How to ensure that vulnerabilities in networked devices do not cause the entire organization to appear 瘫痪

Text | Jeff Shiner Director, IoT Solutions, Micron Technology

On June 27 this year, a variant of the ransomware called Petya resurfaced, spreading rapidly across networks and causing significant disruptions. One of the hardest-hit organizations was WPP, the global communications giant, which had to urgently shut down several of its companies to prevent further infection of their electronic devices.

How can you ensure that a single vulnerability in a networked device doesn't bring down your entire organization? Could focusing on storage provide a more comprehensive layer of protection for the Internet of Things (IoT)? Let's explore the insights from Jeff Shiner, Director of IoT Solutions at Micron Technology.

The tech industry continues to grapple with large-scale cyberattacks like WannaCry, which exploited known vulnerabilities in widely-used Microsoft operating systems. These attacks not only affected computers but also disrupted other connected devices within organizations, such as MRI machines, blood storage refrigerators, and operating room equipment.

This isn't an isolated incident. Consider this: last fall, the Mirai malware infiltrated DVRs, IP cameras, and other IoT devices worldwide, launching massive Distributed Denial of Service (DDoS) attacks. These attacks initially targeted DNS provider Dyn, leading to disruptions in services like Twitter, Reddit, and Amazon.

Earlier this year, hackers breached the Dallas emergency alert system, triggering alarms citywide and exposing vulnerabilities in municipal infrastructure cybersecurity defenses.

As the IoT expands, more critical targets are becoming attractive to cybercriminals. We must proactively address these challenges and prepare accordingly.

According to Sage Business Researcher, the number of connected devices is projected to reach 50 billion by 2020. This growth has been rapid: in 2016, it was less than 25 billion, and in 2012, it was under 10 billion. Manufacturers are racing to bring IoT devices to market, often prioritizing speed over security.

Worse still, the IoT lacks standardization, particularly compared to the PC and smartphone markets. The decentralized approach to implementing security in IoT devices creates a fragmented landscape, complicating efforts to achieve uniform security standards. Enhancing security for one group of IoT devices doesn’t necessarily protect others.

There are ongoing efforts to establish security frameworks guiding Original Equipment Manufacturers (OEMs) to integrate appropriate levels of security into their designs. Groups advocating these initiatives emphasize integrating critical security components in hardware and software, setting up multi-layered defenses, and adopting other strategies to leverage the latest solutions. A notable example is the "Industrial Internet Security Framework" (IISF) document published by the American Industrial Internet Consortium (IIC). Additionally, the U.S. Federal Trade Commission (FTC) has been urging IoT companies to adopt best security practices since 2015.

Despite these efforts, the vulnerability issue remains severe, especially for smaller companies outside the Fortune 100, which struggle to hire strong cybersecurity personnel or allocate sufficient budgets. The lack of off-the-shelf IoT security solutions further complicates matters.

Solution: Rethinking Storage-Based Security Design

Surprisingly, one of the biggest vulnerabilities in today’s IoT systems lies in “code storage memory.” It might offer an easily implementable and potentially more secure approach to addressing this challenge. By leveraging storage technologies in innovative ways and combining them with cloud capabilities, it’s possible to create stronger security measures.

In advanced security attacks, malicious code is often written to non-volatile storage. This typically occurs on devices at the edge of the network or near it—essentially on the “things” in IoT endpoints. Once these devices are compromised, attackers can use them to form larger botnets or execute attacks independently. Many of these attacks exploit known vulnerabilities, while others search for new “zero-day” vulnerabilities.

Another common attack strategy emerged in late 2016, including Mirai-based botnet attacks. These attacks targeted IoT devices like DVRs, IP cameras, and home routers that left factory-default settings insecure. At their peak, these devices launched DDoS attacks on various websites, including Twitter, Amazon, and Reddit. Ironically, even KrebsOnSecurity was targeted.

In both types of attacks, OEMs can adopt long-term solutions such as redesigning hardware and software, deploying cloud-based monitoring, and fixing devices when they’re compromised. However, where there are weaknesses, there are opportunities. If the key code stored in the storage is authenticated via encryption and integrated with the IoT device, combining this with cloud-based features allows for end-to-end identity authentication and encrypted firmware management, significantly limiting hackers’ ability to implant malware on devices.

Over the years, people have relied on a set of features called "Root of Trust" (RoT) to enhance network security. RoT provides a security service typically residing in a trusted computing module, allowing the operating system to securely verify the identity and health of the device, thereby confirming that the device is part of the network and not infected.

So far, the burden of providing this security falls on the CPU, SoC, and Hardware Security Module (HSM). Even with these components and the security they offer, hackers can still launch attacks and disrupt or disable systems at all logical levels of IoT devices. As attacks grow more sophisticated, Advanced Persistent Threats (APTs) are becoming a bigger concern, as hackers focus on embedding code into devices.

