SECURING DEVICES IN THE INTERNET OF THINGS

Similar documents
SECURING DEVICES IN THE INTERNET OF THINGS

Securing Devices in the Internet of Things

Building Trust in the Internet of Things

Security: The Key to Affordable Unmanned Aircraft Systems

Teradata and Protegrity High-Value Protection for High-Value Data

Achieving End-to-End Security in the Internet of Things (IoT)

NEW LIFE FOR EMBEDDED SYSTEMS IN THE INTERNET OF THINGS

THE RTOS AS THE ENGINE POWERING THE INTERNET OF THINGS

6 Vulnerabilities of the Retail Payment Ecosystem

JUST WHAT THE DOCTOR ORDERED: A SOLUTION FOR SMARTER THERAPEUTIC DEVICES PLACEHOLDER IMAGE INNOVATORS START HERE.

Transforming Security from Defense in Depth to Comprehensive Security Assurance

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

BUILDING A SMARTER SMART GRID: COUNTERACTING CYBER-THREATS IN ENERGY DISTRIBUTION

Internet of Things Toolkit for Small and Medium Businesses

CS 356 Operating System Security. Fall 2013

PCI DSS v3.2 Mapping 1.4. Kaspersky Endpoint Security. Kaspersky Enterprise Cybersecurity

Securing Privileged Access and the SWIFT Customer Security Controls Framework (CSCF)

Aerohive and IntelliGO End-to-End Security for devices on your network

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

MODERN DESKTOP SECURITY

BUILDING A NEXT-GENERATION FIREWALL

CyberArk Privileged Threat Analytics

White Paper. Why IDS Can t Adequately Protect Your IoT Devices

Improving Security in Embedded Systems Felix Baum, Product Line Manager

Christopher Covert. Principal Product Manager Enterprise Solutions Group. Copyright 2016 Symantec Endpoint Protection Cloud

AKAMAI CLOUD SECURITY SOLUTIONS

Securing IoT with the ARM mbed ecosystem

Mitigating Security Breaches in Retail Applications WHITE PAPER

McAfee Embedded Control

Simplify PCI Compliance

Mobility, Security Concerns, and Avoidance

THE ACCENTURE CYBER DEFENSE SOLUTION

Privileged Account Security: A Balanced Approach to Securing Unix Environments

The Top 6 WAF Essentials to Achieve Application Security Efficacy

mhealth SECURITY: STATS AND SOLUTIONS

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

WHITE PAPER. AirGap. The Technology That Makes Isla a Powerful Web Malware Isolation System

10 FOCUS AREAS FOR BREACH PREVENTION

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats.

Employee Security Awareness Training

McAfee Embedded Control

Protect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Business Strategy Theatre

IPS with isensor sees, identifies and blocks more malicious traffic than other IPS solutions

Cybersecurity and Hospitals: A Board Perspective

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access

THE STATE OF ENDPOINT PROTECTION & MANAGEMENT WHY SELF-HEALING IS THE NEW MANDATE

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft

SECURITY PRACTICES OVERVIEW

AVAYA SDN Fx HEALTHCARE SOLUTION BRIEF

HOW TO CHOOSE A NEXT-GENERATION WEB APPLICATION FIREWALL

Say Yes to BYOD How Fortinet Enables You to Protect Your Network from the Risk of Mobile Devices WHITE PAPER

WHITEPAPER. Vulnerability Analysis of Certificate Validation Systems

Verizon Software Defined Perimeter (SDP).

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Elevation of Privilege

Combating Cyber Risk in the Supply Chain

Complying with PCI DSS 3.0

A QUICK PRIMER ON PCI DSS VERSION 3.0

Advanced Threat Defense Certification Testing Report. Symantec Corporation Symantec Advanced Threat Protection

Perimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN

Cisco Secure Boot and Trust Anchor Module Differentiation

SECURE SYSTEMS, NETWORKS AND DEVICES SAFEGUARDING CRITICAL INFRASTRUCTURE OPERATIONS

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview

Cybersecurity for Health Care Providers

COMPLETING THE PAYMENT SECURITY PUZZLE

PROTECTION FOR WORKSTATIONS, SERVERS, AND TERMINAL DEVICES ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY

Total Security Management PCI DSS Compliance Guide

McAfee Embedded Control for Retail

Using Threat Analytics to Protect Privileged Access and Prevent Breaches

THE BUSINESS CASE FOR OUTSIDE-IN DATA CENTER SECURITY

ATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK

Virtual Patching in Mixed Environments: How It Works to Protect You

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Virus Outbreak

Multi-Layered Security Framework for Metro-Scale Wi-Fi Networks

Best Practices in Securing a Multicloud World

TRAPS ADVANCED ENDPOINT PROTECTION

SECURE DATA EXCHANGE

PrecisionAccess Trusted Access Control

Designated Cyber Security Protection Solution for Medical Devices

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

Complying with RBI Guidelines for Wi-Fi Vulnerabilities

CipherCloud CASB+ Connector for ServiceNow

FIREWALL BEST PRACTICES TO BLOCK

Trusted Computing Group

Eliminating the Blind Spot: Rapidly Detect and Respond to the Advanced and Evasive Threat

The Credential Phishing Handbook. Why It Still Works and 4 Steps to Prevent It

Security Solutions. Overview. Business Needs

WHITEPAPER HEALTHCARE S KEY TO DEFEATING CYBERATTACKS

Vulnerabilities in online banking applications

Secure Application Development. OWASP September 28, The OWASP Foundation

Five Steps to Improving Security in Embedded Systems

Addressing PCI DSS 3.2

Cyber Attacks & Breaches It s not if, it s When

Fundamentals of Information Systems Security Lesson 5 Auditing, Testing, and Monitoring

Juniper Vendor Security Requirements

Protect Your End-of-Life Windows Server 2003 Operating System

The 2017 State of Endpoint Security Risk

Transcription:

SECURING DEVICES IN THE INTERNET OF THINGS

EXECUTIVE SUMMARY Security breaches at the device level in the Internet of Things (IoT) can have severe consequences, including steep financial losses, damage to credibility and trust, or even endangerment of human life. Several high-profile data compromises illustrate that large-scale breaches typically result from not one but multiple points of failure. Closing any one of these gaps can help mitigate a breach or at least minimize the damage. Yet designing security into devices poses different challenges from securing enterprise software or networks. How can developers know how much security is just enough to protect a device without hindering performance? Based on a real-world case study, this paper explores the criteria for determining the security requirements of devices connected to IoT infrastructures. It also presents a flexible and scalable approach for implementing cost-effective security measures. TABLE OF CONTENTS Executive Summary... 2 Securing the Point of Interaction... 3 Designing for Just Enough Security.... 3 The Four Pillars of Device Security.... 4 Case Study: Identity Theft at the Point of Sale... 4 Lessons Learned: How to Prevent IoT Infrastructure Breaches... 5 A Scalable Approach to Device Security... 5 Conclusion.... 6 2 White Paper

