Why the IoT needs multi-layer security

---

When it comes to the Internet of Things, you’re only as a strong as your weakest link. 

---

The notion of security being only as strong as its weakest link is especially true for the Internet of Things. When it comes to connected devices, security must be strong at all layers, closing any possible open doors and windows that an attacker can crawl through. Otherwise, if they can’t get in on ther first floor, they will try another.

Internet security has been built mainly upon Transport Layer Security, or TLS. TLS provides confidentiality, data integrity and authentication of the communication channel between an Internet user and a secure website. Once a secure communications channel is set up using a TLS method, for example, the other half of the true security equation is needed, namely applications layer security.

To understand this notion, think of logging into your bank account on the web. First, you go to the bank’s website, which will set up a secure channel using TLS. You know TLS is successful when you see the lock symbol and https (“S” for secure) in the browser. Then, you will be brought to a log-in page and prompted to enter your credentials, which is how the bank authenticates your identity, ensuring that you’re not some hacker trying to gain access into an unauthorized account. In this scenario, your password is literally a secret key and the bank has a stored copy of the password which it compares to what you entered. (You may recognize that this is literally symmetric authentication with a secret key, though the key length is very small.) Upon logging in, you are, in fact, operating at the application. This application, of course, being electronic banking.

So, as autonomous IoT nodes spread around the world like smart dust, how do those nodes ensure security? This can essentially be achieved using the same two steps:

• Set up Transport Layer Security to secure the communications channel using TLS or another methodology to get confidentiality, data integrity and confidentiality in the channel. This channel can be either wired or wireless.

• Set up Applications Layer Security to safeguard the information that will be sent through the communications channel by using cryptographic procedures. Among proven cryptographic procedures to do so are ECDSA for authentication, ECDH key agreement to create session keys, and encryption/decryption engines (such as AES that use the session keys) for encrypting and decrypting messages. These methods make sure that the data source in the node (e.g. a sensor) is authentic, the data is confidential and has not been tampered with in any degree (integrity).

The reason that multi-layer security, particularly application layer security, is required is that attackers can get into systems at the edge nodes despite a secure channel. Long story short, TLS is not enough.

IoT nodes collect data, typically through some kind of sensor or acting on data via an actuator. A microcontroller controls the operation of the node and a chosen technology like Wi-Fi, Bluetooth and Zigbee provides the communications channel. The reason that application layer security needs to be added to the TLS is that, if an attacker can hack into the communications channel via any range of attacks (Heartbleed, BEAST, CRIME, TIME, BREACH, Lucky 13, RC4 biases, etc.), they can then intercept, read, replace and/or corrupt the sensor/actuator or other node information.

Unfortunately in the real world, TLS gets breached, making it not sufficient. As a result, true security requires both Transport Layer and Applications Layer Security. Think of it as a secure pipeline with secure data flowing inside. The crypto element — which are an excellent way to establish the Applications Layer Security for the IoT — gets in between the sensor and the MCU to ensure that the data from the sensor has all three pillars of security applied to it: confidentiality, integrity, and authentication (also referred to as “CIA”). CIA at both the transport and application layers is what will make an IoT node entirely secure.

Fortunately, Atmel has an industry-leading portfolio of crypto, connectivity and controller devices that are architected to easily come together to form the foundation of a secure Internet of Things. The company’s wireless devices support a wide spectrum of standards including Wi-Fi, Bluetooth, Bluetooth Low Energy and Personal Area Networks (802.15.4), not to mention feature hardware accelerated Transport Layer Security (TLS) and the strongest link security software available (WPA2 Enterprise).

Crypto elements, including CryptoAuthentication and Trusted Platform Modules (TPM) with protected hardware-based key storage, make it easy to provide extremely robust security for IoT edge nodes, hubs, and other “things” without having to be a crypto expert. Built-in crypto engines perform ECDSA for asymmetric authentication and ECDH key agreement to provide session keys to MCUs, including ARM and AVR products that run encryption algorithms.

Keeping consumables real

---

The most cost-effective and secure way to keep things real is through symmetric authentication without secret storage on the host using a fixed challenge.

---

With the ever present threat of counterfeiting, having a cost-effective and highly-secure way to ensure that a consumable product is real is a great idea. In fact, there is a proven industry standard approach to apply sophisticated cryptographic engineering and mathematics to fight counterfeiting; namely, crypto elements like the Atmel ATSHA204A device.

Crypto elements can attach to a consumable good, such as the classic example of an ink cartridge, even without being soldered in. The device can be glued directly outside of the product. When the ink or other consumable is inserted into the host system (where the MCU is), the crypto element makes contact and the host is able to communicate with the item to validate whether or not it is real. This is called authentication.

The most cost-effective yet secure way to authenticate is through symmetric authentication without secret storage on the host using a fixed challenge.

With symmetric authentication, a client and the host run the exact same calculation on each side, and if the client (the consumable) is real, then the results of those calculations (called the “responses”) will match. There is a way to go about using a very inexpensive MCU without running the crypto calculations within the host side’s MCU. That is where the concept of fixed challenge comes into play. The idea of a fixed challenge is that the calculation done for the host is conducted ahead of time, and the challenge/response pair from that calculation is loaded into the host.

The fixed challenge method is ideal when certain considerations are in play, such as the folowing:

1. Very limited processing power (e.g. low-cost MCU)
2. Abundance of available memory to easily store challenge-response pairs (e.g. in a smartphone)
3. Need to get something out quickly or temporarily (e.g. time to market)
4. Need a very low cost on the host (e.g. can’t afford adding a key storage device)
5. Desire to not store a secret key in the host

So, how does a fixed challenge work? Like with other challenge-response operations, the process starts with the host controller sending the client a numerical challenge to be used in a calculation to create a response, which then gets compared to a “response” number in the host. What makes this “fixed” is that, because there is no crypto device in the host to generate random numbers (or make digests using hashing algorithms), the challenge cannot be random. That means that the challenges and their corresponding responses must be pre-calculated using the client’s secret key and the challenge and response pair loaded into the memory of the host. This can be looked at as effectively time-shifting the calculations used for authentication.

Let’s look at an example using the ATSHA204A installed in the client.

Step 1: In the factory when the host manufactured challenges are loaded into the host MCU memory together with a response that is calculated by hashing the client’s secret with that challenge.

Step 2: When the consumable is inserted into the host machine out in the field, the host MCU will ask the client (consumable) to prove it is real by sending it the preloaded challenge.

Step 3: The client will then run the hash algorithm on that challenge number using its stored secret key to generate a response, which it sends back to the host.

Step 4: The host will compare the response from the clients with the preloaded response value stored in its memory.

Step 5: If the client is real, the response from the client (which is the hash value based on the secret key and the challenge) will be the same as the response value that was preloaded in the host.

Since each host is loaded with a different challenge/response pair, each product that the host is incorporated into is then unique by definition. Cloning beyond only one copy is impossible; thus, this is a highly-secure and very cost-effective technique as it can be easily implemented with very inexpensive MCUs.

This approach can be used for firmware protection and designs with no secrets in the host (as noted), as well as be implemented with very low-cost MCUs that do not have the processing power to run the hashing algorithms.

