In just a few short years, connected devices of the Internet of Things (IoT) have gone from concepts to reality and as a result there are now major concerns regarding their initial development. The consensus opinion is that communication standards, power, and security are the major issues for connected device vendors, with security viewed as the highest priority in analysts’ opinion. These issues are best addressed during the design stage or RTL but are often overlooked in order to hasten production.
Vendors such as Wind River have distributed white papers on the subject of IoT security and they typically include statements such as “As every player with a stake in IoT is well aware, security is paramount for the safe and reliable operation of IoT connected devices. It is, in fact, the foundational enabler of IoT.”1 This statement is supported by the work of researchers at the 2016 BlackHat conference where they demonstrated how to hack into smart lightbulbs, medical devices, and many other connected devices.2
"After a couple of years of bullish forecasts and big promises, IoT security seems to be the biggest concern."
Image and quote courtesy of TopTal3
Is “Wait and See” an Acceptable IoT Security Plan?
There are several reasons why many IoT vendors prefer to “wait and see” with respect to IoT security. The first reason is that IoT devices are very hardware-centric, thus requiring silicon-level security at the heart of every integrated circuit (IC). Security is a new issue that most designers of ICs have not faced before, and thus they lack the expertise needed to address it. Secondly, like any new, fast, and growing market, IoT vendors want to get their products to the market first. The idea of adding additional steps for security verification to their IC design process is often unthinkable because it slows down initial product shipments. Lastly, IoT vendors do not want to exceed their operating budget because they are usually startups with cash constraints. In general, these requests for more money usually do not bode well with executive management.
“Since engineers who build IoT devices aren’t necessarily network security experts, they leave many security gaps behind. And since IoT devices are always online, every single one of them can become an attack vector and a point of infiltration for hackers.”4
The most successful IoT vendors are those that take action now. Here’s why:
- Accountability: The IC design community is quickly adopting standards for silicon security. For example, Intel has recently published a paper describing their Hardware Security Development Lifecycle (HSDL). The Intel paper describes how a structured flow of analysis and test activities organized in five phases accelerates the discovery and resolution of silicon security issues.5
Design-for-security (DFS) methodologies and tools are now available that integrate seamlessly into RTL design flows. Note that there is a difference between functional and security verification, with requirements for a completely different set of software tools and design processes. You can learn about DFS in greater detail in Tortuga Logic’s blog “Design-for-Security” found here.
In addition, Hardware Security Assessment (HSA) services are available that can quickly bootstrap an IC design group by insourcing silicon security expertise. Security verification experts work alongside your engineers to implement and execute a DFS flow on your current project. Not only is your current design ensured to be free of security vulnerabilities, but also your design group becomes trained with a proven methodology, has installed a suite of security verification tools, and owns a library of proven security assertions for their next design project. Tortuga Logic is a leader in providing HSA services; more information can be found here.
Predictability: A consistent theme I’ve heard from executives in the electronics industry is that they can deal with bad news unless it’s late in the design cycle. Adopting a DFS flow in your RTL design flow eliminates unknown and potential surprises with respect to silicon security.
Schedules after all are just educated guesses based on prior knowledge and experience. As we’ve discussed, most IoT vendors have little silicon security background so it’s a fair assumption to say that their current IoT product schedules are grossly inaccurate. For those that fear a delay in their product release schedules due to DFS will live with a sense of false security because it is not a matter of “if” the design will get hacked, it is a matter of “when”. IoT product schedules are optimistic and not an accurate estimate of reality due to the new requirements of IoT security.
It is a prudent business decision to acknowledge that the IoT has brought with it the need to add DFS to product development. Bringing “bad news” to executive management regarding delayed schedules is tolerable when acknowledged sooner rather than later. Executives appreciate engineering teams that are proactive and provide solutions to re-enable accurate scheduling.
Keep in mind, it is now commonly believed that software security is not sufficient to protect your IoT products. Even software security vendors are now urging IoT vendors to secure their silicon:
“To do it [IoT security] right, it has to be done at the hardware level.”6 said Damon Kachur, Global Business Development manager at Symantec Corporation.
So if you were hoping that implementing a secure OS with some data encryption was satisfactory for securing your IoT product, think again. Don’t be caught unaware by expensive, extensive, and foreseeable security vulnerabilities. Embrace DFS and the peace of mind that comes with it. It is undeniable that managing product development is made easier by realistic and accurate schedules.
Sales Enablement: Customers want to know whether the silicon in their products is secure. When a silicon security vulnerability is discovered late in the design cycle or after the product has shipped it can cost hundreds of millions of dollars to fix it. The cost of fixing security vulnerabilities is roughly equivalent to fixing defects – and the chart below shows what happens when you find vulnerabilities late.
The best question to ask is “Will your company be able to fund a product recall and security resolution if a security vulnerability is found in the field?” That being said, how can a company be competitive in the IoT market when it is paying the cost of testing for security vulnerabilities while competitors enjoy the much lower cost of designing for silicon security? At the very least, it is pragmatic to assess the real cost of implementing DFS into your design process. You will be surprised to find it is certainly affordable and offers a very good return-on-investment.
The excitement of the IoT is diminished by the threat of a security vulnerability. People, processes, and tools are available now to provide your company with a predictable, low risk, and affordable DFS solution for silicon security. Acting in a forward thinking manner will improve your company’s branding as leaders in IoT security and protect them from unforeseen significant expenses should a security issue arise in the field.
About Jason Oberg
Dr. Oberg is one of the co-founders and Chief Executive Officer of Tortuga Logic. He oversees technology and strategic positioning of the company. He is the founding technologist of the company and has brought years of intellectual property into the company that he successfully transferred out of the University of California. Dr. Oberg is leading the company to meet all milestones including raising capital, tripling the team size, putting together strategic partnerships, and generating revenue on all products and services. Dr. Oberg has a B.S. degree in Computer Engineering from the University of California, Santa Barbara and M.S. and Ph.D. degrees in Computer Science from the University of California, San Diego.
Wind River White Paper: “Security in the Internet of Things”
Wall Street Journal: “At Black Hat, the ‘Internet of Things’ Gets Put Through Its Paces” http://www.wsj.com/articles/at-black-hat-the-internet-of-things-gets-put-through-its-paces-1469957403
TopTal: “Are We Creating An Insecure Internet of Things (IoT)? Security Challenges and Concerns”: https://www.toptal.com/it/are-we-creating-an-insecure-internet-of-things
Tech Talks: Five Domains Where IoT Security Needs to be Addressed https://bdtechtalks.com/2015/11/04/5-domains-where-iot-security-needs-to-be-addressed/comment-page-1/
Khattri et al.,”HSDL: A Security Development Lifecycle for Hardware Technologies”, 2012 IEEE International Symposium on Hardware-Oriented Security and Trust