SECURING THE POINT OF INTERACTION Device security in the Internet of Things is of paramount importance. After all, devices are the things in IoT that actually perform the system function and generate the data the system relies on. They are often the points at which humans interact with the system. Securing devices is particularly problematic because they are vulnerable to both physical tampering and network-borne threats. The consequences of a compromise can be severe. Large-scale consumer identity theft can destroy a commercial enterprise s reputation and credibility. A breach of a process controller on an industrial shop floor can cause costly downtime and safety hazards. And in the case of networked medical devices, a breach can put lives at risk. When a large-scale breach of devices occurs, it is typically not the result of a single point of failure but a series of failures at multiple points of vulnerability. Closing the gap at any one of those points can go a long way toward preventing a breach altogether, or at least detecting an attack in progress and limiting the damage. Developers need to address security at the device design phase, which requires identifying those potential vulnerabilities based on how and where the device will be used. There are a number of security measures device manufacturers can take. The challenge is determining how much or how little security is needed, and which measures will be most effective. DESIGNING FOR JUST ENOUGH SECURITY Designing security into devices for IoT applications poses different challenges from securing enterprise software or networks. Embedded devices generally have a small footprint, and computing resources are limited. Too much security functionality can hinder the performance of the device or the system and increase the overall cost of development. Yet too little can leave critical points unprotected. The trick is building just enough security to mitigate a breach and the challenge for developers is figuring out how much is just enough (see Figure 1). The answer depends on three key criteria: 1. The environment in which the device will be deployed: Is the device in a shopping mall, visible to thousands of people and at risk of tampering? Or is it behind locked doors in a secure facility? These contrasting scenarios raise different types of security considerations. 2. How the device will connect and communicate: How is the device connected to a network? Will it communicate over the air via a protocol such as ZigBee or Wi-Fi, which may necessitate some form of encryption? Is it behind a firewall? Is it connected to the public Internet or to a private intranet, where it would be less vulnerable to outside interference? 3. The type of data the device is storing: Is the device collecting sensitive data, such as personal financial or medical information? Or is it capturing less-sensitive information such as weather conditions? The latter case would likely require a lower level of security than the former. All threat scenarios addressed Flexible implementation to match the level of threat The answers to these questions will help you determine the security features you need to integrate into the device s operating system to ensure the appropriate level of security. To give yourself optimal flexibility, it is helpful to use a real-time operating system that does not lock you into a set of prescribed security functions, but instead gives a menu of security functionality from which you can choose the features you need. Environment (Where the device is installed) Access Points (Access points to the device in operation) Storage (Type of data stored on the device) Figure 1: Three criteria for designing just enough security 3 White Paper

THE FOUR PILLARS OF DEVICE SECURITY In addition to addressing these three key criteria for determining the right level of security, developers need to account for security at each phase of the device lifecycle (see Figure 2). Design: At the inception, it s critical to prevent the introduction of malicious code during the development process. Prevention measures might include signed binary delivery, assuring the authenticity and non-alteration of code, and developing on a software platform that has been certified under industrial security standards such as IEC 62443 and IEC 27034. Execute: In the execution phase, the goal is to establish a root of trust to prevent untrusted binaries from running, which in turn ensures that the right software is in place on the right hardware and that they trust each other. Establishing a root of trust might entail the use of secure boot technology and cryptographic key signatures to prevent unsigned code from executing. Operate: Multiple measures can be deployed to prevent malicious attacks in operation mode, including controls to prevent unauthorized access and securing networks using encryption. Power down: When the device is at rest, measures such as encrypted storage and secure data containers should be in place to prevent onboard data access. CASE STUDY: IDENTITY THEFT AT THE POINT OF SALE A major U.S. retailer suffered a security breach that resulted in the theft of millions of customer credit and debit card numbers. The breach actually compromised the point of sale (POS) devices that capture credit card information from customer transactions. How did this happen? As shown in Figure 3, first the hackers obtained stolen credentials from a maintenance vendor that allowed access to the company s HVAC systems, which happened to be on the same network as the POS devices. This afforded the hackers virtually unfettered access to the company s cash registers. Once inside, the hackers were able to reverse engineer the code running the POS devices. They then inserted malware that fooled the cash registers into running compromised binary code, allowing them to capture, extract, and transmit credit card data in real time as customers swiped their cards through the machines. The breach went undetected for weeks, and could potentially have gone on indefinitely had outside investigators not discovered it and alerted the retailer. Compromise user credentials on HVAC device Get direct access to corporate network via HVAC Signed binary delivery Secure development lifecycle IEC 62443 IEC 27034 Design Execute Operate Power Down Secure loader Encrypted binaries UEFI trusted boot Signed binary app authentication Anti-tampering Unauthorized access control Unified user management Network security SSL/SSH IPsec/IKE Encrypted storage TrueCrypt compatible containers Gain access to cash registers Reverse engineer software and insert malicious code Fool cash register into running compromised binaries Extract sensitive data and transmit outside network Remain undetected for months 40 million credit cards stolen; $450 million lost by retailer Figure 2. The four pillars of device security Figure 3. Case study: Identity theft at the point of sale 4 White Paper

