Mercenary hacker groups are ushering in a new era of Espionage-as-a-Service.
Although recent cyber attacks have been loud and damaging to companies like Sony, JPMorgan Chase and Home Depot, the much larger threat stems from mercenary hacker crews who are stealing billions of dollars of valuable technology secrets every year from U.S. companies on behalf of paying clients, Taia Global warns.
The groups carrying out so-called Espionage-as-a-Service (EaaS) attacks are said to range in size and skill, and can be carried out by anybody from an amateur to an ex-spook. In addition, these hackers have no nation-state affiliation and are well-paid, available for hire whether it’s a Chinese millionaire like Su Bin, a Russian oligarch or a western business competitor of the company being targeted. The aerospace industry is among the hardest hit, but any company who is investing in high value research and development can be a target, the firm explains.
“They are rarely discovered is due in part to their skill level and in part to being mis-identified as a state actor instead of a non-state actor if they are discovered. The low risk of discovery, frequent misattribution to a nation state, and growing demand of their services ensures that the EaaS threat actor will flourish in the coming 12 to 24 months,” urges Jeffrey Carr, Taia Global President and CEO.
A new website, aptly named Hacker’s List, seeks to match hackers with people looking to gain access to email accounts, take down unflattering photos from a website or gain access to a company’s database. In less than three months of operation, the New York Times reveals that over 500 hacking jobs have been put out to bid on the site, with cyber thieves vying for the right to do the dirty work.
“In just the last few days, offers to hire hackers at prices ranging from $100 to $5,000 have come in from around the globe on Hacker’s List, which opened for business in early November,” NYT’s Matthew Goldstein writes. “The rather matter-of-fact nature of the job postings on Hacker’s List shows just how commonplace low-profile hacking has become and the challenge such activity presents for law enforcement at a time when federal and state authorities are concerned about data security.”
Data breaches are seemingly more common than ever before. The hackers freelancing for the listing service will have varying skill levels, but, as Mashable‘s Christina Warren put it, everyone should have the expectation that “our privacy and security are finite and will probably be breached.” In fact, the theft of intellectual property is estimated to cost the U.S. $300 billion per year, according to a report by the IP Commission. It’s becoming increasingly clear that IP and data theft is a growing epidemic, but it can be prevented. In the meantime, you can read all about hackers for hire here.
With the emergence of breaches and vulnerabilities, the need for hardware security has never been so paramount.
Confidentiality — one of the three foundational pillars of security, along with data integrity and authenticity — is created in a digital system via encryption and decryption. Encryption, of course, is scrambling a message in a certain way that only the intended party can descramble (i.e. decrypt) it and read it.
Throughout time, there have been a number of ways to encrypt and decrypt messages. Encryption was, in fact, used extensively by Julius Caesar, which led to the classic type of encryption aptly named, Caesar Cipher. The ancient Greeks beat Caesar to the punch, however. They used a device called a “Scytale,” which was a ribbon of leather or parchment that was wrapped around a rod of a diameter, of which only the sender and receiver were aware. The message was written on the wrapping and unfurled, then sent to the receiver who wrapped on on the rod of the same diameter in order to read it.
Modern Encryption
Modern encryption is based on published and vetted digital algorithms, such as Advanced Encryption System (AES), Secure Hashing Algorithms (SHA) and Elliptic Curve Cryptography (ECC), among many others. Given that these algorithms are public and known to everyone, the security must come from something else — that thing is a secret cryptographic “key.” This fundamental principal was articulated in the 19th century by Auguste Kerckhoffs, a Dutch linguist, cryptographer and professor.
Kerckhoffs’ principlestates that a cryptosystem should be secure even if everything about the system, except the key, is public knowledge. In other words: “The key to encryption is the key.” Note that Kirchoffs advocated what is now commonly referred to as “open-source” for the algorithm. Point being, this open-source method is more secure than trying to keep an algorithm itself obscured (sometimes called security by obscurity). Because the algorithms are known, managing the secret keys becomes the most important task of a cryptographer. Now, let’s look at that.
Symmetric and Asymmetric
Managing the key during the encryption-decryption process can be done in two basic ways: symmetric and asymmetric. Symmetric encryption uses the identical key to both encrypt and decrypt the data. Symmetric key algorithms are much faster computationally than asymmetric algorithms because the encryption process is less complicated. That’s because there is less processing involved.
The length of the key size directly determines the strength of the security. The longer the key, the more computation it will take to crack the code given a particular algorithm. The table below highlights the NIST guidelines for key length for different algorithms with equivalent security levels. You can see that Elliptic Curve Cryptography (ECC) is a very compact algorithm. It has a small software footprint, low hardware implementation costs, low bandwidth requirements, and high device performance. That is one of the main reasons that ECC-based asymmetric cryptographic processes, such as ECDSA and ECDH, are now being widely adopted. The strength of the sophisticated mathematics of ECC are a great ally of all three pillars of security, especially encryption.
Not only is symmetric faster and simpler; furthermore, a shorter key length can be used since the keys are never made public as is the case with asymmetric (i.e. Public Key Infrastructure) encryption. The challenge, of course, with symmetric is that the keys must be kept secret on both the sender and receiver sides. So, distributing a shared key to both sides is a major security risk. Mechanisms that maintain the secrecy of the shared key are paramount. One method for doing this is called Symmetric Session Key Exchange.
