5 Core Vulnerabilities

are in the IoT device you’re developing,

and SPYRUS has the solution to each one.

Vulnerability # 1

Hardware

Problem:

Much of the IoT hardware has not be design to include high-level security because of cost constraints and physical form factor. From our perspective, the single most important factor to review in this type of IoT hardware is the memory and how it can be secured. Why? The storage of unprotected cleartext usernames, passwords and other credentials is probably the most significant weakness.

Even if by chance there is some type of hardware security designed in the IoT device, the storage and protection of the hardware keys is critical and most likely doesn’t follow the most robust security practices regarding encryption and integrity protection. Hardware components such as memory may be vulnerable to direct access and may be hijacked. We should simply look back to the problems encountered in the PC industry over the years for real world examples that will likely be very similar for IoT computing devices.

Solution:

While SPYRUS Security in a Box can’t fix all hardware vulnerabilities, our Rosetta enabled USB and microSD interface, built on FIPS 140-2 Level 3 validated SPYCOS (SPYRUS Cryptographic Operating System) provides a hardware –based root of trust the necessary defence in depth architecture to existing IoT hardware designs.

Vulnerability # 2

Software

Problem

The computer industry learned that software is vulnerable to unauthorized access attacks to obtain embedded security-sensitive assets such as cryptographic keys and passwords long ago. Software can easily be replaced in conventional attacks that substitute legitimate code with attacker-friendly versions if no security mechanisms are designed in. The result can be software that is modified to produce denial of service events in the IoT domain, as we recently witnessed in the Malai attack. Inadequate software/firmware protection is a significant area of concern in the IoT systems and especially in the area of firmware and software updates and the security mechanism, if any, used.

Solution:

SPYRUS Security in a Box “live drive bundle” provides the Trust Framework to interface to IoT sensor devices. The operating system software can be configured to operate in hardened read-only mode of operations that will never persistently store unwanted updates. System services can interface to operations that unlock the live drive so that authenticated patches can be updated and upon completion returned to a trusted known media state of operation.

Vulnerability # 3

Application Data

Problem:

Just like a PC, IoT application can be intercepted and reprogrammed during transit prior to loading on the end point IoT device using a man-in-the-middle type attack. Additionally, Trojan horse applications can be loaded by unsuspecting users or legitimate applications can be updated by a Trojan horse application. Just like a PC, a virus can be used to infect the IoT device before, during or after loading it.

Application-level protocols such as machine-to-machine (M2M) protocols used in automotive, trucking and other transports applications, retail banking, environmental monitoring, health monitoring devices, medical implants and RFID devices may lack defence against networks and data at rest attacks. This has been widely demonstrated at the more recent hacker conferences.

Solution

SPYRUS Security in a Box protects the application data through newly patented NcryptNshare security applications that can digitally sign and encrypt applications prior to distribution and decrypt only after the payload has been validated and verified. If the payload application was modified, it will not be validated and will not decrypt the applications hence protecting the IoT device and network from the attempted malicious act.

Vulnerability # 4

Network Connection

Problem:

IoT communications primarily depend upon networks that have been servicing business and industry for decades. In doing so, there may be inherit vulnerabilities that exist in the underlying communications and control layers. There is also no doubt that network interception and disruption of services become much more vulnerable in IoT communication networks caused by the utilization of wider Internet access. Protocols and network authentication services likely lack security strength to defend against or filter out hostile attacks on IoT access to service and security of delivery.

Solution:

SPYRUS Security in a Box protects the network connections utilizing secure channel authentication technologies that pass critical security parameters only in protected FIPS 140-2 Level 3 communications mode and newly patented multi-factor split knowledge authentication security technologies that are used to create a secure network or machine mesh network to prevent hijacking for unitended purposes.

Vulnerability # 5

Data in Transit & Data at Rest

Problem:

When we look forward to the year 2020, the market experts, like Gartner, are forecasting well over 20B IoT devices being deployed that will be sending data to the cloud. This type of expansive network lends itself quite easily to opening the way to unauthorized access and unauthorized disclosure of sensitive data in transit and data at rest IF security is not taken in serious consideration. The general lack of hardware key protection, authentication and data encryption in cloud services will be used to exploit the web interface and open the gateway to unauthorized access to endpoints collecting and forwarding data and/or cloud services that are aggregating and storing big data.