The many benefits of fixed challenge authentication:

• Symmetric authentication is fast
• No secrets in the host
• Can use low-cost MCU of host because less computation is needed for a fixed challenge
• Prevents cloning
• Protects investments in firmware
• Enhances safety
• Protects revenue stream
• Protects brand image
• Better control of the supply channel

Atmel crypto element devices — including ATSHA204A, ATECC108A, ATECC508A and ATAES132A — implement hardware-based key storage, which is much stronger than software based storage due to the defense mechanisms that only hardware can provide against attacks. Secure storage in hardware beats storage in software every time. Adding secure key storage is an inexpensive, easy, and ultra-secure way to protect firmware, software, and hardware products from cloning, counterfeiting, hacking, and other malicious threats.

Greetings from Digitopia!

---

When it comes to the privacy and security of data, what does the future hold for consumers, companies and governments?

---

A tremendously interesting document, called “Alternate Worlds,” was published by the U.S. National Intelligence Council. It’s a serious document that not only examines four different alternatives of what 2030 might look like, but possesses some major geo-political thinking about the future.

In the entire report there was only one comment regarding privacy, which is amazing.  This brings up many questions.  Has privacy already become a quaint notion and a relic of times past? Is the loss of privacy a done deal? Will there be any attempt at reclaiming personal privacy? Will renewed privacy only be available to the upper classes? Will companies be required to take responsibility for embedding more security and privacy in their products and systems? Will governments fight for citizens’ rights to privacy or insist on the right to intrude? These all are important 21^st century questions, and they are simply impossible to answer now given that there are far too many variables. Only time will tell.

At the moment, however, it is pretty clear that the trend is away from privacy, at least in the way that privacy was defined in prior generations. If you observe first-world high school and college kids, you can easily see that many, if not most, live their lives way out in the open on apps like Facebook, Twitter, Tumblr and others, and don’t really seem to care all that much who is watching. Lately, more limited audience apps like WhatsApp, Snapchat, and WeChat that focus on smaller groups rather than general broadcasts have been growing, which belies some return to privacy concerns (i.e. don’t let mom see this), but the generational theme is clearly “live out loud.” Younger people live in a type of virtual society. Let’s call it “Digitopia.” Digitopia is far from a utopian place because it is insecure — really insecure. Cyber criminals, nosey companies, sneaky governmental operators, and other techno-mischief makers run rampant there.

One of the more intriguing predictions in the Alternate Worlds report points to future brain-machine interfaces that could provide super-human abilities, as well as improve strength, speed and other enhancements (i.e. bestow super powers). This notion could have come right out of author William Gibson’s classic cyber-punk novel Neuromancer where people’s brains directly “jack-into” the matrix.  The report states:

“Future retinal eye implants could enable night vision, and neuro-enhancements could provide superior memory recall or speed of thought. Neuro-pharmaceuticals will allow people to maintain concentration for longer periods of time or enhance their learning abilities.  Augmented reality systems can provide enhanced experiences of real-world situations. Combined with advances in robotics, avatars could provide feedback in the form of sensors providing touch and smell as well as aural and visual information to the operator.”

Hanging Out in Digitopia

Even the peaceful denizens of Digitopia are by default reckless, especially when it comes to their own privacy.

“A significant uncertainty … involves the complex tradeoffs that users must make between privacy and utility. Thus far, users seem to have voted overwhelmingly in favor of utility over privacy,” the Alternate Worlds report states.

As introduced in a prior article called “Digital Annoymity: The Ultimate Luxury Item,” the desire for personalized services is very seductive, and consumers are now complicit in, and habituated to, revealing a great deal about themselves. Volunteering information is one thing, but much of the content about our digital selves is being collected automatically and used for things we don’t have any idea about. People are increasingly buying products that automatically track their lives including cars storing data about driving habits and downloading that to other parties without the need for consent. As we visit web pages, companies get access to our digital histories and bid against each other in milliseconds fir the ability to display their advertising to us. This is kind of creepy. There is now an unholy trinity of governments snooping on us, corporations targeting our buying behaviors, and cyber-criminals trying to rip us off. The antidote is better security, but cyper-security is not something that individuals will be able to make happen on their own.

Data collection systems are not accessible, and they are not modifiable by people without PhDs in computer science. Because of that, security and privacy could easily become commodities which consumers will demand and thus economically force companies to provide. The only weapon consumers have is what they consume. If consumers only purchase secure products, then only secure products will succeed. In Digitopia, a company’s success may become dependent simply upon how well they protect the interests of their customers and partners — that is not a hard concept to understand.

You can almost see how there could easily be the equivalent of a “UL” label for privacy. Products and services could be vetted for the strength of their security mechanisms. Subsequently, products should then be rated on if they have encryption, data integrity checks, authentication, hardware key storage, and other cryptographic bases.

Beyond the testing of the products themselves, there could easily be businesses set up to provide secure protections to individuals and companies like a digital Pinkerton’s for digital assets. It is likely that those who can afford digital anonymity will be the first to take measures to regain it. To paraphrase a concept from a famous American financial radio show host, privacy could replace the BMW as the modern status symbol. The top income earners who want to protect themselves and their companies will be looking for a type of “digital Switzerland.” Regaining privacy will likely democratize over time as the general population will demand the same protections as the 1%-ers. Edward Snowdon showed us that everyone is under some sort of surveillance, so we have to face the facts that data gathering on a grand scale is part of the world now and will only grow in scope. However, we don’t have to just accept insecurity because things can be done, including adding secure devices to digital systems.

The Future Belongs to the Middle Classes

Maybe the most important factor noted in the Alternative World report has to do with the forthcoming growth of middle classes. As populations increase and more people worldwide move into the middle class, a growing number of people and things will be connected. That is why the Internet of Things is expected to grow so quickly. More connected things means more points of attack, and more data gathering for legitimate and illegitimate purposes. Therefore, the need for digital security is tied directly to the number of communicating nodes, which is tied directly to the growth of the middle class. More people with financial means means there will be more things to secure. This is becoming obvious. The middle class buys the lions’ share of products and services, and more of those products and services and how they will be ordered and delivered will be electronic. More people, more electronic things, more need for security.

When it comes to population, South and East Asia are the elephants (and dragons) in the room, as the chart below demonstrates.

The most powerful trend going forward is arguably the emergence of new “super-sized” middle classes in China and India. The worldwide middle class will grow exponentially, and it has already started to super-charge demand for food, energy, and manufactured products — particularly smart communicating electronic devices, many with sensing capabilities. That, of course, is how the IoT is getting started. Major companies are holding out the IoT as a way to drive efficiencies in production and distribution while keeping costs low.  You can see that in the literature of major companies such as GE who is targeting the Industrial Internet of Things as a major strategic vector.

Population and purchasing power go hand-in-hand, and the evolution of smart, secure, and communicating systems will follow.  As Stalin said, quantity has a quality all its own.   That is why Asia matters so much.

From the demographic analyses, you can see that most Digitopians will be physically living in South and East Asia and this will continue to rise with time. So, what does that mean for security and privacy?

There is a very different view of the privacy rights in Asia due to a varied tapestry of intricate and ancient cultures — cultures that differ from Western traditions in many ways. However, it must be pointed out that that Western governments are far from the white-knight protectors of privacy rights by any means. Even with uncertainty in how privacy will be embraced (or not) long-term woldwide, in the short- to medium-term, enhanced security will have to filter into networks, systems, and end products, including the IoT nodes. You can look at that as securing the basic wiring and digital plumbing of Digitopia, even if governmental institutions retain the right to snoop.

