Three-Tiered Security for the Internet of Things
Mitchell Gracie posted on June 28, 2019 |
As connected IoT devices increase, new security breaches are being discovered and exploited.

In the age of the Internet of Things (IoT) and IoT-enabled devices, the world is becoming more connected. Whether through outlets, lightbulbs, cars or baby monitors, the miniaturization of electronics has allowed consumers to experience that connectivity in everyday technology that has been integrated with sensors, antennae and processors that herald the new age of technological innovation.

The projected growth for connected devices into 2025. (Image courtesy of Statista.)
The projected growth for connected devices into 2025. (Image courtesy of Statista.)

By 2020, the world can expect roughly 31 billion IoT-enabled devices to be online, according to Statista. Compared to today, that is an increase of almost 5 billion devices, all of which are harvesting and analyzing data every second of every day.

With billions of these devices expected to turn online over the next year alone, concerns about the security and privacy of the data harvested continue to rise. In March of 2019, a report from SonicWall showed that attacks on IoT devices have increased by 217 percent between 2017 and 2018. In fact, there was a record-high of 10.52 billion attacks in 2018 alone, according to the same report.

Not all malicious attacks on IoT products can be regarded as due to poor security hygiene—that is, protected by only factory-settings or with commonly used passwords. Attacks are getting more sophisticated with each passing year, and as the numbers and types of connected devices grow, new opportunities for hackers to breach security are being discovered and exploited. With more and more attacks, the market needs solutions that protects connected devices.

While there are concerns about relying on cloud services to analyze data and about the vulnerability of data between sensor and the cloud, edge computing has proliferated a new set of solutions to secure analytics.

By mixing cloud and edge computing, there are three ways the Internet of Things can be improved:

  • More secure design in the hardware of connected devices.
  • Smarter software development with security always in mind.
  • Better security protocols in the networks that channel data harvested from IoT-enabled devices.

Avnet and Microsoft Azure have recently partnered together to build on this framework and provide a service through Azure Sphere that ensures better security and privacy for all connected devices in its ecosystem.

Better, More Secure Hardware—MCUs

The foundation of IoT’s success can be attributed to progresses in the development of microcontroller units (MCUs). According to IoTAgenda, an MCU is “a compact integrated circuit designed to govern a specific operation in an embedded system. A typical microcontroller includes a processor, memory and input/output (I/O) peripherals on a single chip.” MCUs are found inside nearly every common sensor within IoT networks, so if the Internet of Things is to be more secure, it requires more secure MCUs.

Presently, MCUs are vulnerable due to variations in design and security protocols that create weak points of which malicious agents can take advantage. This happens when the MCU’s hardware has not been designed along with the software it uses nor the cloud ecosystem with which it interacts. An example of these vulnerabilities is found in the Cisco TelePresence Multipoint Control Unit (MCU) Software. A flaw in the kernel of Cisco’s software opened the door to malicious attacks, such as denials of service or the ability to remotely implement malicious code. 

One possible solution to these vulnerabilities is to create a suite of products and services where the hardware is designed along with its software and cloud-ecosystem. If the whole infrastructure is planned together, the likelihood for security oversights tends to zero. Smarter design for MCUs can only go so far to guarantee the security of a network before it requires help. By designing software and cloud services in conjunction with better MCUs, sysadmins can secure their streams of data through a system of checks and balances.

A division of labor to protect networks can come in many forms, but one such holistic approach can be seen in the partnership between Avnet and Microsoft with Azure Sphere. With their long history of developing advanced electronics and MCUs, Avnet offers a suite of products that have been Microsoft Azure-certified due to the implementation of on-chip security infrastructure such as the Microsoft Pluton security subsystem. The presence of Pluton on Avnet’s Azure Sphere products enables its MCUs to “create a hardware root of trust, store private keys and execute complex cryptographic operations.”

Securing MCUs with Software and the Cloud

Protecting MCUs with silicon design isn’t a panacea for securing IoT networks. As mentioned, security in IoT requires a three-tier defense: hardware, software and cloud. Where hardware is vulnerable, software and cloud-based analytics can step in and reinforce security. Some of the protection that software and cloud services provide can be seen through products such as Microsoft Azure OS and Microsoft Azure Security Service.

Microsoft Azure OS is the Linux-based operating system that has been implemented onto Microsoft Azure-certified IoT products—specifically the MCUs designed, produced and distributed by international electronics companies. This secured OS has been designed with both speed and security in mind, “to create a trustworthy platform for new IoT experiences,” according to Microsoft.

Azure Sphere OS benefits from this holistic approach to security, enabling end-to-end encryption once it has been integrated into the cloud-based Microsoft Azure Sphere security and on-chip Microsoft Pluton security sub-system. The OS itself is constructed from four layers of security built upon secure hardware. These layers include security monitoring, the custom Linux kernel itself, on-chip connectivity services and final layer that duals as an application container for both computing and real-time input/output.

While Pluton protects the chip at a hardware level and the Azure Sphere OS protects the software, the cloud-based Microsoft Azure Sphere security nicely ties all three tiers together. Through the cloud, Azure Sphere security allows for the “certificate-based authentication of all communication,” according to Microsoft. This means unauthorized software can’t run on the MCU until the cloud certifies it and renders it authorized.

Moreover, analytics allow for predictive and preventative security hygiene since Azure Sphere security can “provide insight into device and application failures and visibility into emerging security threats.”

Lastly, the cloud-based nature of Azure Sphere security allows for seamless deployment as well as constant, automated updates for software so that new threats can be dealt with quickly before any vulnerability can become widely known.

Working in conjunction, these software and cloud solutions allow for services such as renewable security or the ability to spot and stop any emerging threats through analytics. All of this allows for brokered trust from silicon to server.

To the Future: Leveraging the Edge

The need for better, smarter security in IoT networks presents itself in new ways each day. As the capabilities of MCUs increase, use-cases arise that require more computing to be done at the edge. Be it autonomous vehicles, smart sensors on factory floors or the proliferation of robotics and automation, computing at the edge means similar security protocols and systems are necessary for edge devices.

Avnet’s Azure Sphere Starter Kit supports rapid prototyping of secure, end-to-end IoT implementations. (Image courtesy of Avnet.)

Avnet’s Azure Sphere Starter Kit supports rapid prototyping of secure, end-to-end IoT implementations. (Image courtesy of Avnet.)

Luckily, edge computing allows for analytics to process the harvested raw data before being sent to the cloud. This increases security and privacy, since network-infiltrators will only see processed data and decisions instead of the raw data itself. Moreover, end-to-end encryption of raw and processed data—through services such as Microsoft Azure Sphere—allows for securing data inside devices and along the way to remote servers. This adds an extra hurdle for malicious agents to deal with.

Latency and busy networks present many problems for the administrators of cloud-based IoT networks, including hackers having opportunities to go undetected. Not only does edge computing take away some of these opportunities, but the certification processes utilized by ecosystems like Microsoft Azure Sphere ensures security even more. By integrating security at the edge to coincide with the predictive, preventative and smart security analytics provided by Azure Sphere, infiltration can be detected and dealt with faster than by cloud-based analytics alone.

So, when looking for IoT network security solutions, it’s best to see which products offer a multi-tiered model of security; these are the products looking to the future of IoT and edge computing.

To learn more about securing the IoT, check out Avnet’s Azure Sphere Starter Kit.

Avnet has sponsored this post.  All opinions are mine.  –Mitchell Gracie

Recommended For You