In deconstructing the incident, it became clear that it was not the result of a single failure, but rather a series of failures at various points throughout the system: The retailer had not isolated the HVAC system from the corporate network. The POS devices themselves were allowed to accept any type of connection. The code running the devices was not encrypted. There was no capability of screening for unknown or unrecognized code entering the system. The operating system had no access control. There was no overall health monitoring system. Had the designers, developers, or operators of the system addressed even a few of these vulnerabilities, they might have been able to thwart the attack, or at least diminish its scale. Lessons Learned: How to Prevent IoT Infrastructure Breaches For each of the vulnerabilities cited in the case study, there is at least one countermeasure that could have been employed: System virtualization could have isolated the HVAC system from the corporate network. Isolating the system would have closed a fairly easy point of intrusion into the POS devices. Device firewalling might have prevented access to the POS devices, and the devices could have been programmed to accept only recognized, trusted code. This would have made it far more challenging for intruders to gain unauthorized access to the cash registers. Encrypting the application binaries running the devices would have made reverse engineering more difficult, if not impossible. With a root of trust in place, unrecognized and malicious binaries would not have been allowed to install themselves and could not have executed and fooled the cash registers. With proper access controls to sensitive processes, the operating system could have restricted specific tasks to specific users, preventing unauthorized users from extracting transaction data from the devices and blocking data from transmitting out of the network. Health monitoring might have enabled IT operators to detect anomalies in device behavior and improved chances of detection before the attack did serious damage. Any one of these measures might have helped avert such a largescale data security catastrophe, or at least minimized the damage. And such preventive measures apply to any type of device that an attacker may want to target. Imagine a similar scenario with a network of medical or industrial devices, where the damages from a security breach could be far more serious than just financial or reputational. The good news is that there are a number of ways to implement adequate security measures quickly and without harming device performance or slowing time-to-market. A SCALABLE APPROACH TO DEVICE SECURITY Security does not always require preventive measures at every point of vulnerability. Often it makes sense to start with a few measures to secure the device for deployment, then add security functionality as you progress through the device lifecycle. You can achieve this with an operating system that allows you to scale and add features over time as new threats become apparent. Security Profile for VxWorks is an example of a technology that allows this type of scalable approach. Security Profile provides a set of security capabilities designed for easy integration into the core VxWorks real-time operating system. As shown in Figure 4, the profile enhances the VxWorks Core Platform with features that address each of the four pillars of security across the device lifecycle typical of any type of networked device (the same vulnerabilities exposed in the retail breach case study). Design Execute Operate Power Down Prevent malicious code in development Prevent untrusted binaries from executing Prevent malicious attacks in operation Prevent onboard data access when at rest Figure 4. Security Profile for VxWorks addresses the four pillars of device security 5 White Paper

With Security Profile, developers can select the security features they need based on their design criteria: deployment environment, communication and connectivity, and sensitivity of data stored. It enables them to implement blocking features at various levels to make it more difficult to break through security and breach the device. And it gives them the flexibility to add security functionality over time. CONCLUSION Security of devices has to be a prime concern of IoT system developers and device manufacturers, and needs to be addressed at the design stage. Building security into devices poses unique challenges devices require just enough security to mitigate intrusions without compromising device performance. Experience shows that attacks on devices typically exploit multiple points of vulnerability. Closing even a few of these gaps can mitigate the damage. Fortunately, technology such as Security Profile allows developers to take a scalable approach to security, adding as much or as little as the device requires for its purposes, making it possible to control costs and deliver devices on schedule while reducing the risks of security breaches. Wind River works closely with IoT developers and device manufacturers to solve security issues while addressing their project and budget constraints. Contact us at windriver.com/company/contact to learn how Wind River experts and Security Profile for VxWorks can help you better protect your devices and data. Wind River is a world leader in embedded software for intelligent connected systems. The company has been pioneering computing inside embedded devices since 1981, and its technology is found in nearly 2 billion products. To learn more, visit Wind River at www.windriver.com. 2016 Wind River Systems, Inc. The Wind River logo is a trademark of Wind River Systems,Inc., and Wind River and VxWorks are registered trademarks of Wind River Systems, Inc. Rev. 03/2016

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback