With more than 21 billion Internet of Things (IoT) devices expected to be deployed by 2025, according to antivirus and anti-malware security specialist Norton, and with very little or no security hardware running on these devices, more must be done to create a safe and secure digital ecosystem. Where resources, budgets, and environments vary across devices, a number of security applications must be considered to ensure the whole ecosystem has access to a strong defense against the growing sophistication of attacks and threats.
As the market for IoT devices grows, the competition between manufacturers to offer the best capabilities at the cheapest price increases—carrying the dangerous risk of security being overlooked. This creates a threat climate like never before as these devices become an increasingly enticing prospect for hackers.
IoT devices often act as a bridge between the virtual and physical world, providing a rare opportunity for hackers to interact remotely and providing almost limitless opportunities for devices to be compromised. Attacks on products like home security cameras or smart fridges might seem mundane, but they put personal data at risk by allowing access. Often, this kind of targeting sees victims spied on through their own cameras. Or, their financial information can be stolen by opportunists who have simply exploited an insecure device. With this in mind, the importance of having a secure foundation for the rest of the security layers to be built on has never been more critical.
When it comes to security, most of the attention goes to the most visible elements of a system, such as the operating system and the applications. However, with the growing number of threats, many organizations have begun to add firmware to their vulnerability and threat prevention models.
With action already being taken across the world, the latest Trusted Computing innovations in hardware security are essential to providing a simpler Root of Trust (RoT) foundation to build an anchor of cybersecurity protection. The RoT is a concept thatstarts a chain of trust needed to ensure devices boot with legitimate code. If the first piece of code executed has been verified as legitimate, these credentials are trusted by the execution of each subsequent piece of code.
Firmware and configuration data are security-critical components in any IoT device and must remain available and trustworthy in the face of an attack. These mechanisms must be resilient to tampering or corruption by destructive malware and built upon trust in the platform recovery support. In the event of a device being compromised, it needs a safe place to fall back to recover. In order to do this, a trusted hardware environment is needed, whether it is a Device Identifier Composition Engine (DICE) or a Trusted Platform Module (TPM).
With a wide range of security options on offer, TCG provides building blocks to create secure systems. In the case of a high-risk system, for example, industrial-grade discrete TPM hardware can be built in, not just into the plant’s firewall but also into the control system. This will enable real-time monitoring and allow sophisticated attacks to be identified and prevented. For devices that have a lower risk profile, TPM firmware can be created that has the same set of commands but sits just above the hardware—and is therefore more cost-effective.
With the proliferation of IoT devices comes the increase in extremely small connected devices, presenting the new challenge of securing devices with very minimal space to operate within. These small devices cannot be left without security measures in place; doing so will create a weak access point for a cyberattack. However, the inclusion of a TPM chip could be impractical due to cost, space and power.