Cloud-to-Flash: A Cybersecurity Solution for Industrial IoT Edge Devices

Nanolock has a cloud-to-flash solution which protects industrial connected devices from software attacks.

In today’s factory, automation, data analytics and the digital devices that power these tools can enable improvements in the cost, quality and volume of production. But as the factory becomes increasingly connected, cybersecurity becomes increasingly important.

Yoni Kahana, VP Customers, Nanolock Security

Yoni Kahana, VP Customers, Nanolock Security

Edge devices can process data locally, reducing the network infrastructure requirements compared to bandwidth-hungry cloud analytics. However, as part of the network, edge devices can have security vulnerabilities.

Engineering.com recently spoke with Yoni Kahana, VP customers at Nanolock Security, about a security solution for edge devices.

Edge Devices: What are the security risks?

With the connected revolution underway in various markets, including industrial and automotive, Internet of Things (IoT) equipment is rapidly becoming a prime cyberattack target. It is critical for these devices to have secure booting processes, including the operating system, applications, and configuration files. Standard device protection methods, such as intrusion detection application, access control, and network protection, don’t necessarily apply to these edge devices. For one, most edge devices are in the public domain and, therefore, can be physically accessed by the outside world; this makes network protection weak, as it’s almost impossible to identify all entry points to an IoT edge device. And devices that aren’t physically accessible are still at risk, too, as they don’t have the computational processing power for sophisticated security applications.  Today’s device security is dependent on the CPU to protect against multiple vectors of attack and adapt to a dynamic environment that introduces new risks all the time.

What are the benefits of the cloud-to-flash approach for edge devices?

A cloud-to-flash solution protects connected devices from persistent software attacks—regardless of processor and operating system type—by protecting the contents in the flash and monitoring end-point device status.

This proposed solution is cost-effective, as it is a hardware solution built into the existing memory that doesn’t add additional modules to the system, and it doesn’t complicate the software integration or development as the system scales. Updates are more cost-effective, as well. In some cases today, the update mechanism is manually executed by a technician who must connect with the edge device to perform the update (e.g., in the avionics, industrial, and medical domains) due to the concern that any remote update could increase the risk of attack and manipulation of the device. This manual method also increases operational costs, which leads to less frequent updates—and more risks for downtime scenarios. A cloud-to-flash solution, on the other hand, reduces operational costs (such as these technician updates) and unexpected downtime, while offering advanced monitoring of devices. It produces the same or better results than other security implementations without increasing the BoM cost.

A secure cloud-to-flash channel can also be used to send status reports from the flash memory back to the management server to indicate when something looks harmful, when there is a breach, if someone needs to be quarantined, and if an attack has been prevented. Cloud-to-flash protection also provides status on the downtime of the device, the version, the latest update and more. Most importantly, all of this information can be trusted, as it cannot be manipulated by the software on the processor—even if it’s compromised. Together, all of these features make cloud-to-flash protection an attractive approach to security for industrial, automotive, and IoT markets.

How does it work?

Software security solutions without hardware security features are less secure than hardware security protection. Processor security features that require protection are controlled by the software, which means if the software can be manipulated it can manipulate the hardware security features; moreover, in some cases, the processor security features themselves have bugs (e.g., spoiler, meltdown, spectra etc.). Processor security features also require some processing power and increase the processor cost. In many devices, there is trade-off between security and functionality, and as is often the case, functionality has the upper hand. Once the trust between the software and the processor is broken, management and software updates can’t be trusted, creating a major deployment problem.

Cloud-to-flash is a new approach to protecting IoT devices (including preventing unauthorized software modifications) through the flash memory while still supporting software updates. NanoLock is providing a way to protect and manage the IoT networks that are crucial to the success of key industries—like smart cities, infrastructure, automotive and telecoms—with a cloud-to-flash protection approach that configures the mechanism for secure updates and trustworthy management. By creating a secure channel between the cloud and the flash memory in the edge device, NanoLock’s end-to-end protection makes it possible to send a secure update all the way from the cloud to the flash memory, regardless of the status of the network, the status of the processor, or the version installed in the flash.

This can be achieved by combining the in-memory computing capabilities of flash devices to create a secure cloud-to-flash channel to protect against overwriting, modification, manipulation, erasure, and ransomware attacks on firmware, boot images, and system parameters. A management platform is used to control and monitor connected devices by maintaining cloud-to-flash integrity, self-provisioning between server and device, software management, and attack detection with alerts.