Asymmetric encryption is different in that it uses two mathematically related keys (a public and private key pair) for data encryption and decryption. That takes away the security risk of key sharing. However, asymmetric requires much more processing power. Unlike the public key, the private key is never exposed. A message that is encrypted by using a public key can only be decrypted by applying the same algorithm and using the matching private key.
A message that is encrypted by using the private key can only be decrypted by using the matching public key. This is sort of like mathematical magic. Some of the trade offs of symmetric and asymmetric are summarized below.
Symmetric
Keys must be distributed in secret
If a key is compromised the attacker can decrypt any message and/or impersonate one of the parties
A network requires a large number of keys
Asymmetric
Around 1000 times slower than symmetric
Vulnerability to a “man-in-the-middle” attack, where the public key is intercepted and altered
Due to the time length associated with asymmetric, many real-world systems utilize combination of the two, where the secret key used in the symmetric encryption is itself encrypted with asymmetric encryption, and sent over an insecure channel.Then, the rest of the data is encrypted using symmetric encryption and sent over the insecure channel in the encrypted format. The receiver gets the asymmetrically encrypted key and decrypts it with his private key. Once the receiver has the symmetric key, it can be used to decrypt the symmetrically encrypted message. This is a type of key exchange.
Note that the man in the middle vulnerability can be easily addressed by employing the other pillar of security; namely authentication. Crypto engine devices with hardware key storage, most notably Atmel’s CrypotoAuthentication, have been designed specifically to address all three pillars of security in an easy to design and cost-effective manner. Ready to secure your next design? Get started here.
While some sort of IoT is possible without security, without security it would really just be a toy.
The Internet of Things (IoT) is arguably the most hyped concept since the pre-crash dot-com euphoria. You may recall some of the phrases from back then such as “the new economy,” “new paradigm,” “get large or get lost,” “consumer-driven navigation,” “tailored web experience,” “it’s different now,” among countless other media fabrications.
The IoT is the new media darling. In fact, it has been dubbed everything from the fifth wave of computing, to the third wave of the Internet, to the next big thing, to the next mega-trend, to the largest device market in the world, to the biggest efficiency booster/cost reduction technology. You get the picture.
Now, the question is whether or not the IoT will indeed be more real than just hype, as is the case with any media powered feeding frenzy. Let’s start by looking at the numbers.
Respected market researchers and giant networking companies are predicting gigantic numbers of connected devices to the tune of 20 to 50 billion units of installed base by 2020 or 2025, with some estimates even going higher. With numbers like that coming from the world’s most-followed, reputable sources, it won’t be long before high roller investors start placing enormous bets on who will be the winners of the IoT game; a game that will be make Vegas action look like a game of marbles. The IoT casino is now open.
There is really big money at stake because IoT represents a perfect storm of opportunity for venture capitalists and bold corporate acquirers — that is because many believe that half the successful IoT companies don’t even exist yet. Conditions don’t get much more attractive than that when it comes to risk capital.
Here’s a hot tip: Only bet on the companies offering systems that articulate a clear strategy that put strong security (especially authentication) as a top priority. This tip is derived from the observations of Dr. Vint Cerf (the acknowledged creator of the Internet) who declared that the IoT will require strong authentication. And, he’s right. Note well that the strongest authentication comes from hardware-based cryptographic key storage because hardware key storage beats software-based key storage every time. Inexpensive and easy-to-use integrated circuit devices already exist to do just that. The media should grasp that but don’t seem to get it yet.
The dirty little secret of the constantly-connected era is that without security, the IoT will just be a toy that consumers, governments, and corporations cannot take seriously. What good is a system of billions of interconnected things sensing and sending data (often through the cloud) that can be intercepted, corrupted, and spoofed? Not very much. IoT growth is dependent upon security.
Charting the Growth
The graphs below show estimated unit shipments and the resulting installed base of IoT devices. What has also been called out in each chart are devices with on-board security, mainly hardware-based security, and those that do not have built in hardware security. Most market estimates out there tend to show the growth of the IoT in terms of installed bases, growing to many billions by 2020. Typically speaking, you will see a chart like the one below, but without the divisions between secure and insecure nodes.This is a case of the devil being in the details, because installed base charts can be very misleading. Data jockeys such as market researchers and statisticians know very well that installed base is a tricky way to present data. Fair warning: Beware of drawing conclusions from installed base charts only.
The IoT case is a perfect example of how to hide the important information, because even if you remove the secure nodes, the chart still looks like there will be enormous growth. However, that masks the fact that growth will plateau without the secure nodes being a part of the picture. It is a an illusion caused by the fact that the early days of the IoT will build a base of significant numbers, but the volume shipments will fall off quickly as users reject insecure solutions precisely because they are insecure.
The installed base IoT chart is analogous to chart of automobiles in the time of Henry Ford showing the installed base of black cars (remember Model Ts came in any color as long as it was black). That would show that black cars were the overwhelming color and it would be impossible from that chart to conclude anything other than they always would be. Obviously, such a chart would mask the market changes that in fact happened and the inflection points as to when the changes happened. Masking is exactly what the IoT installed base chart does.