Practical Security

To close on a practical note, in the short- to medium-term there will be a strong drive to embed more robust security to embedded systems, PCs, networks, and the Internet of Things. Devices to enhance security are already available, namely crypto element integrated circuits with hardware based key storage. Crypto elements are powerful solutions, whose fundamental value is only starting to be recognized. They contain cryptographic engines to efficiently handle crypto functions such as hashing, sign-verify (ECDSA), key agreement (ECDH), authentication (symmetric or asymmetric), encryption/decryption, message authentication coding (MAC), run crypto algorithms (elliptic curve cryptography, AES, SHA), among many others. Together with microprocessors that run encryption algorithms crypto elements easily bring all three pillars of security (confidentiality, data integrity, and authentication) into play for any digital system.

As certain forces move the world towards less privacy and more insecurity, it is good to know that there are real technologies that have the potential to move things back in the other direction. To make a fearless forecast, it seems that going forward companies will increasingly be held liable for security breaches, and that will force them to provide robust security in the products and services that they offer. Consumers will demand security and enforce their preferences with class action legal remedies which they are damaged by lack of security. The invisible hand of the market will point towards more security.  On the other hand, governments will argue that they have a duty to provide physical and economic security, which gives them license to snoop.  Countervailing forces are in play in Digitopia.

What’s ahead this year in digital insecurity?

---

Here’s a closer look at the top 10 cyber security predictions for 2015.

---

In 2014 worries about security went from a simple “meh” to “WTF!” Not only did high-profile attacks get sensational media coverage, but those incidents led to a pivotal judicial ruling that corporations can be sued for data breaches. And as hard as it is to believe, 2015 will only get worse because attack surfaces are expanding as mobile BYOD policies overtake enterprises, cloud services spread, and a growing number of IoT networks get rolled out. Add m-commerce, e-banking, and mobile payments to the questionable tradition of lax credit card security infrastructure in the U.S. and you get a perfect storm for cybercrime.

In fact, 92% of attacks across the range of segments come from nine basic sources (seen in the diagram below), according to Verizon. More numerous and sophisticated cyber crimes are anticipated for this year and beyond.

 1. More companies to get “Sony’d”

2014 saw the release of highly-evolved threats from criminals that in the past only came from governments, electronic armies and defense firms. A wide-range of targets included organizations in retail, entertainment, finance, healthcare, industrial, military, among countless other industries. As a repeat offender, Sony is now the cyber-victim poster child, and the term “Sony’d” has become a verb meaning digital security incompetence. Perhaps Sony’s motto should be changed from “make.believe.” to “make.believe.security.” Just saying!

Prior to 2014, companies on a wholesale basis tended to simply deny cyber vulnerabilities. However, a string of higher profile data breaches — such as Sony, Heartbleed, Poodle, Shellshock, Russian Cyber-vor, Home Depot, Target, PF Chang’s, eBay, etc. — have changed all of that. Denial is dead, but confusion and about what to do is rampant.

2. Embedded insecurity rising

Computing naturally segregates into embedded systems and humans sitting in front of screens.  Embedded systems are processor-based subsystems that are “embedded” into other machines or bigger systems.  Examples are routers, industrial controls, avionics, automotive engine and in-cabin systems, medical diagnostics, white goods, consumer electronics, smart weapons, and countless others.  Embedded security was not a big deal until the IoT emerged, which will lead to billions of smart, communicating nodes.  15 to more than 20 billion IoT nodes are being forecast by 2020, which will create a gigantic attack platform and make security paramount.

A recent study by HP revealed that 70% of interconnected (IoT) devices have serious vulnerabilities to attacks. The devices they investigated consisted of “things” like cloud-connected TVs, smart thermostats and electronic door locks.

“The current state of Internet of Things security seems to take all the vulnerabilities from existing spaces — network security, application security, mobile security and Internet-connected devices — and combine them into a new, even more insecure space, which is troubling,” HP’s Daniel Miessler stated.

Issues HP identified ranged from weak passwords, to lack of encryption, to poor interfaces, to troubling firmware, to unencrypted updating protocols. Other notable findings included:

• 60% of devices were subject to weak credentials
• 90% collected personal data
• 80% did not use passwords or used very weak passwords
• 70% of cloud connected mobile devices allowed access to user accounts
• 70% of devices were unencrypted

Investigators at the Black Hat Conference demonstrated serious security flaws in home automation systems. At DEFCON, investigators hacked NFC-based payment systems showing that passwords and account data was vulnerable. They also revealed that the doors of a Tesla car could be hacked to open while in motion. Nice! Other attacks were exploited on smart TVs, Boxee TV devices, smartphone biometric systems, routers, IP cameras, smart meters, healthcare devices, SCADA (supervisory, control and data acquisition) devices, engine control units, and some wearables. Even simple USB firmware was proven to be highly vulnerable… “Bad USB.”

These are just the tip of the embedded insecurity iceberg. Under the surface is the entire Dark Net which adds even more treacherousness. Security companies like Symmantic have identified home automation as a likely early IoT attack point. That is not surprising because home automation will be an early adopter of IoT technologies, after all. In-house appliances also represent an attractive attack surface as more firmware is contained in smart TVs, set top boxes, white goods, and routers that also communicate. Node-to-node connectivity security extends to industrial settings as well.

Tools like Shodan, which is the Google of embedded systems, make it very easy for hackers to get into the things in the IoT.  CNN recently called Shodan the scariest search engine on the Internet. You can see why since everything that is connected is now accessible. Clearly strong security, including hardware-based crypto elements, is paramount.

 3. More storms from the cloud

It became clear in 2014 that cloud services such as iCloud, GoogleDrive, DropBox and others were rather large targets because they are replete with sensitive data (just ask Jennifer Lawrence). The cloud is starting to look like the technological Typhoid Mary that can spread viruses, malware, ransomware, rootkits, and other bad things around the world. As we know by now, the key to security is how well cryptographic keys are stored.   Heartbleed taught us that, so utilizing new technologies and more secure approaches to maintain and control cryptographic keys will accelerate in 2015 to address endemic cloud exposure. Look for more use of hardware-based key storage.

4. Cyber warfare breaks out

eBay, PF Chang’s, Home Depot, Sony, JP Morgan, and Target are well-known names on the cybercrime blotter, and things will just get worse as cyber armies go on the attack. North Korea’s special cyber units, the Syrian Electronic Army, the Iranian Cyber Army (ICA), and Unit 61398 of the People’s Liberation Army of China are high profile examples of cyber-armies that are hostile to Western interests. Every country now seems to have a cyber-army units to conduct asymmetric warfare. (These groups are even adopting logos, with eagles appearing to be a very popular motif.)

Cyber warfare is attractive because government-built malware is cheap, accessible, and covert, and thus highly efficient. Researchers have estimated that 87% of cyber-attacks on companies are state-affiliated, 11% by organized crime, 1% by competitors, and another 1% by former employees. Long story short, cyber war is real and it has already been waged against non-state commercial actors such as Sony. It won’t stop there.

 5. Cybercrime mobilizes

According to security researchers, mobile will become an increasingly attractive target for hackers. Fifteen million mobile devices are infected with malware according to a report by Alcatel-Lucent’s Kindsight Security Labs. Malvertising is rampant on untrusted app stores and ransomware is being attached to virtual currencies. Easily acquired malware generation kits and source code make it extremely easy to target mobile devices. Malicious apps take advantage of the Webkit plugin and gain control over application data which hands credentials, bank account, and email details over to hackers. What’s more, online banking malware is also spreading. 2014 presented ZeuS, which stole data, and VAWTRAK that hit online banking customers in Japan.

