Built-In Security for the Internet of Things

On October 2, 2015, Posted by , In Embedded Lynx Blog,

With the number of devices being connected to the Internet increasing daily, bringing the vision of the Internet of Things (IoT) or Internet of Everything (IoE) to reality, we hear about securing the IoT with almost the same frequency.

The reality is that securing the disparate ‘things’ is going to be a real problem; one certainly can’t use traditional enterprise and network security methods like anti-virus, as the things are not all running the same operating system (if an operating system is used at all), and the likely types of cyber threats will be very targeted to the specific system being attacked, which really nullifies any AV like approaches. Network protection is not any easier, as most of the networks that things are connected to are either proprietary or specific to the particular application (like CANbus for cars, and ProfiBus for industrial – often referred to as Operational Technology (OT) networks), and so traditional TCP/IP approaches are not particularly useful.

So, does this mean that the things are vulnerable to cyber attacks? The answer very definitely is yes, but there is a good approach to protecting the things that doesn’t involve trying to add security to 10’s of billions of devices; it brings the security closer to the source of the attacks, and uses well proven isolation technologies to make sure that any threats never reach the things themselves.

Before we look at how to secure the IoT, let’s look at the topology of a typical IoT network. The things are often not connected to the Internet, they are connected to a network that is more suitable for a specific purpose, either for efficiency, range, performance or standards based connectivity. This network is then connected to a series of gateways or routers that take the information from the things and routes them via the Internet to either the cloud or some other management systems that can take and analyze the data and/or perform control mechanisms for the things. For example in a SCADA (Supervisory, Control And Data Acquisition) system, a factory or industrial plant will feed sensor information through the gateway to the cloud and then based on the current state of the system, management and control systems can then issue commands back to the sensors if necessary.

fig1

Figure 1 : Traditional IoT network topology

The really vulnerable part of this system is the gateway, as it is the part where the things network meets the internet (where all the would-be attackers hang out). So, if this gateway is powered by a traditional operating system that manages the network traffic of both sides, any compromise in this OS would then give the attacker visibility into the things network, and in the case of a SCADA system, control of those things.

At Lynx we have been offering our LynxSecure Separation Kernel to manufacturers of gateways to take advantage of military-grade isolation technology to securely separate the two networks even though they are both connected to the same physical hardware. LynxSecure was originally designed to separate DoD networks and applications of different security classifications that needed to run on the same hardware, and so the underlying foundational technology has very strict isolation properties to achieve it. Memory, CPU cores, and devices can all be isolated, and then only the ones allocated to a particular domain will be presented to the applications running in that domain on top of the separation kernel. By adding domain-specific virtualization instantiations to LynxSecure, both operating systems and applications can be run in each domain. The virtualization layers can then be described as virtual motherboards for each domain.

So, how does this protect the IoT gateway? By, isolating the Internet network and applications (IT) from the OT network, it means that any threats that attack the gateway from the IT side have no physical access to the OT network and any communications and data that flows between the two networks can be carefully controlled and secured so any attacks will stay quarantined in the IT domain, and although the gateway has been infected, no real damage can be done to the OT network.

 

fig2

Figure 2 : Built in isolation technology isolates the IT from the OT network

At Lynx we have also entered into a technology partnership with cloud-based threat intelligence provider Webroot, who are configuring their threat protection agent to run in a LynxSecure domain and watch for anomalies in the IT domain that could indicate cyber attacks. This added layer of threat detection means that any gateway attacks can be isolated, detected, and then remedied without any serious damage being done to the OT network, and allowing the things to function without threat exposure. For more information on the Webroot/LynxSecure integration: http://www.lynx.com/press-release/webroot-and-lynx-partner-to-protect-connected-iot-devices-from-targeted-attacks/

Given that this security protection can now be fundamentally built-in to the gateway using LynxSecure, it means that the gateway is moving from being an attack point to a protection point. This also means that fewer security measures will need to be built into the billions of things themselves, thus saving large potential costs and at the same time dramatically increasing the security of the overall IoT system.

For more information on how LynxSecure can protect an IoT system, please click here: http://www.lynx.com/using-a-secure-separation-kernel-hypervisor-for-iot-gateways-application-note/