It fails to show that the inflection point towards secure nodes that is starting right now, which is a shift that will happen quickly. Reason being, the need for security is becoming clear (just ask Sony, Target, Home Depot, JP Morgan, and Iranian nuclear scientists about that). As aforementioned, inexpensive hardware-based devices are available now that can provide strong security to IoT nodes.
Security matters because users must trust that the nodes are who they say they are (i.e. are authentic). Additionally, confidentiality of the data is important to keep unauthorized third parties from getting the data and misusing it. Also, without data integrity mechanisms there is no way to ensure that the data have not been tampered with or corrupted. All three of these matter. A lot.
However, with all the press that the IoT receives and all the tremendous predictions of giga-volumes, you just don’t hear much other than passing comments about security. Security should, in fact, be the prerequisite of any article, discussion, or plan for IoT-based anything. Talking about the Internet of Things without addressing the security question (with specifics) is like talking about scuba diving without mentioning water.
Security gets short shrift even though it is pivotal to the IoT’s existence (and important to literally everyone in the digital universe, including the readers of this article). One main reason is that the meaning of security is not really well understood. As a result, engineers, executives, investors, and researchers alike have been mainly whistling past the graveyard hoping that their digital interests will not be attacked too badly. However, with the increasing frequency, variety, and creativity of security breaches and especially with the advent of breach-based litigation, the danger is increasing and finally more attention is getting paid. It is not hard to envision ambulance-chaser legal firms moving from class action suits regarding asbestos, medical devices, and pharmaceuticals to seeking data-breach damage rewards. In actuality, this has already started. You can almost hear the cloying ads already.
Security Defined
There are two important and fundamental questions about security and the IoT:
1. What is IoT security?
2. How do you implement it now?
To address the first item, the best way to understand it is to break it down into the three pillars of security, which are confidentiality, data integrity, and authentication (ironically referred to as “CIA”). The second inquiry is related directly to the first because implementing security is a function of how well you address the three pillars.
It is critical to address security right now because putting insecure systems into the world is just asking for trouble. There is no time to wait. Assembling a network or product dependent on a network that is filled with vulnerabilities is bad practice. The good news is that thanks to cryptographic engine integrated circuits with hardware-based secure key storage powerful solutions are clear and present.
Crypto Elements
Crypto element refers to a dedicated integrated circuit devices with crypto engines that handle crypto functions such as hashing, sign-verify (e.g. ECDSA), key agreement (e.g. ECDH), authentication (symmetric or asymmetric), encryption/decryption, message authentication coding (MAC), run crypto algorithms (e.g. elliptic curve cryptography, AES, SHA), and perform many other functions. The other critical part of the equation that makes crypto elements so valuable is their ability to store cryptographic keys in ultra-secure hardware. (The CTO of a major home networking company recently described storing cryptographic keys in software being like storing a key in a wet paper bag.)
Providing the exact type of security needed for the IoT to grow is what crypto engines like CryptoAuthentication solutions are all about. They make security both easy and cost effective. The amazing thing is that crypto engine devices were invented before the IoT even existed. Now they are arguably the ideal catalyst to drive IoT growth when they are added to the other fundamental elements of the IoT. So, it should be clear that there are now four elements to a serious IoT node:
1. Intelligence (Microprocessors)
2. Communications (Wi-Fi, Bluetooth, etc.)
3. Sensors
4. Security
These four items will be the recurring theme of IoT nodes. The story from here will be which communications standards are supported, the level of integration, how security is handled (standards and methods), performance, speed, power, size, etc., not if security is there or not.
Long story short: While some sort of IoT is possible without security, without security it would really just be a toy.
As we turn the page on yet another year, the folks over at Information Is Beautiful have compiled an interactive infographic highlighting the biggest data breaches in recent history. You can scroll around to find out how, when and the magnitude of the each incident.
Whether it was, in fact, the “Year of the Breach” or the “Year of Breach Awareness,” 2014 shed light on IoT insecurities, device vulnerabilities and crippling cyberattacks. Financial institutions, big-box retailers, entertainment corporations and even government agencies all fell victim to an assortment of hackers over the past 12 months. From JPMorgan Chase and Sony Pictures to Home Depot and Staples, we’re taking a look back at some of the most devastating breaches of 2014.
I just came across the epic hack that Wired‘s Matt Honan had perpetrated on him. A hacker added a credit card number to his Amazon account. The next day they called Amazon and said they lost the password. “What is the number of the credit card on the account?” asked the helpful Amazon employee. Once they were in the Amazon account they got into his Google accounts, all helpfully linked by Matt himself, and then the Apple accounts. The hacker was some sociopath kid. He was not interested in money; he just wanted to hurt someone, so he wiped out all the pictures and data on Honan’s phone, computer, and yes, the precious precious cloud. Yes, my precious, one cloud to rule them all.
Just like the Ring in The Lord of the Rings, the cloud can be your worst enemy in the hands of a bad person.
Now initially Honan lamented that he lost all the pictures of his new baby and a bunch of other stuff. The next article showed how he got it all back in a couple days. He says he believes in the cloud even more now. Beats me why he thinks that. If he had not inadvertently left his 1Password account password in his Dropbox on his wife’s computer it might have been much more difficult to recover control of his accounts.