Even two-factor authentication measures that banks employ have recently been breached using schemes, such as Operation Emmental. Emmental is the real name of Swiss cheese, which of course is full of holes just like the banking systems’ security mechanisms.  Emmental uses fake mobile apps and Domain Name System (DNS) changers to launch mobile phishing attacks to get at online  banking  accounts and steal identities. Some researchers believe that cybercriminals will increasingly use such sophisticated attacks to make illegal equity front running and short selling scams.

6. Growing electronic payments tantalize attackers

Apple Pay could be a land mine just waiting to explode due to NFC’s susceptibility to hacking. Google Wallet is an example of what can happen when a malicious app is granted NFC privileges making it capable of stealing account information and money. M-commerce schemes like WeChat could be another big potential target.

E-payments are growing and with that so will the attacks on mobile devices using schemes ranging from FakeID to master key. Master key is an exploit kit similar to blackhole exploit kit that specifically targets mobile, where FakeID allows malicious apps to impersonate legitimate apps that allow access to sensitive data without triggering suspicion.

7. Health records represent a cyber-crime gold mine

Electronic Health Records (EHR) are now mandatory in the U.S. and a vast amount of personal data is being collected and stored as never before. Because information is money, thieves will go where the information is (to paraphrase Willie Sutton). Health records are considered higher value in the hacking underground than stolen credit card data. Criminals throughout both the U.S. and UK are now specializing in health record hacking. In fact, the U.S. Identity Theft Resource Center reported 720 major data breaches during 2014 with 42% of those being health records.

8. Targeted attacks increase

Targeted attacks, also known as Advanced Persistent Threats (APTs), are very frightening due to their stealthy nature. The main differences between APTs and traditional cyber-attacks are target selection, silence, and duration of attack. According to research company APTnotes, the number of attacks by year went from 3 in 2010 to 14 in 2012 to 53 in 2014. APT targets are carefully selected, in contrast to traditional attacks that use any available corporate targets. The goal is to get in quietly and stay unnoticed for long periods of time, as seen in the famous APT attack that victimized the networking company Nortel. Chinese spyware was present on Nortel’s systems for almost ten years without being detected and drained the company of valuable intellectual property and other information. Now that’s persistent!

9. Laws and regulations try to play catch up

A number of cyber security laws are being considered in the U.S. including the National Cybersecurity Protection Act of 2014, which advocates the sharing of cybersecurity information with the private sector, provide technical assistance and incident response to companies and federal agencies.   Another one to note is the Federal Information Security Modernization Act of 2014 that is designed to better protect federal agencies from cyber-attacks. A third is the Border Patrol Agent Pay Reform Act of 2013 to recruit and retain cyber professionals who are in high demand. Additionally, there is the Cybersecurity Workforce Assessment Act, which aims to enhance the readiness, capacity, training, recruitment, and retention of the cybersecurity workforce. President Obama stated that wants a 30-day deadline for notices and a revised “Consumer Privacy Bill of Rights.”

One of the more interesting and intelligent recommendations came from the FDA, who issued guidelines for wireless medical device security to ensure hackers could not interfere with things such as implanted pacemakers and defibrillators. This notion was is part stimulated by worry about Dick Cheney’s pacemaker being hacked. In fact countermeasures were installed by on the device by Cheney’s surgeon. More regulation of health data and equipment is expected in 2015.

“Security — or the lack of it — will largely determine the success or failure of widespread adoption of internet-connected devices,” the FTC Commissioner recently shared in an article. The FTC also released a report entitled, “Privacy & Security in a Connected World.”

10. Hardware-based security may change the game

According to respected market researcher Gartner, all roads to the digital future lead through security. At this point, who can really argue with that statement? Manufacturers and service providers are seeing the seriousness of cyber-danger and are starting to integrate security at every connectivity level. Crypto element integrated circuits with hardware-based key storage are starting to be employed for that. Furthermore, these crypto elements are a kind of silver bullet given that they easily and instantly add the strongest type of security possible (i.e. protected hardware-based key storage) to IoT endpoints and embedded systems. This is a powerful concept whose fundamental value is only starting to be recognized.

Crypto elements contain cryptographic engines to efficiently handle crypto functions such as hashing, sign-verify, ECDSA, key agreement (e.g.  ECDH), authentication (symmetric or asymmetric), encryption/decryption, message authentication coding (MAC), run crypto algorithms (e.g. elliptic curve cryptography, AES, SHA) and many other functions.

The hardware key storage plus crypto engine combination in a single device makes it simple, ultra-secure, tiny, and inexpensive to add robust security. Recent crypto element products offer ECDH for key agreement and ECDSA for authentication. Adding a device with both of these powerful capabilities to any system with a microprocessor that can run encryption algorithms (such as AES) brings all three pillars of security (confidentiality, data integrity and authentication) into play.

With security rising in significance as attack platforms increase in size and threats become more sophisticated, it is good to know that solutions are already available to ensure that digital systems are not only smart and connected, but robustly secured by hardware key storage. This could be the one of the biggest stories in security going forward.

Is the Internet of Things just a toy?

---

While some sort of IoT is possible without security, without security it would really just be a toy.

---

The Internet of Things (IoT) is arguably the most hyped concept since the pre-crash dot-com euphoria. You may recall some of the phrases from back then such as “the new economy,” “new paradigm,” “get large or get lost,” “consumer-driven navigation,” “tailored web experience,” “it’s different now,” among countless other media fabrications.

The IoT is the new media darling. In fact, it has been dubbed everything from the fifth wave of computing, to the third wave of the Internet, to the next big thing, to the next mega-trend, to the largest device market in the world, to the biggest efficiency booster/cost reduction technology. You get the picture.

Now, the question is whether or not the IoT will indeed be more real than just hype, as is the case with any media powered feeding frenzy. Let’s start by looking at the numbers.

Respected market researchers and giant networking companies are predicting gigantic numbers of connected devices to the tune of 20 to 50 billion units of installed base by 2020 or 2025, with some estimates even going higher. With numbers like that coming from the world’s most-followed, reputable sources, it won’t be long before high roller investors start placing enormous bets on who will be the winners of the IoT game; a game that will be make Vegas action look like a game of marbles. The IoT casino is now open.

There is really big money at stake because IoT represents a perfect storm of opportunity for venture capitalists and bold corporate acquirers — that is because many believe that half the successful IoT companies don’t even exist yet. Conditions don’t get much more attractive than that when it comes to risk capital.

Here’s a hot tip: Only bet on the companies offering systems that articulate a clear strategy that put strong security (especially authentication) as a top priority. This tip is derived from the observations of Dr. Vint Cerf (the acknowledged creator of the Internet) who declared that the IoT will require strong authentication. And, he’s right. Note well that the strongest authentication comes from hardware-based cryptographic key storage because hardware key storage beats software-based key storage every time. Inexpensive and easy-to-use integrated circuit devices already exist to do just that. The media should grasp that but don’t seem to get it yet.

The dirty little secret of the constantly-connected era is that without security, the IoT will just be a toy that consumers, governments, and corporations cannot take seriously. What good is a system of billions of interconnected things sensing and sending data (often through the cloud)  that can be  intercepted, corrupted, and spoofed? Not very much. IoT growth is dependent upon security. 

Charting the Growth

The graphs below show estimated unit shipments and the resulting installed base of IoT devices. What has also been called out in each chart are devices with on-board security, mainly hardware-based security, and those that do not have built in hardware security. Most market estimates out there tend to show the growth of the IoT in terms of installed bases, growing to many billions by 2020. Typically speaking, you will see a chart like the one below, but without the divisions between secure and insecure nodes.This is a case of the devil being in the details, because installed base charts can be very misleading. Data jockeys such as market researchers and statisticians know very well that installed base is a tricky way to present data. Fair warning: Beware of drawing conclusions from installed base charts only.

The IoT case is a perfect example of how to hide the important information, because even if you remove the secure nodes, the chart still looks like there will be enormous growth. However, that masks the fact that growth will plateau without the secure nodes being a part of the picture. It is a an illusion caused by the fact that the early days of the IoT will build a base of significant numbers, but the volume shipments will fall off quickly as users reject insecure solutions precisely because they are insecure.

The installed base IoT chart is analogous to chart of automobiles in the time of Henry Ford showing the installed base of black cars (remember Model Ts came in any color as long as it was black).  That would show that black cars were the overwhelming color and it would be impossible from that chart to conclude anything other than they always would be. Obviously, such a chart would mask the market changes that in fact happened and the inflection points as to when the changes happened. Masking is exactly what the IoT installed base chart does.

It fails to show that the inflection point towards secure nodes that is starting right now, which is a shift that will happen quickly. Reason being, the need for security is becoming clear (just ask Sony, Target, Home Depot, JP Morgan, and Iranian nuclear scientists about that). As aforementioned, inexpensive hardware-based devices are available now that can provide strong security to IoT nodes.

The unit shipment slide is what tells the real story. And, that is that security is becoming a requirement of IoT if growth is to be sustainable.  Simply stated: Without real security, the IoT will falter.

Security Maters

Security matters because users must trust that the nodes are who they say they are (i.e. are authentic). Additionally, confidentiality of the data is important to keep unauthorized third parties from getting the data and misusing it. Also, without data integrity mechanisms there is no way to ensure that the data have not been tampered with or corrupted. All three of these matter. A lot.

However, with all the press that the IoT receives and all the tremendous predictions of giga-volumes, you just don’t hear much other than passing comments about security. Security should, in fact, be the prerequisite of any article, discussion, or plan for IoT-based anything. Talking about the Internet of Things without addressing the security question (with specifics) is like talking about scuba diving without mentioning water.

Security gets short shrift even though it is pivotal to the IoT’s existence (and important to literally everyone in the digital universe, including the readers of this article). One main reason is that the meaning of security is not really well understood. As a result, engineers, executives, investors, and researchers alike have been mainly whistling past the graveyard hoping that their digital interests will not be attacked too badly. However, with the increasing frequency, variety, and creativity of security breaches and especially with the advent of breach-based litigation, the danger is increasing and finally more attention is getting paid. It is not hard to envision ambulance-chaser legal firms moving from class action suits regarding asbestos, medical devices, and pharmaceuticals to seeking data-breach damage rewards. In actuality, this has already started. You can almost hear the cloying ads already.

Security Defined

There are two important and fundamental questions about security and the IoT:

1. What is IoT security?

2. How do you implement it now?

To address the first item, the best way to understand it is to break it down into the three pillars of security, which are confidentiality, data integrity, and authentication (ironically referred to as “CIA”). The second inquiry is related directly to the first because implementing security is a function of how well you address the three pillars.

It is critical to address security right now because putting insecure systems into the world is just asking for trouble. There is no time to wait. Assembling a network or product dependent on a network that is filled with vulnerabilities is bad practice. The good news is that thanks to cryptographic engine integrated circuits with hardware-based secure key storage powerful solutions are clear and present.

Crypto Elements

Crypto element refers to a dedicated integrated circuit devices with crypto engines that handle crypto functions such as hashing, sign-verify (e.g.  ECDSA), key agreement (e.g.  ECDH),  authentication (symmetric or asymmetric), encryption/decryption, message authentication coding (MAC), run crypto algorithms (e.g. elliptic curve cryptography, AES, SHA), and perform many other functions. The other critical part of the equation that makes crypto elements so valuable is their ability to store cryptographic keys in ultra-secure hardware.  (The CTO of a major home networking company recently described storing cryptographic keys in software being like storing a key in a wet paper bag.)

Providing the exact type of security needed for the IoT to grow is what crypto engines like CryptoAuthentication solutions are all about. They make security both easy and cost effective. The amazing thing is that crypto engine devices were invented before the IoT even existed. Now they are arguably the ideal catalyst to drive IoT growth when they are added to the other fundamental elements of the IoT.  So, it should be clear that there are now four elements to a serious IoT node:

1. Intelligence (Microprocessors)

2. Communications (Wi-Fi, Bluetooth, etc.)

3. Sensors

4. Security

These four items will be the recurring theme of IoT nodes.   The story from here will be which  communications standards are supported, the level of integration, how security is handled (standards and methods), performance, speed, power, size, etc., not if security is there or not.

Long story short: While some sort of IoT is possible without security, without security it would really just be a toy.

What is Ambient Security?

New technology and business buzzwords pop up constantly. Hardly a day goes by that you don’t see or hear words such as “cloud”, “IoT,” or “big data.” Let’s add one more to the list: “Ambient security.”

You’ll notice that big data, the cloud, and the IoT are all connected, literally and figuratively, and that is the point. Billions of things will communicate with each other without human intervention, mainly through the cloud, and will be used to collect phenomenal and unprecedented amounts of data that will ultimately change the universe.

As everything gets connected, each and every thing will also need to be secure. Without security, there is no way to trust that the things are who they say they are (i.e. authentic), and that the data has not been altered (i.e. data integrity). Due to the drive for bigger data, the cloud and smart communicating things are becoming ambient; and, because those things all require security, security itself is becoming ambient as well.  Fortunately, there is a method to easily spread strong security to all the nodes. (Hint: Atmel CryptoAuthentication.)

Big Data

At the moment, big data can be described as the use of inductive statistics and nonlinear system analysis on large amounts of low density (or quickly changing) data to determine correlations, regressions, and causal effects that were not previously possible. Increases in network size, bandwidth, and computing power are among the things enabling this data to get bigger — and this is happening at an exponential rate.

Big data became possible when the PC browser-based Internet first appeared, which paved the way for data being transferred around the globe. The sharp rise in data traffic was driven to a large extent by social media and companies’ desire to track purchasing and browsing habits to find ways to micro-target purchasers. This is the digitally-profiled world that Google, Amazon, Facebook, and other super-disruptors foisted upon us.  Like it or not, we are all being profiled, all the time, and are each complicit in that process. The march to bigger data continues despite the loss of privacy and is, in fact, driving a downfall in privacy. (Yet that’s a topic for another article.)

Biggering

The smart mobile revolution created the next stage of “biggering” (in the parlance of Dr. Seuss). Cell phones metamorphosed from a hybrid of old-fashioned wired telephones and walkie-talkies into full blown hand-held computers, thus releasing herds of new data into the wild. Big data hunters can thank Apple and the Android army for fueling that, with help from the artists formerly known as Nokia, Blackberry, and Motorola. Mobile data has been exploding due to its incredible convenience, utility, and of course, enjoyment factors. Now, the drive for bigger data is continuing beyond humans and into the autonomous realm with the advent of the Internet of Things (IoT).

