IoT device security: It’s impossible without these two things

With news of the latest hack hitting the headlines all too frequently, IoT device security can no longer be an afterthought for developers. Fierce Electronics sat down with ST Microelectronics’ Joe Pilozzi, Technical Marketing Manager- Secure uCs-Authentication, Americas, to learn more about where the industry is today and what strategies are most important in building a secure IoT device.

FE: Is IoT device security more of an afterthought for engineers today, or do you think that is changing especially in light of new laws in California and Oregon?

Pilozzi: IoT security is already becoming a key consideration for many engineers today.  The change started, and is gaining momentum, because of visible driving forces, including new laws, recommendations from government (NIST), highly visible news of breaches, and the push from technology leaders such as AWS and ST.

FE: How long do you think it will take to achieve wide-scale awareness of the need to build security into IoT devices?

Pilozzii: We think the wide-scale awareness is already common among the large OEMs/brands supplying connected devices -- and the smaller customers are not far behind. It is not the lack of awareness that is blocking wider/faster adoption but is instead the complexity of defining and then implementing “Goldilocks” security (not too much, not too little, but just right) in a way that fulfills functional and business goals. The STM32L4+Discovery kit IoT node with STSAFE-A110 provides guidance that shows how to achieve basic security and that will help foster adoption.

FE: Where’s the best place for design engineers to start in building a secure device?

Pilozzi:  Development of modern IoT devices is impossible without two features that fundamentally differentiate them from their non-connected siblings: First, a strong Root of Trust and second, the ability to reliably update their firmware Over-the-Air or Over-the-Wire. STMicroelectronics collaborated with AWS for several years to create several reference designs for connected devices. Those designs leverage the power of secure hyperscale AWS IoT message broker, STM32 MCUs, and STSAFE secure elements).

FE: How do the reference designs STMicroelectronics has developed with AWS benefit design engineers today? 

Pilozzi: The STM32L4+ Discovery kit IoT node provides comprehensive security guidance showing engineers how to integrate security into the application. It shows how to integrate the STM32L4+’s security features with the attestable and protected identity of STSAFE-A110 to build a strong root of trust plus.  Using STSAFE-A110’s secure certified HW, customized with key/certificate personalization to authenticate then connect to AWS, ensures only a device-manufacturer’s authorized devices have access to their intended function/service, including Over-the-Air Firmware-updates.

FE: You have a workshop coming up that focuses on two features that are necessary to build a secure device, namely a strong Root of Trust and the ability to reliably update the firmware Over-the-Air (or Over-the-Wire). What are some other things engineers can/should be doing?

Pilozzi: Deciding how to securely install their device’s Firmware and cryptographic basis of identity are both very important.  Keys and certificates that are the basis of device identity initialized in the host uC’s Flash rather than in a secure element require the development and implementation of a process to flash/install device Firmware and keys before activating and using security features of the host controller to protect them. 

Today’s supply chains, with manufacturing in Asia, compounds the complexity, cost, and security of the completed process/solution which could still be susceptible to certain attacks on device identity (such as when a certified Secure Element is not used). Implementing the device’s cryptographic identity into a separate, certified Secure Element, such as STSAFE-A110, essentially provides a Hardware license/key to manufacture an OEMs device that is infeasible to clone. 

The connected device manufacturer must still manage/secure how the Firmware and security features are implemented/used to secure their IP and essential safe/secure functioning of their device.  But using a certified Secure Element for identity decouples the possibility of an attack using the ID through the host Firmware.  The Secure Element’s crypto capabilities and secured memory can be used by the host uC to verify the application’s Firmware for boot-up and update using certificates which are infeasible to overwrite.

Editor’s note:

On March 15, 2021, at the IoT Technology Summit , a free digital event hosted by Fierce Electronics,  STMicroelectronics Applications Staff Engineer Slim Jallouli will show engineers how to easily start developing their first IoT connected device using the STM32L4+ Discovery kit IoT node (B-L4S5I-IOT01A), STM32 Cube IDE and AWS CLI. The presentation will be accompanied with a code repository enabling engineers to replicate all the steps of the demonstration.

Following the session, attendees will receive links to additional training resources that people can take at their own pace. A limited number of STM32L4+ Discovery kit IoT node boards will also be available to redeem on a first come, first serve basis. 

RELATED:

Smart home devices study finds security shortcomings in all

UL aims to put a security rating on every connected device