Securing MCU RTOS for the Internet of Things
Many IoT devices that are activated now will remain in service for many years, depending on the application. For example, utility meters are rarely changed. Communications infrastructure is designed to be compatible and operational for fifty years. Electrical transmission systems last thirty years or more. Homes, offices, industrial buildings, and other structures are intended to last indefinitely with retrofits in terms of decades. If these new systems are not secure now, they could be disposable very quickly as threats grow.
To preserve user investments in smart devices and protect them from intrusion, security is an essential requirement for all new devices. Of the 50 billion IoT devices expected to go onto the Internet in the next few years, a huge percentage of them will be microcontrollers or small microprocessors with limited resources. Fortunately, these small devices can be more secure than much larger devices because they are more easily protected and are not subject to the same type of threats. This does not mean that security is easy, just that it is not as difficult if you properly exploit the features of MCUs and small MPUs. The remainder of this article discusses how to protect small devices on the Internet of Things.
Necessary IoT security features
To completely lock down an MCU or small MPU the following security features are generally required, although some may not be necessary for every system. Security using standard information technology security solutions are the core security mechanisms for deeply embedded MCU and MPU products. These security protocols include:
IPSec / VPN
Secure bootloader and automatic fallback
Secure wireless links
Encryption and decryption
Encrypted file system
DTLS (for UDP-only security)
TLS, IPSec/VPN, HTTPS, Secure wireless links, and DTLS are all means to secure communications links. SFTP provides secure file transfer while SSH provides secure remote access and Secure email provides email services over encrypted links.
A secure bootloader with automatic fallback ensures that the system cannot be corrupted. SNMPv3, encrypted data, and an encrypted file file system protect data through encryption either locally or as it is about to be transferred to another machine. Filtering is really a firewall feature, intended to keep out unwanted and uninvited guests. Each section and each item will be discussed after a discussion on system level security.
Security is only as strong as its weakest link or component. To make a system secure, all the various communication channels, all the file transfer, all the data storage, and any means to update anything must be secure as well. In the case of systems with dynamic loading, modification of executable files and other other sophisticated features, security is difficult. Imagine the following scenario:
1. An intruder moves a file onto the machine using email, ftp or some other means.
2. The file is dynamically loaded and when it runs, it corrupts other executable files. It then cleans up and deletes itself.
3. If the virus is new or unknown to the system, it won't be recognised as a virus and will pass into the system and infect it.
|Related Articles||Editor's Choice|