Bigger Data, Little Things

IoT is clearly looking like the next big thing, which means the next big thing will be literally little things. Those things will be billions of communicating sensors spread across the world like smart dust — dust that talks to the “cloud.”

More Data

The availability of endless data and the capability to effectively process it is creating a snowball effect where big data companies want to collect more data about more things, ad infinitum. You can almost hear chanting in the background: “More data… more data… more data…”

More data means many more potential correlations, and thus more insight to help make profits and propel the missions of non-profit organizations, governments, and other institutions. Big data creates its own appetite, and the data to satisfy that growing appetite will derive from literally everywhere via sensors tied to the Internet. This has already started.

Sensors manufacture data. That is their sole purpose. But, they need a life support system including smarts (i.e. controllers) and communications (such as Wi-Fi, Bluetooth and others). There is one more critical part of that: Security.

No Trust? No IoT! 

There’s no way to create a useful communicating sensor network without node security. To put it a different way, the value of the IoT depends directly on whether those nodes can be trusted. No trust. No IoT.  Without security, the Internet of Things is just a toy.

What exactly is security? It can best be defined by using the three-pillar model, which (ironically) can be referred to as “C.I.A:” Confidentiality, Integrity and Authenticity.

CIA

Confidentiality is ensuring that no one can read the message except its intended receiver. This is typically accomplished through encryption and decryption, which hides the message from all parties but the sender and receiver.

Integrity, which is also known as data integrity, is assuring that the received message was not altered. This is done using cryptographic functions. For symmetric, this is typically done by hashing the data with a secret key and sending the resulting MAC with the data to the other side which does the same functions to create the MAC and compare. Sign-verify is the way that asymmetric mechanisms ensure integrity.

Authenticity refers to verification that the sender of a message is who they say they are — in other words, ensuring that the sender is real. Symmetric authentication mechanisms are usually done with a challenge (often a random number) that are sent to the other side, which is hashed with a secret key to create a MAC response, before getting sent back to run the same calculations. These are then compared to the response MACs from both sides.

(Sometimes people add non-repudiation to the list of pillars, which is preventing the sender from later denying that they sent the message in the first place.)

The pillars of security can be  implemented with devices such as Atmel CryptoAuthentication crypto engines with secure key storage. These tiny devices are designed to make it easy to add robust security to lots of little things – -and big things, too.

So, don’t ever lose sight of the fact that big data, little things and cloud-based IoT are not even possible without ambient security. Creating ambient security is what CryptoAuthentication is all about.

Getting up close and personal with symmetric session key exchange

In today’s world, the three pillars of security are confidentiality, integrity (of the data), and authentication (i.e. “C.I.A.”). Fortunately, Atmel CryptoAuthentication crypto engines with secure key storage can be used in systems to provide all three of these.

Focusing on the confidentiality pillar, in a symmetric system it is advantageous to have the encryption and decryption key shared on each side go through a change for every encryption/decryption session. This process, which is called symmetric session key exchange, helps to provide a higher level of security. Makes sense, right?
 

So, let’s look at how to use the capabilities of the ATSHA204A CryptoAuthentication device to create exactly such a changing cryptographic key. The way a key can be changed with each session is by the use of a new (and unique) random number for each session that gets hashed with a stored secret key (number 1 in the diagram below). While the stored key in the ATSHA204A devices never changes, the key used in each session (the session key) does. Meaning, no two sessions are alike by definition.

The video below will walk you through the steps, or you can simply look at the diagram which breaks down the process.

The session key created by the hashing of the stored key and random number gets sent to the MCU (number 2) and used as the AES encryption key by the MCU to encrypt the data (number 3) using the AES algorithm. The encrypted data and the random number are then sent (number 4) to the other side.

Let’s explore a few more details before going on. The session key is a 32 byte Message Authentication Code or “MAC.” (A MAC is defined as a hash of a key and message.) 16 bytes of that 32 byte (256 bit) MAC becomes the AES session key that gets sent to the MCU to run the AES encryption algorithm over the data that is to be encrypted.

It is obvious why the encrypted code is sent, but why is the random number as well? That is the magic of this process. The random number is used to recreate the session key by running the random number through the same SHA-256 hashing algorithm together with the key stored on the decryption side’s ATSHA204A (number 5). Because this is a symmetric operation, the secret keys stored on both of the ATSHA204A devices are identical, so when the same random number is hashed with the same secret key using the same algorithm, the 32 byte digest that results will be exactly the same on the decrypting side and on the encrypting side. Just like on the encrypting side, only 16 bytes of that hash value (i.e. the MAC) are needed to represent the AES encryption/decryption key (number 6). At this point these 16 bytes can be used on the receiving side’s MCU to decrypt the message(number 7).

And, that’s it!

Note how easy the ATSHA204A makes this process because it stores the key, generates the random number, and creates the digest. There’s a reason why we call it a crypto engine! It does the heavy cryptographic work, yet is simple to configure the SHA204A using Atmel’s wide range of tools.

Not to mention, the devices are tiny, low-power, cost-effective, work with any micro, and most of all, store the keys in ultra-secure hardware for robust security. By offering easy-to-use, highly-secure hardware key storage crypto engines, it’s simple to see how Atmel has you covered.

Don’t be an “ID-IoT”

---

Authentication may just be the “sine qua non” of the Internet of Things. 

---

Let’s just come out and say it: Not using the most robust security to protect your digital ID, passwords, secret keys and other important items is a really, really bad idea. That is particularly true with the coming explosion of the Internet of Things (IoT).

The identity (i.e. “ID”) of an IoT node must be authenticated and trusted if the IoT is ever to become widely adopted. Simply stated, the IoT without authenticated ID is just not smart. This is what we mean when we say don’t be an ID-IoT.

It seems that every day new and increasingly dangerous viruses are infecting digital systems. Viruses — such as Heartbleed, Shellshock, Poodle, and Bad USB — have put innocent people at risk in 2014 and beyond. A perfect case in point is that Russian Cyber gangs (a.k.a. “CyberVor”) have exposed over a billion user passwords and IDs — so far. What’s scary is that the attacks are targeted at the very security mechanisms that are meant to provide protection.

If you think about it, that is somewhat analogous to how the HIV/AIDS virus attacks the very immune system that is supposed to protect the host organism. Because the digital protection mechanisms themselves have become targets, they must be hardened. This has become increasingly important now that the digital universe is going through its own Big Bang with the explosion of the IoT. This trend of constant connectivity will result in billions of little sensing and communicating processors being distributed over the earth, like dust. According to Gartner, processing, communicating and sensing semiconductors (which comprise the IoT) will grow at a rate of over 36% in 2015, dwarfing the overall semiconductor market growth of 5.7%. Big Bang. Big growth. Big opportunity.

The IoT will multiply the number of points for infection that hackers can attack by many orders of magnitude. It is not hard to see that trust in the data communicated via an ubiquitous (and nosey) IoT will be necessary for it to be widely adopted. Without trust, the IoT will fail to launch. It’s as simple as that. In fact, the recognized inventor of the Internet, Vint Cerf, completely agrees saying that the Internet of Things requires strong authentication. In other words, no security? No IoT for you!

There is much more to the story behind why the IoT needs strong security. Because the world has become hyper-connected, financial and other sensitive transactions have become almost exclusively electronic. For example, physical checks don’t need to be collected and cancelled any more — just a scanned electronic picture does the job. Indeed, the September 11th terror attacks on the U.S. that froze air travel and the delivery of paper checks accelerated the move to using images to clear checks to keep the economy moving.