As to all the wiped data, well it was lost forever on the precious cloud, but the nice folks at DriveSavers got his SSD (solid-state drive) in his mac mostly recovered at a cost of $1,690. So since the whole thing gave him half a dozen popular articles to write-up, you could argue getting hacked was the best thing that ever happened to his career. It reminds me of when King Louis XIV’s minister Colbert asked a bunch of writers “What can France do for you?” One shouted back—“Throw us in prison.” It would give them something to write about and the time and solitude needed to write it.
DriveSavers have a full cleanroom to save hacked, damaged, or corrupted hard drives. They can also do forensic hardware analysis on solid state drives (SSDs) as in Matt Honan’s case.
What astonishes me is that this hack happened to a technically astute denizen of San Francisco. Maybe he should move to Silicon Valley, we know a lot about security here and Atmel’s group in Colorado knows even more. Not only did Honan misplace his trust in online accounts and the precious cloud, he kept no secure data backup. He courageously accepts the blame, but also tries to deflect some blame onto Apple and Google. Sorry, your data is your responsibility. Apple and Google quickly closed the social-manipulation hacks the sociopath used, but it is not their job to accept responsibility for your data. That is your responsibility.
This is what we keep harping on here at Atmel. Security is a key pillar in the Internet to Things, and the best security, the only real security, is hardware security. You don’t want these malicious hackers changing your thermostat, or running up your electric bill, or stealing your security camera feeds. Atmel has inexpensive tiny chips you can use to secure these gizmos. Some of our chips use symmetrical authentication. The security chip is programmed with your secret key, and you know the secret key. The microcontroller, and it doesn’t have to be an Atmel microcontroller— it can be anyone’s, sends a random number to the Atmel security chip. The Atmel chip does a mathematical operation on the random number using the secret key, and sends that result back to the microcontroller. The host microcontroller has a local Atmel security chip to do the same mathematical operation on the same random number and then it compares the two results. If they don’t match, the code stops executing. That way no-one can put in bogus code and take over your gizmo. It gives you secure boot and secure downloads and upgrades. You can also use Atmel security chips to verify a battery or accessory is genuine and not some knock-off product.
Atmel’s CryptoAuthentication™ system uses hardware and extreme security to protect your system.
Now since the microcontroller is connected to the Atmel security chips by way of a common SPI port, you might fear a hacker could snoop on the communication and learn the random number sent to the Atmel chips or the mathematical result sent from it to the micro. That’s the beautiful part of this. The micro generates a new random number every time. If the host micro is too small and simple to generate a reliable random number, the tiny Atmel security chip has its own true random number generator (TRNG). So the micro can query the Atmel chip for the number, then query for the result, then do the same operation using the same secret key. So snooping on the serial port will only give you the last serial number and the result. You will have no idea of what the operation was that produced the result. Its like snooping and seeing the number 12 transmitted, but you still don’t know if that was based on 2 time 6 or 3 times 4. Now imagine that problem with numbers hundreds of bits long, and you can see how secure this makes your system.
This USB memory stick has a keypad to unlock it. You can store all your passwords or love letters on it and no one can get in without the code.
So it’s great to have services like 1Password, which is a browser extension combined with a remote server that generates and stores different passwords for all your needs. If, however, you need to use two computers, and who doesn’t, now you get to involve Dropbox so that you can store the master password there so you can get your 1Password even if you are at a Kinkos computer. Thing is, I just feel better with hardware security. In this case, it would be using a USB stick with hardware keypad or fingerprint sensor. Those are great since you don’t need a program on the computer of Surface Pro tablet to run it. You swipe your finger or type in a code and the stick unlocks and you can cut-and paste passwords as you need to. Thing is, there I worry about Windows saving some temporary file. I looked into this a few years ago, and sure enough, even a text file seemed to get cloned somewhere once you opened it off a stick. So the real hardware security is two-factor authentication like you get with an RSA dongle or a YubiKey. Once again, the essential element is a real physical piece of hardware that makes the system secure. I love the YubiKey since it emulates a keyboard, so unless someone infected your computer with a keylogger, there is no record that you used it. And, like the RSA SecurID, even if they do keylog it, the same code never works twice. They are just like that Atmel security chip and just as uncrackable.
The YubiKey is a two-factor authentication system accepted by more and more sites for login. The Nano model is as small as the USB contact pins. Pressing a little button on the device makes it send the one-time log-on code as though it was a USB keyboard.
New technology and business buzzwords pop up constantly. Hardly a day goes by that you don’t see or hear words such as “cloud”, “IoT,” or “big data.” Let’s add one more to the list: “Ambient security.”
You’ll notice that big data, the cloud, and the IoT are all connected, literally and figuratively, and that is the point. Billions of things will communicate with each other without human intervention, mainly through the cloud, and will be used to collect phenomenal and unprecedented amounts of data that will ultimately change the universe.
As everything gets connected, each and every thing will also need to be secure. Without security, there is no way to trust that the things are who they say they are (i.e. authentic), and that the data has not been altered (i.e. data integrity). Due to the drive for bigger data, the cloud and smart communicating things are becoming ambient; and, because those things all require security, security itself is becoming ambient as well. Fortunately, there is a method to easily spread strong security to all the nodes. (Hint: Atmel CryptoAuthentication.)
