Developers face a host of challenges when implementing a robust security model for Internet of Things (IoT) devices and gateways. At the very least, poor security can allow denial-of-service attacks, corporate espionage, theft and brand damage. More serious problems, such as injury or death, might occur with applications targeting equipment like automotive software and industrial equipment. For example, the Stuxnet attack led to destruction of a large number of nuclear centrifuges in Iran.
At the JavaOne Conference, Luca Dazi, senior software developer at Eurotech, elaborated on the threat model and offered best practices for implementing better security into an IoT gateway.
The need for dynamic security
A major challenge developers face, Dazi said, lies in implementing an architecture for reading, controlling and dynamically updating IoT gateway and device software in a secure way. One developer at the show noted that a gas pump controller could not be updated without replacement, which typically occurs every five years.
This could pose a challenge if other components in the software architecture are compromised and need to be replaced. For example, the recent Heartbleed bug resulted in the revocation of security certificates. This could lead to widespread security vulnerabilities if the software and credentials are hard coded into IoT devices.
Different realms of IoT device protection
The IoT gateway is a device in the field responsible for gathering data from sensors and communicating with actuators when something needs to be controlled. It could be installed in a home, an industrial control system or an automobile. All the data required should be gathered by the gateway and provide developers secure I/O access to individual devices.
Dazi said a best practice is to create a security framework that uses public key cryptography to authenticate communications with remote devices and gateways. This can help prevent the possibility of hackers gaining access to data from IoT devices. It also can make it more difficult for hackers to send unauthorized control signals to IoT devices or leverage IoT devices to launch denial-of-service attacks on IoT-related infrastructure.
Dazi said it is also important to think about implementing IoT software to reduce the risks that unauthorized software could be side-loaded onto the device. One good approach is to leverage a public key cryptography framework that uses public key cryptography to certify new software updates before installation.
Another good practice, Dazi said, is to generate unique passwords for each device. One approach is to prime the key generation algorithm with the unique MAC address to generate different public and private keys. "You need different sources of variants that are combined to generate the master password," he said. "We want to make it more difficult to retrieve this password by malicious deed."
Take advantage of Eclipse Kura and Everyware Software Frameworks
Dazi said developers can take advantage of Eclipse Kura and the Everyware Software Framework (ESF) to implement a solid security model for an IoT gateway and device. These frameworks make it easier to implement cloud applications that securely communicate with IoT devices. Also, ESF includes a model for securely updating configurations and device applications in the field.
The Eclipse Foundation has baked a number of basic security mechanisms into the Eclipse Kura framework. It also provides an abstraction layer to allow developers to create basic application logic that can be deployed across different hardware models for devices and gateways. Dazi said Kura makes it easier for Java developers to implement a basic security model.
Kura includes a security service, a certificate service, a secure sockets layer (SSL) manager and a cryptography service. The security service offers APIs to manage security policies and start script consistency. The certificate service APIs are used to retrieve, store and verify certificates for SSL, device management and bundle signing. The SSL manager manages SSL certificates, trust stores and private and public keys. The cryptography APIs are used to encrypt and decrypt secrets and to retrieve the master password.
The basic Kura framework provides good security architecture for protecting communications with IoT devices and gateways. But there is limited support for securely updating and configuring devices from a cloud application. To address this gap, Eurotech open-sourced ESF, a tool which can be used along with Kura. ESF adds support for advanced security, remote access via virtual private network, diagnostics and bundles for specific vertical applications.
ESF leverages the basic Kura security APIs to make it easier to write Java applications that can ensure the integrity and security of new software bundles. A security manager component can check for environmental integrity. This can ensure that no one has tampered with files prior to running. ESF can also enforce runtime policies to deny execution of particular services or the import/export of specific packages. This makes it harder to hackers to access the service for retrieving the master password from the device.
Another good strategy is to leverage a cloud service to simplify the update and management of remote devices. "If you have thousands of devices in the field, you don't want to update them one after the other, and you don't want to update them all at once," Dazi said. "With batch operations, you can set a batch job in the cloud, and the cloud solution will work through the batches until the job is complete."
What challenges have you faced when setting up an IoT gateway? Let us know.
The IoT gateway battle begins
Dell launches IoT gateway products
Toolkit can help enable IoT security