Review – “The Seven Properties of Highly Secure Devices” from Microsoft

Based on our preliminary experimental experience, we are hopeful that almost any device can be redesigned to achieve high levels of device security—levels that will be critical to society’s safety in the near-future.

Seven properties of highly secure devices – https://www.microsoft.com/en-us/research/wp-content/uploads/2017/03/SevenPropertiesofHighlySecureDevices.pdf

This is the last sentence from a research paper from Microsoft “Seven properties of highly secure devices“.

I am no expert in IoT hardware, but my feeling is: Does complexity of the defense system can beat the hackers?

Why not make it simple in only a few protections, which you can really trust. The whole system will become much easier to maintain. Anyway….

This #Gossipiece will illustrate the 7 most important security properties for IoT Devices, let’s draw!

Required Properties of Highly Secure Devices with Examples.
A visualized way to show the story

The most major point from this paper is that Microsoft emphasizes that hardware is critical for IoT Device security, and even those pedestrian devices need to be upgraded with their 7 properties in design.
Looking at the 7 properties, these 3 properties are directly hardware related:

  1. Root of trust
  2. Small Trust computing base (TCB)
  3. Compartmentalization

With a new designed MCU (Micro Control Unit), such as the PoC MCU Microsoft made together with MediaTek.

The new “Pluton” Security Subsystem is acting as a piece of hardware in the MCU to drive all those extra security actions. Such as compartmentalization.

I fully support this hardware root protection Microsoft proposed. As all devices have a unique identity, a key, the best way to protect it is to let the key stay in the device, and never leaves it.

Other security properties:

  1. Defense In Depth
  2. Certificate-based authentication
  3. Renewable security
  4. Failure reporting

I have no problem with #3 and #4, these two are quite normal and basic requirements for every device.

However, I am very skeptical about Defense In Depth, I mean it makes sense if you follow the traditional cyber-defense path. But… can’t we do better?

#1Defense in depth:

Think about a complicated system with many layers of protection, doesn’t it increase the cost of maintenance of the system? If each layer of security is breakable, then what’s the point? Buying a bit more time? for what?

#2Certificate-based authentication:

The beauty of PKI (Public Key Infrastructure) is that you don’t need to hand over your private key to anyone to get yourself authenticated.

However, as an operator – user, I need to have a root certificate, and generate an intermediate certificate to let the manufacturer create leaf certificate and inject them into the device. What a complicated process… how are you going to manage all these intermediate certificates, what if the manufacturer gets copied and no know knows?

Somebody needs to solve the “broken” PKI system, if it’s not easy, I mean dummy-proof easy to use. It’s never gonna power the IoT ecosystem!

Image result for pki model
The process of how certificates are created

Image result for pki model
check this video for more info about how PKI system works:
https://www.youtube.com/watch?v=i-rtxrEz_E8

Summary

The paper from Microsoft definitely brings us to a new stage of how we see the security for IoT device, it may push the industry into more hardware focus?

I still assert the beauty of security is to make it simple, rather than complex. The one who achieves the former will definitely become the IoT saver 😉