Big Data
At the moment, big data can be described as the use of inductive statistics and nonlinear system analysis on large amounts of low density (or quickly changing) data to determine correlations, regressions, and causal effects that were not previously possible. Increases in network size, bandwidth, and computing power are among the things enabling this data to get bigger — and this is happening at an exponential rate.
Big data became possible when the PC browser-based Internet first appeared, which paved the way for data being transferred around the globe. The sharp rise in data traffic was driven to a large extent by social media and companies’ desire to track purchasing and browsing habits to find ways to micro-target purchasers. This is the digitally-profiled world that Google, Amazon, Facebook, and other super-disruptors foisted upon us. Like it or not, we are all being profiled, all the time, and are each complicit in that process. The march to bigger data continues despite the loss of privacy and is, in fact, driving a downfall in privacy. (Yet that’s a topic for another article.)
Biggering
The smart mobile revolution created the next stage of “biggering” (in the parlance of Dr. Seuss). Cell phones metamorphosed from a hybrid of old-fashioned wired telephones and walkie-talkies into full blown hand-held computers, thus releasing herds of new data into the wild. Big data hunters can thank Apple and the Android army for fueling that, with help from the artists formerly known as Nokia, Blackberry, and Motorola. Mobile data has been exploding due to its incredible convenience, utility, and of course, enjoyment factors. Now, the drive for bigger data is continuing beyond humans and into the autonomous realm with the advent of the Internet of Things (IoT).
Bigger Data, Little Things
IoT is clearly looking like the next big thing, which means the next big thing will be literally little things. Those things will be billions of communicating sensors spread across the world like smart dust — dust that talks to the “cloud.”
More Data
The availability of endless data and the capability to effectively process it is creating a snowball effect where big data companies want to collect more data about more things, ad infinitum. You can almost hear chanting in the background: “More data… more data… more data…”
More data means many more potential correlations, and thus more insight to help make profits and propel the missions of non-profit organizations, governments, and other institutions. Big data creates its own appetite, and the data to satisfy that growing appetite will derive from literally everywhere via sensors tied to the Internet. This has already started.
Sensors manufacture data. That is their sole purpose. But, they need a life support system including smarts (i.e. controllers) and communications (such as Wi-Fi, Bluetooth and others). There is one more critical part of that: Security.
No Trust? No IoT!
There’s no way to create a useful communicating sensor network without node security. To put it a different way, the value of the IoT depends directly on whether those nodes can be trusted. No trust. No IoT. Without security, the Internet of Things is just a toy.
What exactly is security? It can best be defined by using the three-pillar model, which (ironically) can be referred to as “C.I.A:” Confidentiality, Integrity and Authenticity.
CIA
Confidentiality is ensuring that no one can read the message except its intended receiver. This is typically accomplished through encryption and decryption, which hides the message from all parties but the sender and receiver.
Integrity, which is also known as data integrity, is assuring that the received message was not altered. This is done using cryptographic functions. For symmetric, this is typically done by hashing the data with a secret key and sending the resulting MAC with the data to the other side which does the same functions to create the MAC and compare. Sign-verify is the way that asymmetric mechanisms ensure integrity.
Authenticity refers toverification that the sender of a message is who they say they are — in other words, ensuring that the sender is real. Symmetric authentication mechanisms are usually done with a challenge (often a random number) that are sent to the other side, which is hashed with a secret key to create a MAC response, before getting sent back to run the same calculations. These are then compared to the response MACs from both sides.
(Sometimes people add non-repudiation to the list of pillars, which is preventing the sender from later denying that they sent the message in the first place.)
The pillars of security can be implemented with devices such as Atmel CryptoAuthentication crypto engines with secure key storage. These tiny devices are designed to make it easy to add robust security to lots of little things – -and big things, too.
So, don’t ever lose sight of the fact that big data, little things and cloud-based IoT are not even possible without ambient security. Creating ambient security is what CryptoAuthentication is all about.
Let’s skip the Gartner hype cycle discussion about the ever-evolving Internet of Things, shall we? It’s a given: IoT is huge, everyone’s hair is on fire — some will be disillusioned, some will win big, time will sort it out. But, if you’re waiting for the “one thing to rule them all,” you’ll surely be a bystander to a new wave of innovation and opportunities. You have to dive in before all the winners and losers are culled.
Because IoT is such a massive domain, this series is an attempt to boil it down into something practical, even desktop scope.
Roadmap
To start, we’ll introduce and discuss a relatively simple model and way to think about the IoT in order to help keep your technical bearings in a rapidly changing landscape.
In subsequent parts of this series, I’ll explore some of the leading IoT protocols, and in keeping with a “practical IoT” theme, we’ll do some desktop IoT with some easy-to-use development boards from Atmel along with a selection of open-source tools or libraries.
I’ll put heavy emphasis on IoT security as it is an often overlooked, yet critical, element of implementing a successful IoT stack. The goal is to create a basic IoT stack that works well together, but more importantly, provides a hands-on lab to try out various aspects of the connected world as it evolves.