Solution:

SPYRUS Security in a Box protects the data in transit and data at rest through patented security technologies that include hardware encryption, hardware authentication, and a suite of security processes referred to as NcryptNshare SKD (which was originally developed to for applications to protect classified data). SPYRUS unique KeyWitness© mode of security operations provides non-repudiation, data protection, verification of the originator, and validation that the data content was not altered prior to decryption, providing the ultimate solution to protect data in transit and data at rest.

Rosetta Hardware Security Module – An Anchor of Trust

Enforcement within any strong security solution must be anchored in some point of trust. There must be something you trust to hold up to and defend against the threat environment within which you are trying to establish a secure solution. SPYRUS’s family of hardware roots of trust, encompassing embedded devices through Rosetta enabled devices and applications provide IoT developers and systems integrators with a complete operating environment and security functions.

ROSETTA_dime_SML1
1
FIPS 140-2 Level 3 HSMs

Within every SPYRUS HSM there is a FIPS 140-2 Level 3 certified Rosetta SPYCOS® security controller to which all security is anchored. As a hardware trust anchor, this controller provides superior protection to any software trust anchor that can be provided. The cryptographic security boundary of this controller is the die itself, so that it can be embedded in other products for specialized applications. This is the trust anchor embedded in all the various form factors of the SPYRUS HSM product family.

2
“Plug & Play” Security

SPYRUS provides a full suite of HSM form factors to meet you various hardware and solution requirements. With each HSM, you will also receive:

  • Access to the SPYRUS SDK library and training guides to assist in the development of your security solution;
  • Support from SPYRUS, which includes management teams that have been developing some of the most complex hardware security solution for the past 20 years;
  • Certification with Microsoft Azure IoT cloud solutions.is the trust anchor embedded in all the various form factors of the SPYRUS HSM product family.
3
Hardware Enabled Secure Storage
& Sharing Applications

In addition to the family of FIPS certified HSMs, SPYRUS has easy to use software for hardware-based file encryption & sharing. NcryptNshare™ is a suite of applications that work with any SPYRUS Rosetta enabled device to allow you to encrypt your files and control access in the cloud or wherever they are stored. It ‘seals’ the file closed and can detect if a file has been tampered with (for instance by malware), and by owning the key, only you control access to the file.

SPYRUS HSM’s for the Internet of Things

001_microsdhc-copy

microSDHC

Linux2Go_sml2

Linux2Go

Rosetta_USB-copy2

Rosetta USB

01a_pocketvault_p3x-300x150

Pocket Vault P-3X

Learn More

Do you want to learn more on SPYRUS solutions for the Internet of (Secure) Things?

Download the SPYRUS IoT White Paper!

Download

SPYRUS Security in a Box®

Security-in-a-Box-logo_SML

SPYRUS has been at the forefront of hardware based security products, espousing open standards as well as a common interface across product platforms.  Figure 1 is a  high level overview of the SPYRUS “Security in a Box” concept for securing all aspects of an IoT application from raw data ingest through storage and security for cloud based analysis and dissemination of results.  The graphic below is a snapshot of the salient features of SPYRUS products supporting IoT security functions across a wide range of applications and venues.

Promoting Transparency across the Internet of Things

SPYRUS_IoT_Diagram_HI

SPYRUS 4 Raspberry Pi

pi_logo
raspberrypi

The SPYRUS Security in a Box® SDK offers unparalleled security enhancements for the very popular Raspberry Pi.  SPYRUS has the first products on the market providing a Class 10 microSDHC with 4/8/16 GB flash with a dedicated cryptographic security controller.  Adding a hardware security module to an embedded system has never been easier!  Boot from a secure microSDHC, generate strong random numbers, protect your keys from being stolen, execute cryptographic algorithms in a trusted environment, authenticate to Azure using TLS and SASTokens and use many of the other plug-and-play features available in the SDK.

Security in a Box

Are you going to use a SPYRUS Security solution for the IoT?

Get in touch with us, and we’ll help you to choose the right one. For further information, you can browse the SPYRUS Developer website!