Many leading flash memory vendors (e.g. Micron, Cypress, Winbond, and more) have embraced this cloud-to-flash protection solution and partnered with NanoLock.

To have persistent modification of the behavior of the attacked IoT device, the attacker must modify the IoT non-volatile memory. NanoLock’s solution protects the memory of the edge devices without dependency on the integrity of the CPU controlling it.

Creating a gatekeeper in the secured flash that blocks write operations to the protected memory blocks, making it impossible for attackers to alter the firmware with any malicious code even in cases where the attacker gain full control of the host / OS. This approach is agnostic to the processor and any software that is running on the device and avoids any latency at boot time or run time.

What are the consequences of poor security?

It is necessary for the whole IoT industry to identify an end-to-end solution that secure the entire chain of vulnerability from deeply embedded endpoints, to the cloud, and up into the enterprise management layer by identifying the single critical path that a persistent attack must pass through. Without this kind of reliable security, disastrous results can occur in leading vertical markets such as industrial and automotive.

Consider a security breach in a smart city development, for example. With the large network of IoT devices that make up smart cities, they are increasingly becoming prime targets for cyberattacks. Just imagine what would happen if a hacker or terrorist organization accessed the system to manipulate, for example, traffic lights. But securing smart cities against threats like this is a massive challenge: Security measures must be able to control and monitor many edge devices that are distributed across many miles; the solution must be cost effective; and it must be scalable over time as the smart city itself grows. 

Cyberattacks are also major threats in automotive. With the increasing development of autonomous vehicles, one hijacked vehicle could potentially compromise an entire fleet of cars and endanger an entire city. In any market that relies upon a network of connected devices, any breach or moment of unplanned downtime opens the door for attackers to take control of and manipulate the entire system.  

For manufacturing management, what are some next steps to take action and improve cybersecurity?

Today there is a global supply chain in which devices are manufactured via long supply chain and sub-contractors. This raises the concern as to whether or not the firmware is trustworthy and if it is possible for someone in the chain of manufacturing to manipulate it.

To combat potential for poor security in the global supply chain, then, management’s next steps should be to evaluate new security solutions that can protect firmware, boot image and critical applications stored on connected IoT devices, prevent attacks, and enable secure updates. Few solutions are able to provide all of these features simultaneously, which is why 80 percent of flash memory vendors have already turned to cloud-to-flash protection for their security measures. Nanolock’s solution provides the capability to ensure the integrity of the version in the edge device, regardless of the supply chain.

Edge devices and their networks also require a mechanism for secure updates and bug fixes—and without a way to closely manage them outside of the CPU or operating system, the devices become unreliable and cannot be trusted. Even after management has achieved an ironclad device protection platform that can resist physical and network attacks, there remains a key security obstacle: How can they maintain this level of security over time? In other words, how can management ensure that their system is securely updated with a trusted, manageable system? To build a truly secure IoT system, the architecture must not only protect the network and devices from a breach but also ensure visibility of the network and enable monitoring and management of the system.

In some cases today, the update mechanism is manually executed by a technician who must connect with the edge device to perform the update. Although costly in this current model, maintaining regular, secure updates is vital. Without them, all the data that the edge devices send to the command center has the potential to be comprised. Thus, it is critical to require a secure update mechanism that will enable remote updates, in addition to a management platform that is trustworthy.

For this reason, management should also take steps to consider MoT—the Management of Things. Nanolock’s MoT platform updates, controls, and monitors connected devices while including robust features for monitoring device security, device-to-cloud integrity, self-provisioning, version management, attack detection, and alerts. This ensures that the edge devices are secured, trusted, and managed through their entire lifetimes. Management can take advantage of Nanolock’s MoT platform as a standalone solution or as an integration via APIs in their own security management platform.  

With our solution, NanoLock Security is both reducing operational costs—such as technician updates—and unexpected downtime, while offering advanced monitoring of devices. Together, all of these features make cloud-to-flash protection an attractive approach to security for industrial, automotive, and IoT markets.

For more on industrial cybersecurity, check out The Most Pressing Challenge Modern Manufacturers Face? Cybersecurity.