Use Case
As a system architect, you need to get a sensor solution up and running which won’t fall on its face at the first inkling of success. You need to worry about such things as embedded size constraints, scaling strategies, third party integration, connectivity, economics, implementation skill sets, power, and even future-proofing.
You’ll want your system to grow and evolve while the IoT is trying to figure out what it wants to be when it grows up.
It sounds a lot like you are doing M2M, so how is IoT going to help?
What’s the difference between IoT and M2M?
“Always design a thing by considering it in the next larger context – a chair in a room, a room in a house, a house in an environment, an environment in a city plan.” – Eliel Saarinen
If you developed a sensor network before the IoT acronym came along, you’d be forgiven for thinking IoT is just lipstick on M2M. M2M is often associated with point solutions or a fleet of the same kind of thing — a system of Wi-Fi thermostats, a flow sensor network in an oil-refinery, a vehicle location system, home automation, all the heart monitoring telemetry in a hospital. For some in the industry, M2M means anything with a cellular modem on a particular carrier’s network.
Long story short, the key takeaway is that M2M is almost synonymous with isolated systems of sensors and islands of telemetry data. In contrast, the IoT is trying to marry disparate systems into an expansive system view to enable new applications — that’s not only the big idea, it’s the one key difference between M2M and IoT.
“If you consider M2M in the next larger context, you get the IoT.” – Landon Cox
I guess we can say that IoT really stands for “I want it all.” In order to achieve that, major new facets such as first class security, big data, cloud scale, ubiquitous presence, human interactions — all wrapped up in business objective parlance — come to bear.
IoT is a catch-all technology bucket and it’s probably always going to be that way, so let’s make the best of it and make headway amidst all the ambiguity and hype. Here’s how…
One practical way to think about it is: The Internet of Things is the arch connecting M2M vertical pillars (technology stacks). This view allows the IoT to leverage all of the good work that has gone into M2M, incorporate existing legacy M2M systems, yet leave it loosely coupled and abstract enough to describe various business problems (not one size fits all).
In the example above, IoT is marrying health sensor data from three very different sources and contexts, all of which are using different company’s products within siloed M2M ecosystems. Bringing this together provides a better overall picture of a client’s health than individual silos can. IoT technologies, such as cloud scale and security, gain tremendous importance in an application like this, beyond the significance within the silo’s scale.
This view also helps keep IoT from being tied to a specific M2M technology stack. The implication? For IoT to add value not already in M2M, it must provide a fabric that either bridges M2M systems, through analytics or data networking, or fulfill a business mission not addressed by an individual M2M stack.
IoT Caveats
IoT is dangerously close to the SOA vortex (Service Oriented Architecture) and is something we need to be mindful of avoiding. As SOA expert Anne Thomas Manes pointed out in SOA is Dead; Long Live Services, “Perhaps that’s the challenge: The acronym got in the way. People forgot what SOA stands for. They were too wrapped up in silly technology debates (e.g., “what’s the best ESB?” or “WS-* vs. REST”), and they missed the important stuff: architecture and services.”
My summary? Despite some good technology and ideas that came out of SOA, technology that the IoT builds upon, SOA died of its own weight. We should keep the cause of death of SOA in mind when working on IoT so it doesn’t become a likewise casualty.
I would like to see IoT architecture evolve along the lines of the OSI network reference model and not SOA (except for the important stuff). That means that IoT should be a simple, common concept used by system architects to design, map, and compare different implementations.
Ethernet and Token Ring, for example, are two very different network technologies, but both map to the OSI reference model. OSI gives us a common way to talk about nearly any network technology. We need the same idea for IoT to make it practical.
From that perspective, we could talk about many different Internet of Things stacks in the same manner we talk about Ethernet, Wi-Fi, TCP/IP, or UDP. Various technologies fit into a common network model (OSI) and are combined in various ways to achieve something useful (i.e. the web). Same with the IoT: Think of it as a model, like OSI. Specific IoT implementations map to various parts of an IoT reference model like specific networks technologies map to OSI.
So, this is the basic philosophy behind what I would call “practical IoT:”
1. Don’t let the acronym get in the way.
2. Use the right tool for the right job (IoT stack flexibility, not one-size-fits-all, no IoT wars).
3) Ensure IoT is more technology-oriented, like the OSI reference model; less marketing oriented and less like SOA.
4) It has to be more than, and distinctly different from, M2M.
Now where?
I realize this was a really high level view of Practical IoT. Stay tuned for upcoming Desktop IoT tutorials and hands-on demonstrations as we’ll delve deep and get practical with the Internet of Things. In the meantime, imagine, expand and evolve your connected ideas with Atmel’s latest (free) white paper.
In today’s world, the three pillars of security are confidentiality, integrity (of the data), and authentication (i.e. “C.I.A.”). Fortunately, Atmel CryptoAuthentication crypto engines with secure key storage can be used in systems to provide all three of these.
Focusing on the confidentiality pillar, in a symmetric system it is advantageous to have the encryption and decryption key shared on each side go through a change for every encryption/decryption session. This process, which is called symmetric session key exchange, helps to provide a higher level of security. Makes sense, right?
