In recent years, dramatic attacks from the Mirai botnet attack of 2016 to Intel Spoiler in 2019 exposed the vulnerability of processors for electronic systems that undermined assumptions commonly held around the security of the processor and leveraging the root of trust in the system.
Here are three reasons why you can’t trust your processor for protecting IoT edge and embedded devices – and why a new model of embedded security-as-a-service can help give you an advantage in ensuring futureproof security.
1. Processors’ reliance on state machine/system software can be detrimental
Because of the nature of interconnectivity and reliance on software installed in processors/CPUs and online in electronic systems, the opportunity for hackers and cyber-criminals to cause disruption is increased. To prevent these types of attacks, security solutions have been integrated directly into electronic systems; Modern processors have security features that are meant to provide security layers which include secure boot, memory protection, different privileges to software processes, encryption, trusted execution environment and more.
However, since the processor needs to support many different software designs and functionalities, the processor and the security features controlled by the software must also be protected by the processor.
2. Processor reliance on secure boot can create a fatal latency at boot-time
Another processor security feature is secure boot which is supposed to verify the integrity and authenticity of the software with a cryptographic signature of the software compared to expected result at boot time. Due to the nature of this feature, secure boot creates a latency at boot time that is correlated to the size of the software. In many cases, there is a sensitivity to boot time delay which means that only a small portion of the software will be validated, or in extreme cases, it won’t be useable at all.
This leaves an adversary just enough attack surface to hack the software. Another similar attack is a denial of service (DoS) attack. DoS attacks can be easy to execute just by modifying one bit of the “secured software” which causes the wrong signature validation and halts the secure boot process. These types of attacks can even brick the device or, move to recovery mode which can be attacked in the same manner.
3. Processor security features require some processing power and increase the processor cost
Nowadays, management of end devices is critical for commercial systems, and it is assumed that software updates will be required for feature updates and security patches. Once the software on the processor is no longer trusted, the management of the electronic system cannot be trusted.
Furthermore, the software update mechanism can’t be secured properly due to the fact that the end-point is not trusted. This creates a major problem with the deployment of commercial systems.
These security features require additional resources from the processor in the form of additional silicon or additional firmware code and create a cost increase for processors that support the security features. It may be insignificant in some high-end applications that are less sensitive to cost, but it has an effect on low cost applications that can’t tolerate bill of material (BoM) increases.
What to do next
So, how can companies ensure that their IoT devices on the network remain secure? An innovative approach to IoT security is to protect the device’s flash, even from the processor and the software that is running on it. Creating a root of trust in the secure flash that blocks write operations to the protected memory facilitates a secure channel all the way from cloud to the flash, making it impossible for attackers to alter the firmware with any malicious code. This approach is agnostic to the processor and any software that is running on the device and avoids any latency in boot time or run time.
And since the solution has moved from the processor side to the flash side, this approach, agnostic of the processor and the OS, means that there is no need for additional cost resources on the processor side. Therefore, ironclad security can be achieved with low-power, low-cost processors, creating a more palatable cybersecurity solution for IoT manufacturers and IT management.