Money now is simply electronic data, so everyone and every company are at risk of financial losses stemming directly from data breaches. See?  Data banks are where the money is now kept, so data is what criminals attack. While breaches are, in fact, being publicized, there has not been much open talk about their leading to significant corporate financial liability. That liability, however, is real and growing. CEOs should not be the least bit surprised when they start to be challenged by significant shareholder and class action lawsuits stemming from security breaches.

Although inadvertent, companies are exposing identities and sensitive financial information of millions of customers, and unfortunately, may not be taking all the necessary measures to ensure the security and safety of their products, data, and systems. Both exposure of personal data and risk of product cloning can translate to financial damages. Damages translate to legal action.

The logic of tort and securities lawyers is that if proven methods to secure against hacking and cloning already exist, then it is the fiduciary duty of the leaders of corporations (i.e. the C-suite occupants) to embrace such protection mechanisms (like hardware-based key storage), and more importantly, not doing so could possibly be argued as being negligent. Agree or not, that line of argumentation is viable, logical, and likely.

A few CEOs have already started to equip their systems and products with strong hardware-based security devices… but they are doing it quietly and not telling their competitors. This also gives them a competitive edge, besides protecting against litigation.

Software, Hardware, and Hackers

Why is it that hackers are able to penetrate systems and steal passwords, digital IDs, intellectual property, financial data, and other secrets? It’s because until now, only software has been used to protect software from hackers. Hackers love software. It is where they live.

The problem is that rogue software can see into system memory, so it is not a great place to store important things such as passwords, digital IDs, security keys, and other valuable things. The bottom line is that all software is vulnerable because software has bugs despite the best efforts of developers to eliminate them. So, what about storing important things in hardware?

Hardware is better, but standard integrated circuits can be physically probed to read what is on the circuit. Also, power analysis can quickly extract secrets from hardware. Fortunately, there is something that can be done.

Several generations of hardware key storage devices have already been deployed to protect keys with physical barriers and cryptographic countermeasures that ward off even the most aggressive attacks. Once keys are securely locked away in protected hardware, attackers cannot see them and they cannot attack what they cannot see. Secure hardware key storage devices — most notably Atmel CryptoAuthentication — employ both cryptographic algorithms and a tamper-hardened hardware boundary to keep attackers from getting at the cryptographic keys and other sensitive data.

The basic idea behind such protection is that cryptographic security depends on how securely the cryptographic keys are stored. But, of course it is of no use if the keys are simply locked away. There needs to be a mechanism to use the keys without exposing them — that is the other part of the CryptoAuthentication equation, namely crypto engines that run cryptographic processes and algorithms. A simple way to access the secret key without exposing it is by using challenges (usually random numbers), secret keys, and cryptographic algorithms to create unique and irreversible signatures that provide security without anyone being able to see the protected secret key.

Crypto engines make running complex mathematical functions easy while at the same time keeping secret keys secret inside robust, protected hardware. The hardware key storage + crypto engine combination is the formula to keeping secrets, while being easy-to-use, available, ultra-secure, tiny, and inexpensive.

While the engineering that goes into hardware-based security is sophisticated, Atmel does all the crypto engineering so there is no need to become a crypto expert. Get started by entering for your chance to take home a free CryptoAuthentication development tool.

ECDH key exchange is practical magic

What if you and I want to exchange encrypted messages? It seems like something that will increasingly be desired given all the NSA/Snowden revelations and all the other snooping shenanigans. The joke going around is that the motto of the NSA is really “Yes We Scan,” which sort of sums it up.

Encryption is essentially scrambling a message so only the intended reader can see it after they unscramble it. By definition, scrambling and unscrambling are inverse (i.e. reversible) processes. Doing and undoing mathematical operations in a secret way that outside parties cannot understand or see is the basis of encryption/decryption.

Julius Caesar used encryption to communicate privately. The act of shifting the alphabet by a specific number of places is still called the Caesar cipher. Note that the number of places is kept secret and acts as the key. Before Caesar, the Spartans used a rod of a certain thickness that was wrapped with leather and written upon with the spaces not part of the message being filled with decoy letters so only someone with the right diameter rod could read the message. This was called a skytale. The rod thickness acts as the key.

A modern-day encryption key is a number that is used by an encryption algorithm, such as AES (Advanced Encryption Standard) and others, to encode a message so no one other than the intended reader can see it. Only the intended parties are supposed to have the secret key. The interaction between a key and the algorithm is of fundamental importance in cryptography of all types. That interaction is where the magic happens. An algorithm is simply the formula that tells the processor the exact, step-by-step mathematical functions to perform and the order of those functions. The algorithm is where the magical mathematical spells are kept, but those are not kept secret in modern practice. The key is used with the algorithm to create secrecy.

For example, the magic formula of the AES algorithm is a substitution-permutation network process, meaning that AES uses a series of mathematical operations done upon the message to be encrypted and the cryptographic key (crypto people call the unencrypted message “plaintext“). How that works is that the output of one round of calculations done on the plaintext is substituted by another block of bits and then the output of that is changed (i.e. permutated) by another block of bits and then it happens over and over, again and again. This round-after-round of operations changes the coded text in a very confused manor, which is the whole idea. Decryption is exactly as it sounds, simply reversing the entire process.

That description, although in actual fact very cursory, is probably TMI here, but the point is that highly sophisticated mathematical cryptographic algorithms that have been tested and proven to be difficult to attack are available to everyone. If a secret key is kept secret, the message processed with that algorithm will be secret from unintended parties. This is called Kerckhoffs’ principle and is worth remembering since it is the heart of modern cryptography. What it says is that you need both the mathematical magic and secret keys for strong cryptography.

Another way to look at is that the enemy can know the formula, but it does him or her no good unless they know the secret key. That is, by the way, why it is so darn important to keep the secret key secret. Getting the key is what many attackers try to do by using a wide variety of innovative attacks that typically take advantage of software bugs. So, the best way to keep the secret is to store the key in secure hardware that can protect if from attacks. Software storage of keys is just not as strong as hardware storage. Bugs are endemic, no matter how hard the coders try to eliminate them. Hardware key storage trumping software is another fundamental point worth remembering.

Alright, so now that we have a good algorithm (e.g. AES) and a secret key we can start encrypting and feel confident that we will obtain confidentiality.

Key Agreement

In order for encryption on the sender’s side and decryption on the receiver’s side, both sides must agree to have the same key. That agreement can happen in advance, but that is not practical in many situations. As a result, there needs to be a way to exchange the key during the session where the encrypted message is to be sent. Another powerful cryptographic algorithm will be used to do just that.

There is a process called ECDH key agreement, which is a way to send the secret key without either of the sides actually having to meet each other. ECDH uses a different type of algorithm from AES that is called “EC” to send the secret key from one side to the other. EC stands for elliptic curve, which literally refers to a curve described by an elliptic equation.   A certain set of elliptic curves (defined by the constants in the equation) have the property that given two points on the curve (P and Q) there is a third point, P+Q, on the curve that displays the properties of commutivity, associativity, identity, and inverses when applying elliptic curve point multiplication. Point-multiplication is the operation of successively adding a point along an elliptic curve to itself repeatedly. Just for fun the shape of such an elliptic curve is shown in the diagram.