So, let’s look at how to use the capabilities of the ATSHA204A CryptoAuthentication device to create exactly such a changing cryptographic key. The way a key can be changed with each session is by the use of a new (and unique) random number for each session that gets hashed with a stored secret key (number 1 in the diagram below). While the stored key in the ATSHA204A devices never changes, the key used in each session (the session key) does. Meaning, no two sessions are alike by definition.
The video below will walk you through the steps, or you can simply look at the diagram which breaks down the process.
The session key created by the hashing of the stored key and random number gets sent to the MCU (number 2) and used as the AES encryption key by the MCU to encrypt the data (number 3) using the AES algorithm. The encrypted data and the random number are then sent (number 4) to the other side.
Let’s explore a few more details before going on. The session key is a 32 byte Message Authentication Code or “MAC.” (A MAC is defined as a hash of a key and message.) 16 bytes of that 32 byte (256 bit) MAC becomes the AES session key that gets sent to the MCU to run the AES encryption algorithm over the data that is to be encrypted.
It is obvious why the encrypted code is sent, but why is the random number as well? That is the magic of this process. The random number is used to recreate the session key by running the random number through the same SHA-256 hashing algorithm together with the key stored on the decryption side’s ATSHA204A (number 5). Because this is a symmetric operation, the secret keys stored on both of the ATSHA204A devices are identical, so when the same random number is hashed with the same secret key using the same algorithm, the 32 byte digest that results will be exactly the same on the decrypting side and on the encrypting side. Just like on the encrypting side, only 16 bytes of that hash value (i.e. the MAC) are needed to represent the AES encryption/decryption key (number 6). At this point these 16 bytes can be used on the receiving side’s MCU to decrypt the message(number 7).
And, that’s it!
Note how easy the ATSHA204A makes this process because it stores the key, generates the random number, and creates the digest. There’s a reason why we call it a crypto engine! It does the heavy cryptographic work, yet is simple to configure the SHA204A using Atmel’s wide range of tools.
Not to mention, the devices are tiny, low-power, cost-effective, work with any micro, and most of all, store the keys in ultra-secure hardware for robust security. By offering easy-to-use, highly-secure hardware key storage crypto engines, it’s simple to see how Atmel has you covered.
One of the companies that is best positioned to supply components into the Internet of Things (IoT) market is Atmel. For the time being most designs will be done using standard components, not doing massive integration on an SoC targeted at a specific market. The biggest issue in the early stage of market development will be working out what the customer wants and so the big premium will be on getting to market early and iterating fast, not premature cost optimization for a market that might not be big enough to support the design/NRE of a custom design.
Here is Atmel’s latest product in the SmartConnect family, the SAM W25 module
Atmel has microcontrollers, literally over 500 different flavors and in two families, the AVR family and a broad selection of ARM microcontrollers ad processors. They have wireless connectivity. They have strong solutions in security.
Indeed last week at Electronica in Germany they announced the latest product in the SmartConnect family, the SAM W25 module. It is the industry’s first fully-integrated FCC-certified Wi-Fi module with a standalone MCU and hardware security from a single source. The module is tiny, not much larger than a penny. The module includes Atmel’s recently-announced 2.4GHz IEEE 802.11 b/g/n Wi-Fi WINC1500, along with an Atmel | SMART SAM D21 ARM Cortex M0+-based MCU and Atmel’s ATECC108A optimized CryptoAuthentication engine with ultra-secure hardware-based key storage for secure connectivity.
Atmel at Electronica 2014
That last item is a key component for many IoT designs. Security is going to be a big thing and with so many well-publicized breaches of software security, the algorithms, and particularly the keys, are moving quickly into hardware. That component, the ATECC108A, provides state-of-the-art hardware security including a full turnkey Elliptic Curve Digital Signature Algorithm (ECDSA) engine using key sizes of 256 or 283 bits – appropriate for modern security environments without the long computation delay typical of software solutions. Access to the device is through a standard I²C Interface at speeds up to 1Mb/sec. It is compatible with standard Serial EEPROM I²C Interface specifications. Compared to software, the device is:
Edge nodes are becoming integrated into everyone’s life
As it says in the white paper:
On first inspection, the requirements of an IoT edge device appear to be much the same as any other microcontroller (MCU) based development project. You have one or more sensors that are read by an MCU, the data may then be processed locally prior to sending it off to another application or causing another event to occur such as turning on a motor. However, there are decisions to be made regarding how to communicate with these other applications. Wired, wireless, and power line communication (PLC) are the usual options. But, then you have to consider that many IoT devices are going to be battery powered, which means that their power consumption needs to be kept as low as possible to prolong battery life. The complexities deepen when you consider the security implications of a connected device as well. And that’s not just security of data being transferred, but also ensuring your device can’t be cloned and that it does not allow unauthorized applications to run on it.
IoT design requirements: Software / development tools ecosystem
For almost any application, the building blocks for an IoT edge node are the same:
Embedded processing
Sensors
Connectivity
Security
And while not really a “building block,” ultra-low power for always-on applications
My view is that the biggest of these issues will be security. After all, even though Atmel has hundreds of different microcontrollers and microprocessors, there are plenty of other suppliers. Same goes for connectivity solutions. But strong cryptographhic solutions implemented in hardware are much less common.
Authentication may just be the “sine qua non” of the Internet of Things.
