Building a Secure IoT Platform
An essential element of implementing security is taking a holistic approach that ensures not just that the overall system is protected, but that each individual device is protected as well.
For many IoT applications, the cost of a security breach is that an adversary could have access to the IoT network, and the devices installed across it. This could result in a loss of privacy, compromise of data and potential abuse of the devices within a smart home. However, the stakes can be much higher in commercial, industrial and medical applications. In a commercial application, an adversary could turn on the HVAC system off-hours and cause a significant increase in energy costs. In an industrial setting, a robotic arm used to manage inventory could operate outside of its intended workspace thereby endangering nearby workers. Compromised medical devices could be lethal for the patient.
An essential element of implementing security is taking a holistic approach that ensures not just that the overall system is protected, but that each individual device – and sub-system with that device – is protected as well. Consider the reality that the majority of code, via 3rd party libraries, in a system is written by outside vendors. Put another way, a typical IoT device relies upon millions of lines of code – operating system, firmware, stacks, libraries, middleware, and so on – that were not written by the manufacturer.
As Figure 1 shows, all of this code is compiled into a single, monolithic application within the MPU. What this means is that all of these different functional blocks of code share the same MPU hardware resources. In particular, these blocks share the same memory.
Without integrated hardware mechanisms like a Memory Management Unit (MMU) and Physical Memory Protection (PMP) any functional block in the system can potentially cause the system to crash. Similarly, faulty code could write into the memory used by another functional block that may eventually lead to catastrophic system failure.
If you’re building an embedded IoT system and using Linux as the platform of choice for its vast ecosystem, you have 17+ million lines of code to select from for your Linux kernel. This is quite a lot of code to assume is error free, even in an open-source environment. Every software subsystem you include in your device has to be error free. When you can’t assume your own code is error free, how can you assume every third-party vendor you rely on has error free code?
Better than having to trust all the software in a system is having a platform in which one functional block is simply not able to impact other functional blocks. This requires an approach to design that embeds security deep into the hardware itself. One function can’t impact the other functions in your system because the hardware won’t allow it.
This is the heart of Multizone Security. Every functional block is strictly separated from the others. Since this is enforced at the hardware layer, there’s no way for the software to break the layer of protection – either through developer error or intentional hacking.
In the webinar Multizone Security – Making RISC-V® the Most Secure Platform Ever, you will learn about the Embedded Computing Threat Model and how it can help you understand the hidden vulnerabilities of your embedded designs. Myself, Tim Morin, technical fellow at Microchip, and Gesare Garlati, CEO and founder of HEX-Five Security, explore how developers can protect connected devices to prevent compromise of their operation. Together, they take a deep dive into the details of what it takes to build a secure IoT platform.
SHIELDS UP! is the webinar series from Microchip Technology offering an in-depth exploration of what it really takes to secure embedded IoT systems. Experts in security lead you through the challenges – and solutions – you need to create secure systems in a connected world. Sign up for upcoming webinars or explore our archive.