Based on our preliminary experimental experience, we are hopeful that almost any device can be redesigned to achieve high levels of device security—levels that will be critical to society’s safety in the near-future.Seven properties of highly secure devices – https://www.microsoft.com/en-us/research/wp-content/uploads/2017/03/SevenPropertiesofHighlySecureDevices.pdf
This is the last sentence from a research paper from Microsoft “Seven properties of highly secure devices“.
I am no expert in IoT hardware, but my feeling is: Does complexity of the defense system can beat the hackers?
Why not make it simple in only a few protections, which you can really trust. The whole system will become much easier to maintain. Anyway….
This #Gossipiece will illustrate the 7 most important security properties for IoT Devices, let’s draw!
The most major point from this paper is that Microsoft emphasizes that hardware is critical for IoT Device security, and even those pedestrian devices need to be upgraded with their 7 properties in design.
Looking at the 7 properties, these 3 properties are directly hardware related:
- Root of trust
- Small Trust computing base (TCB)
With a new designed MCU (Micro Control Unit), such as the PoC MCU Microsoft made together with MediaTek.
The new “Pluton” Security Subsystem is acting as a piece of hardware in the MCU to drive all those extra security actions. Such as compartmentalization.
I fully support this hardware root protection Microsoft proposed. As all devices have a unique identity, a key, the best way to protect it is to let the key stay in the device, and never leaves it.
Other security properties:
- Defense In Depth
- Certificate-based authentication
- Renewable security
- Failure reporting
I have no problem with #3 and #4, these two are quite normal and basic requirements for every device.
However, I am very skeptical about Defense In Depth, I mean it makes sense if you follow the traditional cyber-defense path. But… can’t we do better?
#1Defense in depth:
Think about a complicated system with many layers of protection, doesn’t it increase the cost of maintenance of the system? If each layer of security is breakable, then what’s the point? Buying a bit more time? for what?
The beauty of PKI (Public Key Infrastructure) is that you don’t need to hand over your private key to anyone to get yourself authenticated.
However, as an operator – user, I need to have a root certificate, and generate an intermediate certificate to let the manufacturer create leaf certificate and inject them into the device. What a complicated process… how are you going to manage all these intermediate certificates, what if the manufacturer gets copied and no know knows?
Somebody needs to solve the “broken” PKI system, if it’s not easy, I mean dummy-proof easy to use. It’s never gonna power the IoT ecosystem!
The paper from Microsoft definitely brings us to a new stage of how we see the security for IoT device, it may push the industry into more hardware focus?
I still assert the beauty of security is to make it simple, rather than complex. The one who achieves the former will definitely become the IoT saver 😉