Protecting IoT devices from cyberattacks: A critical missing piece: Page 3 of 10

August 04, 2017 //By Alan Grau, Icon Labs
Protecting IoT devices from cyberattacks: A critical missing piece
When it comes to protecting IoT devices from cyber attacks, both device hardening and security appliance approaches each has its supporters, but there are trade-offs between “device-centric” and “appliance-centric.”
protocols. These protocols have some built-in security. However, it is relatively weak and exploits have been published. Small IoT devices typically run on very low-cost, lower-power processors not supporting TLS or IPSec. For small edge devices, DTLS, which is TLS over UDP, can be used for secure communication.

Secure boot and secure firmware updates
Secure boot and secure firmware update capabilities ensure an IoT device is running authorized code from the device manufacturer preventing the installation of malware or code modified by hackers.


Figure 3. Secure boot ensures that hackers are unable to install malicious code on an IoT device.

Secure boot begins with a first-stage bootloader programmed into a protected or non-writable storage location on the device. This first-stage boot loader validates the authenticity of the second-stage boot loader. The second-stage boot loader, which can be more complex and may be stored in reprogrammable flash memory, repeats the process, verifying the operating system and applications are valid.

Secure boot relies on signed code images to enable validation of the image during the secure boot process. The code images are signed by the device OEM using the OEM’s private key. The OEM’s corresponding public key is used by the device to validate the signature for the firmware image.

Secure firmware update, like secure boot, validates new code images that have been signed by the OEM during the upgrade process. If downloaded images are not valid, they are discarded and the upgrade is not performed. Only valid images are accepted and saved to the device.

Data-at-Rest (DAR) protection
IoT devices, unlike enterprise servers, are not locked away deep in a data centre. Many are located in the field with the risk of theft or physical attack. Any sensitive data stored on such a device should be encrypted, ensuring it is protected from attempts to read from the device, either by copying the data from the device, or by physically removing the


Vous êtes certain ?

Si vous désactivez les cookies, vous ne pouvez plus naviguer sur le site.

Vous allez être rediriger vers Google.