Building Secure IoT Devices with Crypto-Agility

The Internet of Things (IoT) – besides the ambiguous buzzword – is generally used to describe a trend toward devices becoming more connected, particularly non-traditional devices like household appliances, connected cars, industrial machines, and implanted or wearable medical devices.

Emergence of these Internet-ready products is driving the need for manufacturers to understand how they can securely build, deploy and update their fleets at scale. Unlike traditional devices – servers, laptops, and mobile phones – IoT devices often times don’t have sufficient compute power or storage to run bulky software, making them much more difficult to secure.

Recent attacks like Mirai and Dyn have proven existing safeguards ineffective, particularly hard-coded, static passwords. Hackers exploit these vulnerabilities to take control of devices, cause denial of service, or move laterally into networks. And they’re are just getting started. The world of IoT is a hacker’s playground that only continues to grow as billions more connected devices enter our homes and workplaces — which begs the question: who is responsible for IoT security?

Not only are device manufacturers responsible for the functionality and security of their devices from the moment they leave production – privacy and security have also become product differentiators. Highly publicized breaches have made consumers and enterprises more aware of their risks, making security a critical consideration for purchase and procurement.

Consider healthcare IoT, for example. The FDA states that, while hospitals are responsible for securing their systems, manufacturers “are responsible for remaining vigilant about identifying risks and hazards associated with their medical devices, including risk related to cybersecurity.” Cybersecurity has even become part of the FDA pre-market approval process.

Identity is the foundation to secure IoT devices. To protect data at rest and in transit, and authenticate connections between multiple components of the IoT ecosystem (i.e. IoT devices, mobile apps, gateways, cloud apps), device designers must architect identity into their systems from the start.

In the world of IoT, the leading method to securely tag a device with a unique identity is with cryptographic keys and digital certificates. By cryptographically binding an identity to hardware, devices can authenticate connections with other systems, encrypt data, and verify the integrity of code and firmware updates. With this unique ID, both manufacturers and end users can also verify the authenticity of each device and track the device throughout its lifecycle.

Initial identity is just the start though. IoT deployments require large-scale management and protection of certificates and their associated private keys. All of this must be supported by a well-architected public key infrastructure (PKI).

PKI is increasingly recognized as an authentication technology for IoT, with 42% of IoT devices expected to rely primarily on digital certificates in the next two years. Why? Because PKI has proven effective at scale, certificates can use cryptographic keys with validity periods that far exceed the usable lifetime of passwords, and lightweight public key algorithms, such as Elliptic Curve Cryptography (ECC), are well suited for resource-constrained IoT devices.

There’s just one problem, though. Just like passwords, cryptographic algorithms do still weaken over time. With enough resources, attackers can exploit cryptographic weaknesses, threatening to disrupt the integrity or functionality of devices already deployed in the field. Careful consideration must be taken by the device manufacturer when selecting cryptographic algorithms and methods to manage those algorithms over time, especially for devices that can impact human health and well-being.

With some IoT product lifecycle expectations of 10-15 years or more, and warranty periods extending well into those timelines, device manufacturers need a solid methodology to update or “swap out” keys and certificates, should they be rendered ineffective by crypto-vulnerabilities such as weak algorithms (e.g. SHA-1, MD5), crypto-library bugs, or advances in quantum computing.

Manufacturers must have a strategic plan for crypto-agility, including:

• Inventory and assessment of all cryptographic algorithms used in IoT devices and applications, including those provided by third-party components and subsystems
• Adherence to industry recommendations for cryptographic options, referencing trusted public standards such as RFC 7696, FIPS 140-2, or NIST (See Lightweight Cryptography Project)
• A security breach response plan, including an algorithm refresh frequency and replacement procedure for both online and offline IoT devices
• Regular review and updates to crypto-agility plans – to capture any new devices, unknown weaknesses or blind spots

Most IoT devices will extend beyond the effectiveness of the cryptographic algorithms they rely on. So, how can manufacturers securely update their devices to prevent security breaches or device recalls? The answer is crypto-agility.

Gain complimentary access to the Gartner Research Report, Better Safe Than Sorry: Preparing for Crypto-Agility, to learn more about:

• Crypto-agility basics and examples (SHA-1 migration, quantum computing threats)
• Top crypto-vulnerabilities that threaten your IoT devices
• How to develop a crypto-agility plan and start preparing today