Ed Sperling and Jeff Dorsch of Semiconductor Engineering recently penned an article about the future of IoT security. Specifically, the two journalists highlighted the distributed denial of service attack (DDoS) against Dyn which saw waves of attacks created by Mirai malware.
“Connected devices of all sizes can [now] be amassed into an army of bots that can bring even giants like Amazon and Netflix to a dead stop,” they explained. “This attack was predicted and warned against by numerous security experts since [Mirai] was published as open source code several months earlier, but that did little to stop its progression.”
According to Sperling and Dorsch, there are not enough layers of security being built into electronics to stop these kinds of problems, and no standard way of creating them.
“What’s interesting here is that the most recent attack went well beyond the usual software and network breaches. It targeted the firmware inside [connected] devices that were secured by weak passwords. And most security experts believe this is just the beginning,” the journalists observed. “[Nevertheless], digging into firmware is more difficult because it requires access to software stored and, frequently, hidden within a chip. That’s why systems companies park their SSL keys there, along with a history of private keys that can work with those SSL keys.”
Yet, security can be compromised if the keys leak.
“If you can crack into a key, you can replace the software and remotely control the device,” Asaf Ashkenazi, senior director of product management in Rambus’ Security Division told Semiconductor Engineering. “Keys are the Holy Grail for hackers.”
Many attacks against keys require a physical component, such as a grinder, physical probes and a scanning electron microscope.
“That’s an invasive attack,” said Ashkenazi. “There also are combination attacks, where you reconstruct keys from a string of bits, not from the software.”
In addition, keys can be extracted via side-channel attacks which utilize passive methods to pick up and monitor electromagnetic activity. Indeed, as we’ve previously discussed on Rambus Press, all physical electronic systems routinely leak information about their internal process of computing.
In practical terms, this means attackers can exploit various side-channel techniques to gather data and extract secret cryptographic keys from IoT endpoints. Regardless of specific instruction set architecture (ISA), most industry security solutions on the market today can be soundly defeated by side-channel attacks. Even a simple radio is capable of gathering side-channel information by eavesdropping on frequencies emitted by electronic devices. In some cases, secret keys can be recovered from a single transaction clandestinely performed by a device several feet away.
Worryingly, millions, if not billions, of connected IoT endpoints are powered by chips that are vulnerable to side-channel attacks. Such unprotected silicon can be found in a wide range of electronic devices including wearables, medical equipment, vehicles, smart appliances and rapidly evolving smart city infrastructure. Fortunately, specific DPA countermeasure strategies can be employed to protect IoT devices and related infrastructure. These include techniques to minimize information leakage, generating noise to drown out leakage signals, the use of randomness to mask computational intermediates, algorithm and implementation obfuscation as well as the use of protocols designed to preserve secrecy even in the presence of (some) leakage.
Interested in learning more? The full text of “What’s Next for IoT Security?” can be found on Semiconductor Engineering here. You can also check out our DPA countermeasures page here and our article archive on the subject here.