How to ensure that vulnerabilities in networked devices do not cause the entire organization to appear 瘫痪

Text | Jeff Shiner Director, IoT Solutions, Micron Technology

On June 27th this year, a variant of the ransomware called Petya once again caused widespread damage. This virus spread rapidly, and WPP, the world’s largest communication conglomerate, was unfortunately affected. Many of its companies had to urgently shut down their electronic devices to prevent further infection.

How can you ensure that a vulnerability in a networked device doesn’t lead to the collapse of an entire organization? Could starting with storage provide more comprehensive protection for the Internet of Things? Let’s explore the insights from Jeff Shiner, Director of IoT Solutions at Micron Technology.

The tech industry is still reeling from the massive WannaCry cyberattacks, and individuals and IT teams are doing their best to patch devices running a very popular Microsoft operating system with known vulnerabilities.

This attack hit Spanish telecom giant Telefonica and the UK's National Health Service (NHS), not only infecting computers but also affecting other connected devices in the NHS, like MRI machines, blood storage fridges, and operating room equipment.

Unfortunately, this isn’t an isolated incident. Consider this:

Last fall, a malware called Mirai infiltrated DVRs, IP cameras, and other devices worldwide, launching significant cyberattacks, including distributed denial-of-service (DDoS) attacks. The DDoS attack initially targeted DNS provider Dyn, and then disrupted operations of major sites like Twitter, Reddit, and Amazon.

Earlier this year, hackers breached the Dallas emergency alert system, triggering alarms across the city and exposing gaps in municipal infrastructure cyber defenses.

With the rise of the Internet of Things (IoT), more critical targets are becoming the focus of cybercriminals. We need to address this proactively and plan accordingly.

According to Sage Business Researcher, the number of connected devices is expected to reach 50 billion by 2020. This number has grown alarmingly fast: in 2016, it was less than 25 billion, and in 2012, it was under 10 billion. Manufacturers have been rushing to bring IoT devices to market, often prioritizing speed over security.

Worse yet, the IoT lacks standardization, particularly compared to the PC and smartphone markets. The decentralized approach to implementing security at the system, semiconductor, and software levels leads to a fragmented landscape. Combining these options creates immense complexity. Importantly, securing one group of IoT devices doesn't enhance security for billions of others.

Efforts are underway to establish security frameworks to guide original equipment manufacturers (OEMs) in incorporating appropriate levels of security into their designs. Groups promoting these initiatives advocate integrating critical security components in hardware and software, setting up defense-in-depth strategies, and implementing other solutions to leverage the latest known protections. A notable example is the "Industrial Internet Security Framework" (IISF) document from the American Industrial Internet Consortium (IIC). Additionally, the U.S. Federal Trade Commission (FTC) has been working to address threats, urging IoT companies to adopt best security practices.

Despite all this effort, the vulnerability problem remains severe, especially for companies outside the Fortune 100 that struggle to deploy strong cybersecurity staff or allocate budgets. The lack of off-the-shelf IoT security solutions further complicates unity.

Solution: Covering the "security design" of storage

Surprisingly, one of the biggest vulnerabilities in the current IoT system lies in “code storage memory.” It might offer an easy-to-implement, potentially more secure approach to addressing this challenge. Leveraging storage technologies in innovative ways and combining them with cloud-based capabilities could create greater security.

In more advanced security attacks, malicious code is written to non-volatile storage. This typically happens on devices at the edge of the network or near the edge, meaning on the “thing” in the endpoint or IoT device. Once infected, attackers can use these devices to form larger botnets or act independently against target systems. Many of these attacks exploit known vulnerabilities that have been patched but continue to search for new “zero-day” vulnerabilities.

Another common attack strategy emerged in late 2016, including Mirai-based botnet attacks. This type of attack exploited IoT devices like DVRs, IP cameras, and home routers with unsafe default settings left by the factory. At peak times, these devices launched DDoS attacks on various websites, including Twitter, Amazon, and Reddit. Ironically, KrebsOnSecurity was also targeted.

In both of these attack strategies, device OEMs can adopt long-term solutions like redesigning the main hardware and software, deploying devices and cloud solutions to monitor device integrity, and fixing compromised devices.

However, where there are weaknesses, there are opportunities. If the key code stored in the storage can be authenticated through encryption and becomes part of the IoT device, combining this with the great features in the cloud allows for end-to-end identity authentication and encrypted firmware management. This significantly limits the ability of hackers to implant malware on devices.

Over the years, people have been using a set of features called “Root of Trust” (RoT) to enhance network security. RoT provides a security service that typically resides in a trusted computing module and can be used securely by the operating system to verify the identity and health of the device. This confirms that the device is part of the network and not infected.

So far, the burden of providing this security still falls on the CPU, SoC, and Hardware Security Module (HSM). Unfortunately, even with these components and the security they provide, hackers can still launch attacks and destroy or stop systems at all levels under the logical components of IoT devices. As the complexity of attacks increases, Advanced Persistent Threats (APTs) are becoming a more serious issue because hackers focus on the logical part of the IoT device and embed code into the device's storage.

Security can be improved by increasing the security of more parts of the solution (i.e., "defense in depth") and ensuring storage is taken into account. Moreover, this method is destined to be relatively simple, low-cost, and scalable, making it applicable to today’s IoT devices that are under constant attack.

A storage-based security protection method

Micron is exploring a way to place device ID and small encryption processing functions directly into storage. Combining these elements generates information that enables cloud computing resources to confirm the identity and health of the storage and the data it contains. In this way, the minimum boot level and load-sharing security can be enhanced by the CPU, SoC, and HSM.

This approach has been validated in the recent security partnership between Microsoft and Micron. The two companies focus on two key aspects that simplify how customers secure their IoT devices and enable device identity. The first step is creating an end-to-end secure connection built into standard hardware that allows customers to enhance system functionality through a software development kit (SDK). By leveraging a new standard called Trusted Computing Group (TCG) called Device Identity Composition Engine (DICE), Microsoft Azure IoT Cloud and Micron Authentaâ„¢ technology help ensure that only trusted hardware can access the IoT cloud.

The solution verifies the identity and health of the hardware that typically stores critical code and is expected to provide new security benefits for IoT devices. With this identity feature, the Azure IoT hub can verify whether the device’s status is “good” or “bad” and take appropriate actions, such as enabling higher-level features like device health attestation and configuration. Administrators can securely repair compromised devices on-site.

Executing IoT device authentication in storage not only provides a unique level of protection at the lowest boot level but also leverages the standard flash slots already present in billions of IoT devices. Companies can use Micron’s Authenta flash memory in their current designs and old designs to implement new security features by modifying the software. Both Microsoft and Micron have core middleware with a Software Development Kit (SDK) to enable these solutions on hosts, gateways, and even endpoints in Azure, further simplifying software resource requirements. This solution is designed to make it easier to provide secure IoT cloud management and connectivity for new platforms and devices, as well as to facilitate retrofits of older systems.

No security mechanism is perfect, but security can be improved by adding important defense-in-depth features. This is especially true today, as the Internet of Things is booming and the number of vulnerable devices on the edge of the network continues to grow. With these new solutions from Microsoft and Micron, end-to-end device management will be safer and less costly. Monitoring and managing the health of IoT devices is one of the most complex decisions companies face. It’s also very challenging to quickly eliminate known security vulnerabilities and make the cost of hacking outweigh the benefits. By leveraging optimal cybersecurity practices and a newly formed ecosystem, many companies’ security implementations should begin to become more efficient and less expensive.