETWORKS AND DEVICES SAFEGUARDING CRITICAL INFRASTRUCTURE OPERATIONS

INSIDE. Integrated Security: Creating the Secure Enterprise. Symantec Enterprise Security

Transcription:

AN INTEL COMPANY Securing Devices in the Internet of Things WHEN IT MATTERS, IT RUNS ON WIND RIVER

EXECUTIVE SUMMARY Security breaches at the device level in the Internet of Things (IoT) can have severe consequences, including steep financial losses, damage to credibility and trust, or even endangerment of human life. Several high-profile data compromises illustrate that large-scale breaches typically result from not one but multiple points of failure. Closing any one of these gaps can help mitigate a breach or at least minimize the damage. Yet designing security into devices poses different challenges from securing enterprise software or networks. How can developers know how much security is just enough to protect a device without hindering performance? Based on a real-world case study, this paper explores the criteria for determining the security requirements of devices connected to IoT infrastructures. It also presents a flexible and scalable approach for implementing cost-effective security measures. TABLE OF CONTENTS Executive Summary... 2 Securing the Point of Interaction... 3 Designing for Just Enough Security... 3 The Four Pillars of Device Security.... 4 Case Study: Identity Theft at the Point of Sale... 4 Lessons Learned: How to Prevent IoT Infrastructure Breaches... 5 A Scalable Approach to Device Security... 5 Conclusion.... 6 2 White Paper

SECURING THE POINT OF INTERACTION Device security in the Internet of Things is of paramount importance. After all, devices are the things in IoT that actually perform the system function and generate the data the system relies on. They are often the points at which humans interact with the system. Securing devices is particularly problematic because they are vulnerable to both physical tampering and network-borne threats. The consequences of a compromise can be severe. Large-scale consumer identity theft can destroy a commercial enterprise s reputation and credibility. A breach of a process controller on an industrial shop floor can cause costly downtime and safety hazards. And in the case of networked medical devices, a breach can put lives at risk. When a large-scale breach of devices occurs, it is typically not the result of a single point of failure but a series of failures at multiple points of vulnerability. Closing the gap at any one of those points can go a long way toward preventing a breach altogether, or at least detecting an attack in progress and limiting the damage. Developers need to address security at the device design phase, which requires identifying those potential vulnerabilities based on how and where the device will be used. There are a number of security measures device manufacturers can take. The challenge is determining how much or how little security is needed, and which measures will be most effective. DESIGNING FOR JUST ENOUGH SECURITY Designing security into devices for IoT applications poses different challenges from securing enterprise software or networks. Embedded devices generally have a small footprint, and computing resources are limited. Too much security functionality can hinder the performance of the device or the system and increase the overall cost of development. Yet too little can leave critical points unprotected. The trick is building just enough security to mitigate a breach and the challenge for developers is figuring out how much is just enough (see Figure 1). The answer depends on three key criteria: 1. The environment in which the device will be deployed: Is the device in a shopping mall, visible to thousands of people and at risk of tampering? Or is it behind locked doors in a secure facility? These contrasting scenarios raise different types of security considerations. 2. How the device will connect and communicate: How is the device connected to a network? Will it communicate over the air via a protocol such as ZigBee or Wi-Fi, which may necessitate some form of encryption? Is it behind a firewall? Is it connected to the public Internet or to a private intranet, where it would be less vulnerable to outside interference? 3. The type of data the device is storing: Is the device collecting sensitive data, such as personal financial or medical information? Or is it capturing less-sensitive information such as weather conditions? The latter case would likely require a lower level of security than the former. All threat scenarios addressed Flexible implementation to match the level of threat The answers to these questions will help you determine the security features you need to integrate into the device s operating system to ensure the appropriate level of security. To give yourself optimal flexibility, it is helpful to use a real-time operating system that does not lock you into a set of prescribed security functions, but instead gives a menu of security functionality from which you can choose the features you need. Environment (Where the device is installed) Access Points (Access points to the device in operation) Storage (Type of data stored on the device) Figure 1: Three criteria for designing just enough security 3 White Paper

THE FOUR PILLARS OF DEVICE SECURITY In addition to addressing these three key criteria for determining the right level of security, developers need to account for security at each phase of the device lifecycle (see Figure 2). Design: At the inception, it s critical to prevent the introduction of malicious code during the development process. Prevention measures might include using software development lifecycle (SDL) tools to look for security vulnerabilities in the code, assuring the origin and authenticity of the software components, and developing on platforms that were created with a securitycentric process such as IEC 62443 or IEC 27034. Execute: In the execution phase, the goal is to establish a root of trust to prevent untrusted binaries from running, which in turn ensures that the right software is in place on the right hardware and that they trust each other. Establishing a root of trust might entail the use of secure boot technology and digital signatures. Operate: Multiple measures can be deployed to prevent malicious attacks while running, including controls to deter unauthorized access and securing networks using encryption. Power down: When the device is at rest, important information such as configuration and credentials should not be left readily accessible, so the use of encrypted storage is recommended. CASE STUDY: IDENTITY THEFT AT THE POINT OF SALE A major U.S. retailer suffered a security breach that resulted in the theft of millions of customer credit and debit card numbers. The breach actually compromised the point of sale (POS) devices that capture credit card information from customer transactions. How did this happen? As shown in Figure 3, first the hackers obtained stolen credentials from a maintenance vendor that allowed access to the company s HVAC systems, which happened to be on the same network as the POS devices. This afforded the hackers virtually unfettered access to the company s cash registers. Once inside, the hackers were able to reverse engineer the code running the POS devices. They then inserted malware that fooled the cash registers into running compromised binary code, allowing them to capture, extract, and transmit credit card data in real time as customers swiped their cards through the machines. The breach went undetected for weeks, and could potentially have gone on indefinitely had outside investigators not discovered it and alerted the retailer. Compromise user credentials on HVAC device Get direct access to corporate network via HVAC Design Execute Operate Power Down Prevent non-secure code from being developed Prevent untrusted binaries from executing Prevent malicious attacks in operation Prevent onboard data access when at rest Gain access to cash registers Reverse engineer software and insert malicious code Fool cash register into running compromised binaries Extract sensitive data and transmit outside network 40 million credit cards stolen; $450 million lost by retailer Figure 2. The four pillars of device security Remain undetected for months Figure 3. Case study: Identity theft at the point of sale 4 White Paper

