Secure your Industrial IoT sensors, or else!

By Steve Hanna

Distinguished Engineer, Connected Secure Systems Div.


May 21, 2018


Secure your Industrial IoT sensors, or else!

Upcoming workshop goes through many of the details behind securing your sensor nodes, particularly in industrial environments.

Sensing is a major component of the IoT and an essential part of most Industrial IoT (IIoT) applications. By adding wireless connectivity and a microcontroller or other processor to a sensor node, one can create a smart sensor. These sensors can be widely distributed without need for a sensor hub. However, they then become extremely vulnerable targets for attackers. Without security, they can become a weak link in the system. Fortunately, the Trusted Computing Group (TCG) techniques that have been developed for other computing, network, wireless, and IoT applications are applicable to these sensor nodes as well. This topic will be explored at a TCG workshop at Sensors Expo in June.

Trust for a device must be established based on a root of trust (RoT), an internal aspect that doesn’t change based on unauthorized tampering. TCG’s approach for trusted products has been built on a Trusted Platform Module (TPM), which defines a standard hardware root of trust (HRoT) and is now an International Organization for Standardization (ISO) standard (ISO 11889). As described in the prevalent international standard for industrial cybersecurity (IEC 62443), hardware security such as TPM is essential to mitigating cyberattacks on critical systems.

Initially implemented in discrete ICs, the TPM standard has been modified to address the requirements of different applications and markets. The most recent version, TPM 2.0, created a library specification to describe all the commands/features that could be implemented and might be needed in platforms from servers to laptops to embedded systems, including those with networked sensors. Today, several TPM varieties (discrete, integrated, firmware, and software in decreasing security order) offer different tradeoffs between cost, features, and security.

Even with four variations, TCG experts recognized that many IoT and embedded systems still aren’t suited for a TPM for cost and other reasons, including power, space, and design efficiency. To address the need for increased security, especially in embedded systems with these limitations, TCG developed the Device Identifier Composition Engine (DICE) architecture to offer some of the TPM security benefits without requiring another chip or chipset.

DICE architectures provide a unique identity to protect an embedded system’s digital content and access to its control systems and confidential information. Improvements over software-only security result from breaking startup (boot) into layers and creating secrets unique to each layer and hardware configuration using a Unique Device Secret (UDS) known only to the manufacturer and DICE. The secrets or keys created are unique to the device and each layer and configuration.

In addition to the previously mentioned aspects of trust, the TCG Software Stack 2.0 (TSS 2.0) spec defines several application programming interfaces (APIs) that simplify implementing a TPM in an end product, such as a sensor. TSS was developed by the TCG to provide a trusted system utility that allows the operating system and applications to easily share the system’s TPM.

Finally, many IoT systems connect sensors to the cloud. Securing the cloud is as important as securing the sensors but it must be handled differently. In a cloud environment, an additional way to implement a TPM is through a virtual TPM. As part of the cloud-based environment, the virtual TPM provides the same commands that a physical TPM would but it provides those commands separately to each virtual machine. The five versions of TPM, discussed roughly in order of security level and decreasing cost, are shown in the table. To get more accurate details on the cost and security level impact of each solution, a TPM supplier should be consulted.

While several TCG activities have been mentioned that are applicable to establish trusted sensing and trusted sensors on a network, other standards can be useful in sensing applications. System and sensor designers are encouraged to check out TCG’s open standards (including the Industrial Sub Group) and inquire about how they can make TCG’s efforts even more applicable to embedded sensors in the future. For detailed information about available products and open source software that implements Trusted Computing specifications, designers and developers can find resources and info on the TCG’s new developer web site.

Steve Hanna is a Senior Principal at Infineon Technologies. He currently co-chairs the TCG Embedded Systems Work Group and is involved in the TCG’s automotive, IoT, and industrial security efforts. He’s a member of the Security Area Directorate in the Internet Engineering Task Force and an author in the Industrial Internet Consortium. Hanna is an inventor or co-inventor on 47 issued U.S. patents. He holds a Bachelor’s degree in Computer Science from Harvard University.

Steve Hanna is a Distinguished Engineer at Infineon Technologies, responsible for IoT security strategy and technology. Mr. Hanna is an inventor or co-inventor on 48 issued patents, the author of innumerable standards and white papers, and a regular speaker at industry events.

More from Steve