[From the last episode: we looked at securityRefers to whether or not IoT devices or data are protected from unauthorized viewers. at many levels of the communications stackRelated to communications: A way of organizing parts of a complicated process (like communications) so that any task relies on tasks below it and feeds the tasks above it. Related to computing: A place in memory where you store “where was I?” information when you go from, say, one function into another. Before starting a new function, you store where you were in the old one so that, when the new function ends and you’re back in the old one, you can figure out where you were and continue on..]
We’ve talked a lot about security in communications and stored data. But what about when computing? A processor brings instructions and data in from memory, and, done in a sloppy fashion, unwelcome viewers might get access to that data while it’s in use. In particular, they might get to see keysA number used to encrypt (or encode) information so that no one can read it. Keys are used when encoding and decoding. You shouldn't have to mess with keys yourself..
So let’s talk about a couple approaches to reduce this risk. We’ll start with a metaphor.
Drugs Please!
At a medical facility, the various practitioners need to be able to get drugs for their patients. At first, it’s really simple: there’s a cabinet with the drugs in them, and authorized people can get drugs simply by going to the cabinet. Problem is, since there’s no lock on the cabinet, anyone – authorized or not – can get them. And they do; stuff goes missing. So we need something better.
They build a caged-off area. Someone highly trusted works inside. When a practitioner needs drugs, they go to the little window and make the request. They tell the person doing the dispensing what their personnel code is; that person looks at a list of approved codes to make sure that the requestor is legit. Problem is, that list is often visible from outside the cage. When the dispenser turns his back, a requestor can make note of approved codes and use them in an unapproved way.
So they build a vault inside the cage. As they’re building it, they select a super-trusted person to be inside. Once built, no one or nothing can get in or out. There’s a numeric touch-pad outside, and now the person dispensing drugs takes the code and types it into the pad. The person inside the vault has the list and checks the number against the list. If approved, she hits a button and the dispenser sees a green light. If not approved, she hits a different button to illuminate a red light.
No one outside that inner sanctum sees the actual list; they see only whether the number they enter is ok. And they’re finally secure. Problem is, there’s no way to get food or water into the cage, so they have something of a personnel problem… which is where the metaphor breaks down.
Trusted Environments
Something akin to this has happened to computer processorsA computer chip that does computing work for a computer. It may do general work (like in your home computer) or it may do specialized work (like some of the processors in your smartphone).. There are actually two separate things: a so-called trusted execution environmentA separate area inside a processor where trusted software can run, with access to all resources. Software running outside that area has to access resources through the trusted area; it can’t do so directly. and a hardwareIn this context, "hardware" refers to functions in an IoT device that are built into a silicon chip or some other dedicated component. It's distinct from "software," which refers to instructions running on a processor. root of trust (sometimes called a hardware security module when attached to a computer). The first is equivalent to the cage in the metaphor above; the second corresponds to the vault. They can be used together or separately (but you get the best security with both of them).
A trusted environment effectively walls off part of the processor (or a separate processor). Only super trusted softwareIn this context, "software" refers to functions in an IoT device that are implemented by running instructions through some kind of processor. It's distinct from "hardware," where functions are built into a silicon chip or some other component. gets to run there, and it has access to all the memory and other resources of the device. Anything untrusted has to run outside that “cage.” If that untrusted software needs some resources, it has to ask for them from the trusted area – just like getting drugs through the window of the cage.
Then there’s all the super-secret stuff that goes along with security; things like keys and certificates. If they’re just stored somewhere, then someone might get access to them. For instance, if the processor needs to encrypt a message with a key, then it needs the key. While retrieving the key, someone else might see it.
Instead, the systemThis is a very generic term for any collection of components that, all together, can do something. Systems can be built from subsystems. Examples are your cell phone; your computer; the radio in your car; anything that seems like a "whole." designer can lock down the keys and other critical artifacts in special hardware – the hardware root of trust. Once in there, there’s no way to get them out. Instead of getting a key and encryptingEncryption refers to encoding and decoding (or encrypting and decrypting) data so that it can't be read unless you have the right key. It's critical for good security. a message, the main processor would instead give the message to this secure hardware and it would do the encrypting, without ever showing anyone the key it’s using.
The Pros and Cons
Having one or both of these two capabilities definitely helps with security. But the details depend on the type of system using it. Credit cards that have “chips” use a hardware root of trust. That chip is called a secure element, or SE, and it is small, cheap, and very restricted in what it can do. On full-blown computers, these things are more capable, and they’re called trusted platform modules, or TPMs.
IoTThe Internet of Things. A broad term covering many different applications where "things" are interconnected through the internet. devices fall somewhere in the middle between computers and credit cards. There are chipsAn electronic device made on a piece of silicon. These days, it could also involve a mechanical chip, but, to the outside world, everything looks electronic. The chip is usually in some kind of package; that package might contain multiple chips. "Integrated circuit," and "IC" mean the same thing, but refer only to electronic chips, not mechanical chips. available specifically for this purpose, but I’m not aware of a general name for them. But their job is to handle all of the security tasks. You can store things in them, but, in true Hotel California style, once inside, those things can never exit the building. They may even be protected so well that, if someone tries to break in and see the contents by force (something we’ll look at next), the contents will be erased. Very Mission Impossible!
The downside is that both TEEs and hardware roots of trustA chip of some sort that stores security artifacts like keys and certificates. It can perform the security operations itself so that those artifacts never have to (and can never) leave the chip. require larger chips than something less secure would need. That adds to cost, to powerThe rate of energy consumption. For electricity, it’s measured in watts (W)., and maybe to size. That might not be a problem for big serversA computer with a dedicated purpose. Older familiar examples are print servers (a computer that controls local printing) and file servers (a computer used for storing files centrally). More modern examples are web servers (the computers that handle your web requests when you use your browser) or application servers (computers dedicated to handling the computing needs of a specific application). Servers are often powerful, expensive machines since they have to handle a heavy load. in the cloudA generic phrase referring to large numbers of computers located somewhere far away and accessed over the internet. For the IoT, computing may be local, done in the same system or building, or in the cloud, with data shipped up to the cloud and then the result shipped back down., but for small IoT devices, it could be an issue. It’s most likely that your smart-home gadgets don’t use these things. You might find more of them in industrial settings, but it’s not clear that they’re widespread. At least not yet.
It’s the classic situation where you may have to make a choice between paying more for better security or paying less and taking the risks. At present, if super-secure devices aren’t even available, you might not even have that choice…
Leave a Reply