Security can be improved by enhancing the security of more parts of the solution ("defense in depth") and ensuring storage is considered. This method is destined to be relatively simple, low-cost, and scalable, making it applicable to today’s IoT devices under constant attack.

A Storage-Based Security Approach

Micron is exploring ways to embed device ID and small encryption processing functions directly into storage. Combining these elements generates information that enables cloud computing resources to confirm the identity and health of the storage and the data it holds. This enhances minimum boot-level and load-shifting security, supplementing the CPU, SoC, and HSM.

This approach has been validated through the recent security partnership between Microsoft and Micron. The two companies focused on two key aspects to simplify securing IoT devices and enable device identity. First, they created an end-to-end secure connection built into standard hardware, allowing customers to enhance system functionality through a software development kit (SDK). Leveraging a new standard called Trusted Computing Group (TCG) called Device Identity Composition Engine (DICE), Microsoft Azure IoT Cloud and Micron Authentaâ„¢ technology help ensure only trusted hardware can access the IoT cloud.

The solution verifies the identity and health of the hardware, typically used to store critical code, and is expected to provide new security benefits for IoT devices. With this identity feature, the Azure IoT Hub can verify whether the device's status is "good" or "bad" and take appropriate actions, such as enabling higher-level features like device health attestation and configuration. Administrators can securely repair compromised devices on-site.

Executing IoT device authentication in storage not only provides a unique level of protection at the lowest boot level but also leverages the standard flash slots already present in billions of IoT devices. Companies can implement new security features in their current and legacy designs by modifying software. Both Microsoft and Micron have core middleware with an SDK to enable these solutions on hosts, gateways, and even endpoints in Azure, further simplifying software resource requirements. This solution is designed to make it easier to provide secure IoT cloud management and connectivity for new platforms and devices, as well as to retrofit older systems.

No security mechanism is perfect, but adding important defense-in-depth features can significantly improve security. Today, as the IoT grows and the number of vulnerable devices at the edge of the network increases, these new solutions from Microsoft and Micron will make end-to-end device management safer and less costly. Monitoring and managing the health of IoT devices is one of the most complex decisions companies face. It’s also challenging to quickly eliminate known security vulnerabilities and make the cost of hacking exceed the benefits. By leveraging optimal cybersecurity practices and a newly formed ecosystem, many companies' security implementations should start becoming more efficient and less expensive.

The WiFi 6 Outdoor Wireless AP is a wireless access point for outdoor environments that uses the latest WiFi 6 technology to deliver higher speeds, more capacity, and better performance. The benefits of WiFi 6 Outdoor Wireless AP are described in detail and analyzed in depth below.

First, higher speed:
WiFi 6 Outdoor Wireless AP uses the latest 802.11ax standard to support higher data transfer rates. Compared to the previous WiFi 5 technology, WiFi 6 can achieve higher peak speeds, up to 10Gbps. This means users can enjoy faster download and upload speeds, smoother online gaming and high-definition video viewing experiences.

Second, larger capacity:
The WiFi 6 Outdoor Wireless AP uses OFDMA technology to divide wireless signals into multiple sub-channels to serve multiple devices at the same time. Compared to the previous WiFi 5 technology, WiFi 6 can connect more devices at the same time, providing greater network capacity. This is important for modern homes and businesses as the number of devices we have increases and the demand for network capacity increases.

Third, better performance:
The WiFi 6 Outdoor Wireless AP introduces an improved version of MU-MIMO technology that can communicate with multiple devices simultaneously. This means that users can enjoy a more stable and reliable wireless connection, whether in a home environment or an enterprise environment. In addition, WiFi 6 also introduces BSS Coloring technology, which can reduce interference between neighboring networks and improve network performance and throughput.

4. Lower latency:
The WiFi 6 Outdoor Wireless AP uses Target Wake time (TWT) technology to synchronize the wake time of the device with the time of the wireless transmission. This means the device can wake up quickly when it is needed and go to sleep when it is not, reducing latency in wireless transmission. This is important for real-time applications, such as online gaming and video conferencing, to provide a better user experience.

Five, better security:
WiFi 6 Outdoor Wireless AP introduces the WPA3 security protocol, which provides stronger encryption and authentication mechanisms to protect users' wireless networks from hackers and malicious attacks. In addition, WiFi 6 also supports more security features such as encryption for OFDMA and MU-MIMO, as well as stricter access control and user authentication.

Six, better coverage:
The WiFi 6 Outdoor Wireless AP uses more advanced antenna design and signal processing technology to provide wider wireless coverage. This is very important for outdoor environments, which can cover a larger area and meet the needs of users for wireless networks.

In summary, the WiFi 6 Outdoor Wireless AP offers higher speeds, more capacity, better performance, lower latency, better security, and better coverage. It is an advanced wireless access point for outdoor environments that can meet the needs of users for high-speed, high-capacity, high-reliability wireless networks. As the number of Wireless devices increases and the requirements for network performance continue to increase, WiFi 6 Outdoor Wireless AP will become an important part of the wireless network of the future.