The thing that makes this all work is that EC point-multiplication is doable, but the inverse operation is not doable. Cryptographers call this a one-way or trap door function. (Trap doors go only one way, see?)  In regular math, with simple algebra if you know the values of A and A times B you can find the value of B very easily.  With Elliptic curve point-multiply if you know A and A point-multiplied by B you cannot figure out what B is. That is the magic. That irreversibility and the fact that A point-multiplied by B is equal to B point-multiplied by A (i.e. commutative) are what makes this a superb encryption algorithm, especially for use in key exchange.

To best explain key agreement with ECDH, let’s say that everyone agrees in advance on a number called G. Now we will do some point-multiply math. Let’s call the sender’s private key PrivKeySend.  (Note that each party can be a sender or receiver, but for this purpose we will name one the sender and the other the receiver just to be different from using the typical Alice and Bob nomenclature used by most crpyto books.) Each private key has a mathematically related and unique public key that is calculated using the elliptic curve equation.  Uniqueness is another reason why elliptic curves are used. If we point-multiply the number G by PrivKeySend we get PubKeySend. Let’s do the same thing for the receiver who has a different private key called PrivKeyReceive and point-multiply that private key by the same number G to get the receiver’s public key called PubKeyReceive.   The sender and receiver can then exchange their public keys with each other on any network since the public keys do not need to be kept secret. Even an unsecured email is fine.

Now, the sender and receiver can make computations using their respective private keys (which they are securely hiding and will never share) and the public key from the other side. Here is where the commutative law of point-multiply will work its magic. The sender point-multiplies the public key from the other side by his or her stored private key.  This is equates to:

PubKeyReceive point-multiplied by PrivKeySend which = G point-multiplied by PrivKeyReceive point-multiplied by PrivKeySend

The receiver does the same thing using his or her private key and the public key just received. This equates to:

PubKeySend point-multiplied by PrivKeyReceive  = G point-multiplied by PrivKeySend point-multiplied by PrivKeyReceive.

Because point-multiply is commutative these equations have the same value!

And, the rabbit comes out of the hat: The sender and receiver now have the exact same value, which can now be used as the new encryption key for AES, in their possession. No one besides them can get it because they would need to have one of the private keys and they cannot get them. This calculated value can now be used by the AES algorithm to encrypt and decrypt messages. Pretty cool, isn’t it?

Below is a wonderful video explaining the modular mathematics and discrete logarithm problem that creates the one-way, trapdoor function used in Diffie-Hellman key exhange. (Oh yeah, the “DH” in ECDH stands for Diffie-Hellman who were two of the inventors of this process.)

Are you building out for secure devices?  Protect your design investments and prevent compromise of your products? Receive a FREE Atmel CryptoAuthentication™ development tool.

There’s good news about BadUSB

The good news about the recently-revealed BadUSB is that there actually is a cure: Atmel CryptoAuthentication. Hardware crypto engines were invented to protect software, firmware and hardware from exactly these types of attacks, among many others. These uber-tiny, ultra secure hardware devices can be easily and cost-effectively added to USB sticks (and other peripherals) by manufacturers, who are seeking to protect their customers by ensuring that only the proper and intended code is downloaded and used. Once installed into the peripherals, CryptoAuthentication devices will block the bad code. Period.

Let’s look at what Bad USB has uncovered: It is that everything with a processor is vulnerable to attack. Most people don’t really think of a USB stick, modern thermostat, home router, fax machine, PC mouse or trackpad, a camera, iPod, microwave, and other “things” as being computers; however, they are. In fact, they all have at least one processor, memory, ways to get stuff in and out, and code (firmware) that tells the processor what to do. That last piece is where the danger lies.

As any PC or smartphone user knows, code gets updated all the time to get rid of bugs and add features. Updating code opens up a processor that was previously running good code, to code altered by people with mal-intent, i.e. malware. This is how good embedded systems go bad. We recently saw malware that allowed an ATM to spit out 40 bank notes at a time if a certain code was entered. Real nice for those who know the code!

BadUSB is Bad for More Than Just USB

All systems with processors are vulnerable to bad code, which can do bad things to good systems. All it takes is a way to transfer bad code from one processor to another… and, that happens all the time. USB sticks, USB accessories, the Internet, wireless links like Wi-Fi or Bluetooth — you name it — can be vectors for diseased code. What BadUSB has revealed to us is that all embedded systems, unless equipped with robust protection mechanisms, are now vulnerable to catching diseased code. (Embola?)

Embola

One contracted, a machine infected with Embola can send private and sensitive information to bad guys, or let them take over your system for ransom or other mal-purposes. They can turn on cameras and microphones to spy, grab your photos and bank account information, or even mess with your car. Whatever they want they can have, and you most likely will never know it.

By now you should see the point, which is that every embedded system and PC needs protection. Everything that runs software is vulnerable such as wearables, phones, USB accessories, USB sticks, cameras, cars, printers, thermostats, ATMs, meters, microwaves, appliances, and whatever the IoT will become. Simply put: If it has a processor and connects to something else, it is hackable.

So, what can you do to protect against Embola? The answer is twofold:

1. Don’t let the bad code in, and
2. If it does get in, don’t let it run.

While this sounds pedantically simplistic, these steps are NOT being taken. These two functions have the self-explanatory names of secure download and secure boot.

Secure Download

Secure download uses encryption to ensure that the code that is received by the embedded system is kept away from hackers. The code is encrypted using an algorithm such as Advanced Encryption Standard (AES) by using an encryption key. That encryption key is created using a secret that is only shared with the target system. The encrypted code is sent to the target embedded system to be decrypted and loaded for its use. Along with the encrypted code, a seed is also sent to the target system.

The seed is a number (typically unique with each session) that is hashed during the encryption session with a secure secret key. The result of that hashing is called the digest or Message Authentication Code (MAC) and it is used to encrypt the code (i.e. the MAC is the actual encryption key). The seed is sent to the target system to enable decryption, and not useful to anyone unless it is hashed with the secret key, which is what the target system will do. The target system runs the same hashing algorithm with the identical shared secret key stored there and the seed, which results in the same digest (MAC) that was used to encrypt the code. That MAC can now be used as the decryption key to decrypt the code. At this point, the decrypted code can be ran in the target embedded system.

However, there is another step that can be taken that adds even more security, which is authentication using a digital signature. To use authentication, the unencrypted original code is hashed and signed by the code originator at the same time as the original encryption process. The originator uses a signing key on that hash of the code to make a signature. That signature is sent with the encrypted code and seed to the target system. Once the encrypted code is decrypted using the process noted above, the newly decrypted code will be hashed by the target system, just like was done by the originator, and then signed with the signing key stored in the target system. That signing key is the same as on the originator’s signing module, so if the decrypted code has not been altered, the signature made on the digest of that decrypted code and the signing key will be exactly the same as the signature that was sent over. These two signatures are compared and if they match then the code has been authenticated and can be safely run on the target system. What does this mean? No risk of Embola!

The two levels or security provided by secure down load with authentication is obviously very robust. It will ensure that code that was received has been kept secret during transmission and has not been tampered.

Secure Boot

Secure boot also uses digital signatures to ensure that the code to be booted when the target system starts up matches the code that the manufacturer intended and has not been tampered with. It sort of works in a similar way as secure download. If the code to be booted has been altered, then the signature made by hashing the digest of that code with a secret signing key will not match the signature from the manufacturer. If they don’t match, the code will not load.

These methods are easy and inexpensive to implement and already exist. You should be able to see by now how Atmel has you covered. Ready, set, get secure!