Let’s just come out and say it: Not using the most robust security to protect your digital ID, passwords, secret keys and other important items is a really, really bad idea. That is particularly true with the coming explosion of the Internet of Things (IoT).
The identity (i.e. “ID”) of an IoT node must be authenticated and trusted if the IoT is ever to become widely adopted. Simply stated, the IoT without authenticated ID is just not smart. This is what we mean when we say don’t be an ID-IoT.
It seems that every day new and increasingly dangerous viruses are infecting digital systems. Viruses — such as Heartbleed, Shellshock, Poodle, and Bad USB — have put innocent people at risk in 2014 and beyond. A perfect case in point is that Russian Cyber gangs (a.k.a. “CyberVor”) have exposed over a billion user passwords and IDs — so far. What’s scary is that the attacks are targeted at the very security mechanisms that are meant to provide protection.
If you think about it, that is somewhat analogous to how the HIV/AIDS virus attacks the very immune system that is supposed to protect the host organism. Because the digital protection mechanisms themselves have become targets, they must be hardened. This has become increasingly important now that the digital universe is going through its own Big Bang with the explosion of the IoT. This trend of constant connectivity will result in billions of little sensing and communicating processors being distributed over the earth, like dust. According to Gartner, processing, communicating and sensing semiconductors (which comprise the IoT) will grow at a rate of over 36% in 2015, dwarfing the overall semiconductor market growth of 5.7%. Big Bang. Big growth. Big opportunity.
The IoT will multiply the number of points for infection that hackers can attack by many orders of magnitude. It is not hard to see that trust in the data communicated via an ubiquitous (and nosey) IoT will be necessary for it to be widely adopted. Without trust, the IoT will fail to launch. It’s as simple as that. In fact, the recognized inventor of the Internet, Vint Cerf, completely agrees saying that the Internet of Things requires strong authentication. In other words, no security? No IoT for you!
There is much more to the story behind why the IoT needs strong security. Because the world has become hyper-connected, financial and other sensitive transactions have become almost exclusively electronic. For example, physical checks don’t need to be collected and cancelled any more — just a scanned electronic picture does the job. Indeed, the September 11th terror attacks on the U.S. that froze air travel and the delivery of paper checks accelerated the move to using images to clear checks to keep the economy moving.
Money now is simply electronic data, so everyone and every company are at risk of financial losses stemming directly from data breaches. See? Data banks are where the money is now kept, so data is what criminals attack. While breaches are, in fact, being publicized, there has not been much open talk about their leading to significant corporate financial liability. That liability, however, is real and growing. CEOs should not be the least bit surprised when they start to be challenged by significant shareholder and class action lawsuits stemming from security breaches.
Although inadvertent, companies are exposing identities and sensitive financial information of millions of customers, and unfortunately, may not be taking all the necessary measures to ensure the security and safety of their products, data, and systems. Both exposure of personal data and risk of product cloning can translate to financial damages. Damages translate to legal action.
The logic of tort and securities lawyers is that if proven methods to secure against hacking and cloning already exist, then it is the fiduciary duty of the leaders of corporations (i.e. the C-suite occupants) to embrace such protection mechanisms (like hardware-based key storage), and more importantly, not doing so could possibly be argued as being negligent. Agree or not, that line of argumentation is viable, logical, and likely.
A few CEOs have already started to equip their systems and products with strong hardware-based security devices… but they are doing it quietly and not telling their competitors. This also gives them a competitive edge, besides protecting against litigation.
Software, Hardware, and Hackers
Why is it that hackers are able to penetrate systems and steal passwords, digital IDs, intellectual property, financial data, and other secrets? It’s because until now, only software has been used to protect software from hackers. Hackers love software. It is where they live.
The problem is that rogue software can see into system memory, so it is not a great place to store important things such as passwords, digital IDs, security keys, and other valuable things. The bottom line is that all software is vulnerable because software has bugs despite the best efforts of developers to eliminate them. So, what about storing important things in hardware?
Hardware is better, but standard integrated circuits can be physically probed to read what is on the circuit. Also, power analysis can quickly extract secrets from hardware. Fortunately, there is something that can be done.
Several generations of hardware key storage devices have already been deployed to protect keys with physical barriers and cryptographic countermeasures that ward off even the most aggressive attacks. Once keys are securely locked away in protected hardware, attackers cannot see them and they cannot attack what they cannot see. Secure hardware key storage devices — most notably Atmel CryptoAuthentication — employ both cryptographic algorithms and a tamper-hardened hardware boundary to keep attackers from getting at the cryptographic keys and other sensitive data.
The basic idea behind such protection is that cryptographic security depends on how securely the cryptographic keys are stored. But, of course it is of no use if the keys are simply locked away. There needs to be a mechanism to use the keys without exposing them — that is the other part of the CryptoAuthentication equation, namely crypto engines that run cryptographic processes and algorithms. A simple way to access the secret key without exposing it is by using challenges (usually random numbers), secret keys, and cryptographic algorithms to create unique and irreversible signatures that provide security without anyone being able to see the protected secret key.
Crypto engines make running complex mathematical functions easy while at the same time keeping secret keys secret inside robust, protected hardware. The hardware key storage + crypto engine combination is the formula to keeping secrets, while being easy-to-use, available, ultra-secure, tiny, and inexpensive.