In deconstructing the incident, it became clear that it was not the result of a single failure, but rather a series of failures at various points throughout the system: The retailer had not isolated the HVAC system from the corporate network. The POS devices themselves were allowed to accept any type of connection. The code running the devices was not encrypted. There was no capability of screening for unknown or unrecognized code entering the system. The operating system had no access control. There was no overall health monitoring system. Had the designers, developers, or operators of the system addressed even a few of these vulnerabilities, they might have been able to thwart the attack, or at least diminish its scale. Lessons Learned: How to Prevent IoT Infrastructure Breaches For each of the vulnerabilities cited in the case study, there is at least one countermeasure that could have been employed: Network separation could have isolated the HVAC system from the corporate network. Isolating the system would have closed a fairly easy point of intrusion into the POS devices. Device firewalling might have prevented access to the POS devices, and the devices could have been programmed to accept only recognized, trusted code. This would have made it far more challenging for intruders to gain unauthorized access to the cash registers. Encrypting the application binaries running the devices would have made reverse engineering more difficult, if not impossible. With a root of trust in place, unrecognized and malicious binaries would not have been allowed to install themselves and could not have executed and fooled the cash registers. With proper access controls to sensitive processes, the operating system could have restricted specific tasks to specific users, preventing unauthorized users from extracting transaction data from the devices and blocking data from transmitting out of the network. Health monitoring might have enabled IT operators to detect anomalies in device behavior and improved chances of detection before the attack did serious damage. Any one of these measures might have helped avert such a largescale data security catastrophe, or at least minimized the damage. And such preventive measures apply to any type of device that an attacker may want to target. Imagine a similar scenario with a network of medical or industrial devices, where the damages from a security breach could be far more serious than just financial or reputational. The good news is that there are a number of ways to implement adequate security measures quickly and without harming device performance or slowing time-to-market. A SCALABLE APPROACH TO DEVICE SECURITY Security does not always require preventive measures at every point of vulnerability. Often it makes sense to start with a few measures to secure the device for deployment, then add security functionality as you progress through the device lifecycle. You can achieve this with an operating system that allows you to scale and add features over time as new threats become apparent. The security features in VxWorks provide an example of a technology that allows this type of scalable approach. VxWorks includes security capabilities designed for easy integration into your application. As shown in Figure 4, VxWorks has features that address each of the four pillars of security across the device lifecycle typical of any type of networked device (the same vulnerabilities exposed in the retail breach case study). Secure development lifecycle IEC 62443 IEC 27034 Design Execute Operate Power Down Secure boot Secure loader Encrypted binaries Crypto libraries Kernel hardening Access control User management Network security (SSL/TLS) Secure storage Figure 4. VxWorks addresses the four pillars of device security 5 White Paper

With VxWorks, you can select the security features you need based on your design criteria: deployment environment, communication and connectivity, and sensitivity of data stored. It enables you to implement blocking features at various levels to make it more difficult to infiltrate your security and breach your device. And it gives you the flexibility to add security functionality over time. CONCLUSION Security of devices has to be a prime concern of IoT system developers and device manufacturers, and needs to be addressed at the design stage. Building security into devices poses unique challenges devices require just enough security to mitigate intrusions without compromising device performance. Experience shows that attacks on devices typically exploit multiple points of vulnerability. Closing even a few of these gaps can mitigate the damage. Fortunately, technology such as the security features in VxWorks allows you to take a scalable approach to security, adding as much or as little as the device requires for its purposes, making it possible to control costs and deliver your devices on schedule while reducing the risks of security breaches. Wind River works closely with IoT developers and device manufacturers to solve security issues while addressing their project and budget constraints. Contact us at www.windriver.com/company/contact to learn how Wind River experts can help you address embedded security issues from today s and tomorrow s cyberthreats. Wind River is a global leader in delivering software for IoT. Its technology is found in more than 2 billion devices and is backed by world-class professional services and customer support. Wind River is accelerating digital transformation of critical infrastructure systems that demand the highest levels of safety, security, performance, and reliability. 2019 Wind River Systems, Inc. The Wind River logo is a trademark of Wind River Systems, Inc., and Wind River and VxWorks are registered trademarks of Wind River Systems, Inc. Rev. 02/2019

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback