Practical Internet of Things Security E-Book

Practical Internet of Things Security Second Edition

Copyright © 2018 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author(s), nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

Commissioning Editor: Gebin GeorgeAcquisition Editor: Prachi BishtContent Development Editor: Deepti Thore, Dattatraya MoreTechnical Editor: Varsha ShivhareCopy Editor:Safis EditingProject Coordinator: Jagdish PrabhuProofreader: Safis EditingIndexer: Mariammal ChettiyarGraphics: Jisha ChirayilProduction Coordinator: Jyoti Chauhan

First published: June 2016 Second edition: November 2018

Production reference: 1291118

Published by Packt Publishing Ltd. Livery Place 35 Livery Street Birmingham B3 2PB, UK.

ISBN 978-1-78862-582-1

www.packtpub.com

Mapt is an online digital library that gives you full access to over 5,000 books and videos, as well as industry leading tools to help you plan your personal development and advance your career. For more information, please visit our website.

Why subscribe?

Spend less time learning and more time coding with practical eBooks and Videos from over 4,000 industry professionals

Improve your learning with Skill Plans built especially for you

Get a free eBook or video every month

Mapt is fully searchable

Copy and paste, print, and bookmark content

Packt.com

Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.packt.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at [email protected] for more details.

At www.packt.com, you can also read a collection of free technical articles, sign up for a range of free newsletters, and receive exclusive discounts and offers on Packt books and eBooks. 

Contributors

About the authors

Brian Russell is the founder of TrustThink, LLC, where he leads multiple efforts towards the development of trusted IoT solutions. He has over 20 years of information security experience and has led complex system security engineering programs in the areas of cryptographic modernization, cryptographic key management, unmanned aerial systems, and connected vehicle security. He is the co-chair of the Cloud Security Alliance (CSA) IoT Working Group and was the recipient of the 2015 and 2016 CSA Ron Knode Service Award. Brian is an adjunct professor at the University of San Diego (USD) in the Cyber Security Operations and Leadership program. 

Drew Van Duren has provided 20 years of support to commercial and government customers in their efforts to secure safety-of-life and national security systems. He has provided extensive applied cryptographic design, key management expertise, and system security architecture design through rigorous integration of system security design with the core engineering disciplines. Drew has managed as Technical Director the two largest FIPS 140-2 test laboratories, security-consulted for the New York City Connected Vehicle Pilot Deployment, and participated in multiple standards groups such as the RTCA, SAE, and IEEE 1609 working group. Today, he supports the IEEE P1920 committee heading security architecture for unmanned aircraft aerial networks.

About the reviewer

Aaron Guzman is a security consultant serving as the Head of Automotive and IoT Testing with Aon's Cyber Solutions Group. Aaron has extensive public speaking experience, delivering conference presentations, training, and workshops globally. Aaron is a chapter leader for the Open Web Application Security Project (OWASP) Los Angeles, Cloud Security Alliance SoCal (CSA SoCal), a technical editor, and the co-author of IoT Penetration Testing Cookbook with Packt Publishing. Over the years, he has contributed to many IoT security guidance publications and leads the OWASP Embedded Application Security project. Follow Aaron's latest research on Twitter at @scriptingxss.

Packt is searching for authors like you

If you're interested in becoming an author for Packt, please visit authors.packtpub.com and apply today. We have worked with thousands of developers and tech professionals, just like you, to help them share their insight with the global tech community. You can make a general application, apply for a specific hot topic that we are recruiting an author for, or submit your own idea.

Table of Contents

Title Page

Copyright and Credits

Practical Internet of Things Security Second Edition

Dedication

About Packt

Why subscribe?

Packt.com

Contributors

About the authors

About the reviewer

Packt is searching for authors like you

Preface

Who this book is for

What this book covers

To get the most out of this book

Download the color images

Conventions used

Get in touch

Reviews

A Brave New World

Defining the IoT

Defining cyber-physical systems

Cybersecurity versus IoT security

The IoT of today

An IoT-enabled energy grid

Modernizing the transportation ecosystem

Smart manufacturing

Smart cities spread across the globe

The importance of cross-industry collaboration

The IoT ecosystem

Physical devices and controllers

The hardware

Real-time operating systems

Gateways

IoT integration platforms and solutions

Connectivity

Transport protocols

Network protocols

Data link and physical protocols

IEEE 802.15.4

ZWave

Bluetooth low energy

Cellular communications

Messaging protocols

MQTT

CoAP

XMPP

DDS

AMQP

Data accumulation

Data abstraction

Applications

Collaboration and processing

The IoT of tomorrow

Autonomous systems

Cognitive systems

Summary

Vulnerabilities, Attacks, and Countermeasures

Primer on threats, vulnerability, and risks 

The classic pillars of information assurance

Threats

Vulnerability

Risks

Primer on attacks and countermeasures

Common IoT attack types

Attack trees

Building an attack tree

Fault (failure) trees and CPS

Fault tree and attack tree differences

Merging fault and attack tree analysis

Example anatomy of a deadly cyber-physical attack

Today's IoT attacks

Attacks

Authentication attacks

Distributed Denial of Service (DDoS)

Application security attacks

Wireless reconnaissance and mapping

Security protocol attacks

Physical security attacks

Lessons learned and systematic approaches

Threat modeling an IoT system

Step 1 – identify the assets

Step 2 – create a system/architecture overview

Step 3 – decompose the IoT system

Step 4 – identify threats

Step 5 – document the threats

Step 6 – rate the threats

Summary

Approaches to Secure Development

The Secure Development Life Cycle (SDLC)

Waterfall

Requirements

Design

Implementation

Verification

Spiral

Agile

Security engineering in Agile

DevOps

Handling non-functional requirements 

Security

Threat modeling

Other sources for security requirements

Safety

Hazard analysis

Hazard and operability studies (HAZOPs)

Fault-tree analysis

Failure modes and effects analysis (FMEA)

Resilience

The need for software transparency

Automated security analysis

Engaging with the research community

Summary

Secure Design of IoT Devices

The challenge of secure IoT development

Speed to market matters

Internet-connected devices face a deluge of attacks

The IoT introduces new threats to user privacy

IoT products and systems can be physically compromised

Skilled security engineers are hard to find (and retain)

Secure design goals

Design IoT systems that mitigate automated attack risks

Design IoT systems with secure points of integration

Designing IoT systems to protect confidentiality and integrity

Applying cryptography to secure data at rest and in motion

Enabling visibility into the data life cycle and protecting data from manipulation 

Implementing secure OTA

Design IoT systems that are safe

Design IoT systems using hardware protection measures

Introduce secure hardware components within your IoT system

Incorporate anti-tamper mechanisms that report and/or react to attempted physical compromise

Design IoT systems that remain available

Cloud availability

Guarding against unplanned equipment failure 

Load balancing 

Design IoT systems that are resilient

Protecting against jamming attacks

Device redundancy 

Gateway caching

Digital configurations

Gateway clustering

Rate limiting

Congestion control

Provide flexible policy and security management features to administrators 

Provide logging mechanisms and feed integrity-protected logs to the cloud for safe storage

Design IoT systems that are compliant 

The US IoT Cybersecurity Improvement Act (draft)

ENISA's baseline security recommendations

DHS guiding principles for secure IoT

FDA guidance on IoT medical devices

Summary

Operational Security Life Cycle

Defining your security policies

Defining system roles 

Configuring gateway and network security

Securing WSN 

Establishing good key management practices for WSNs. 

Establishing physical protections 

Ports, protocols, and services

Gateways 

Network services

Network segmentation and network access controls

Bootstrapping and securely configuring devices

Configuring device security 

Setting up threat intelligence and vulnerability tracking

Vulnerability tracking

Threat intelligence

Honeypots

Managing assets 

Managing keys and certificates

Handling misbehavior

Managing accounts, passwords, and authorizations

Managing firmware and patching updates

Monitoring your system

RF monitoring

Training system stakeholders

Security awareness training for employees

Security administration training for the IoT

Performing penetration testing

Red and blue teams

Evaluating hardware security

The airwaves

IoT penetration test tools

Managing compliance

HIPAA

GDPR

Monitoring for compliance

Managing incidents

Performing forensics

Performing end-of-life maintenance

Secure device disposal and zeroization

Data purging

Inventory control

Data archiving and managing records

Summary

Cryptographic Fundamentals for IoT Security Engineering

Cryptography and its role in securing the IoT

Types and uses of cryptographic primitives in the IoT

Encryption and decryption

Symmetric encryption

Block chaining modes

Counter modes

Asymmetric encryption

Hashes

Digital signatures

Symmetric (MACs)

Random number generation

Ciphersuites

Cryptographic module principles

Cryptographic key management fundamentals

Key generation

Key establishment

Key derivation

Key storage

Key escrow

Key lifetime

Key zeroization

Accounting and management

Summary of key management recommendations

Examining cryptographic controls for IoT protocols

Cryptographic controls built into IoT communication protocols

ZigBee

Bluetooth-LE

Near Field Communication (NFC)

Cryptographic controls built into IoT messaging protocols

MQTT

CoAP

DDS

REST

Future-proofing IoT cryptography

Crypto agility

Post quantum cryptography

Summary

Identity and Access Management Solutions for the IoT

An introduction to IAM for the IoT

The identity life cycle

Establish naming conventions and uniqueness requirements

Naming a device

Secure bootstrap

Credential and attribute provisioning

Local access

Account monitoring and control

Account updates

Account suspension

Account/credential deactivation/deletion

Authentication credentials

Passwords

Symmetric keys

Certificates

X.509

IEEE 1609.2

Biometrics

Authorization for the IoT

IoT IAM infrastructure

802.1x

PKI for the IoT

PKI primer

Trust stores

PKI architecture for privacy

Revocation support

OCSP

OCSP stapling

SSL pinning

Authorization and access control

OAuth 2.0

Authorization and access controls within publish/subscribe protocols

Access controls within communication protocols

Decentralized trust via blockchain ledgers

Summary

Mitigating IoT Privacy Concerns

Privacy challenges introduced by the IoT

A complex sharing environment

Wearables

Smart homes

Metadata can leak private information

New privacy approaches for credentials

Privacy impacting on IoT security systems

New methods of surveillance

Guide to performing an IoT PIA

Overview

Authorities

Characterizing collected information

Uses of collected information

Security

Notice

Data retention

Information sharing

Redress

Auditing and accountability

Privacy by design

Privacy engineering recommendations

Privacy throughout the organization

Privacy-engineering professionals

Privacy-engineering activities

Understanding the privacy landscape

Summary

Setting Up an IoT Compliance Monitoring Program

IoT compliance

Implementing IoT systems in a compliant manner

An IoT compliance program

Executive oversight

Policies, procedures, and documentation

Training and education

Skills assessments

Cybersecurity tools

Data security

Defense in depth

Privacy

The IoT, networks, and the cloud

Threats/attacks

Certifications

Testing

Internal compliance monitoring

Install/update sensors

Automated search for flaws

Collect results

Triage

Bug fixes

Reporting

System design updates

Periodic risk assessments

Black box testing

White box assessments

Fuzz testing

A complex compliance environment

Challenges associated with IoT compliance

Examining existing compliance standards, support for the IoT

Underwriters Laboratory IoT certification

NERC CIP

HIPAA/HITECH

PCI DSS

The NIST Risk Management Framework (RMF)

Summary

Cloud Security for the IoT

The role of the cloud in IoT systems 

A notional cloud security approach 

Moving back toward the edge

The concept of the fog

Threats to cloud IoT services

Cloud-based security services for the IoT

Device onboarding

Hardware-to-cloud security

Identity registries

Naming your devices

Onboarding a device into AWS IoT

Key and certificate management

Third-party solutions

Policy management 

Group management

Permissions

Persistent configuration management

Gateway security 

Authentication to the gateway

Device management

Compliance monitoring

Security monitoring

Summary

IoT Incident Response and Forensic Analysis

Threats to both safety and security

Defining, planning, and executing an IoT incident response

Incident response planning

IoT system categorization

IoT incident response procedures

The cloud provider's role

IoT incident response team composition

Communication planning

Operationalizing an IRP in your organization

Detection and analysis

Analyzing the compromised system

Analyzing the IoT devices involved

Escalation and monitoring

Containment, eradication, and recovery

Post-incident activities (recovery)

IoT forensics

Post-incident device forensics

New data sources for crime solving

Smart electrical meters and water meters

Wearables

Home security cameras

Home assistants

Summary

Other Books You May Enjoy

Leave a review - let other readers know what you think

Preface

Only a few people would contest the assertion that the phenomenon of the Internet of Things (IoT) poses problems related to security, safety, and privacy. Given the remarkable industrial and consumer diversity of the IoT, one of the principal challenges and goals we faced when electing to write this book was determining how to identify and distill the core IoT security principles in the most useful, but industry-agnostic, way possible. It was equally important to balance real-world application with background theory, especially given the unfathomable number of current and forthcoming IoT products, systems, and applications. To this end, we included some basic security (and safety) topics that we must adequately, if minimally, cover, as they are required as a reference point in any meaningful security conversation. Some of the security topics apply to devices (endpoints), some to communication connections between them, and others to the larger enterprise.

Another goal of this book was to lay out security guidance in a way that did not regurgitate the vast amounts of existing cyber security knowledge as it applies to today's networks, hosts, operating systems, software, and so on, although we realized that some is necessary for a meaningful discussion on IoT security. Not wanting to align with a single industry or company selling products, we strove to sufficiently carve out and tailor useful security approaches that encompass the peculiarities and nuances of what we think both distinguishes and aligns IoT with conventional cyber security.

A wide range of both legacy industries (for example, home appliance makers, toy manufacturers, and automotive manufacturers) and start-up technology companies are today creating and selling connected devices and services at a phenomenal and growing rate. Unfortunately, not all are terribly secure—a fact that some security researchers have unrelentingly pointed out, often with a sense of genuine concern. Though much of the criticism is valid and warranted, some of it has, unfortunately, been conveyed with a certain degree of unhelpful hubris.

What is interesting, however, is how advanced some of the legacy industries are with regard to high-assurance safety and fault-tolerant design. These industries make extensive use of the core engineering disciplines—mechanical, electrical, industrial, aerospace, and control engineering—and high-assurance safety design in order to engineer products and complex systems that are, well, pretty safe. Many cyber security engineers are frankly ignorant of these disciplines and their remarkable contributions to safety and fault-tolerant design.

Hence, we arrive at one of the serious obstructions that IoT imposes in terms of achieving its security goals: poor collaboration between the safety, functional, and security engineering disciplines needed to design and deploy what we termCyber-Physical Systems(CPS). CPS put the physical and digital engineering disciplines together in ways that are seldom addressed in academic curricula or corporate engineering offices. It is our hope that engineers, security engineers, and all types of technology managers learn to better collaborate on the required safety and security-assurance goals.

While we benefit from the IoT, we must prevent our current and future IoT from harming us as far as possible; and to do this, we need to secure it properly and safely. We hope you enjoy this book and find the information useful as regards securing your IoT.

Who this book is for

This book targets IT security professionals and security engineers (including pentesters, security architects, and ethical hackers) who would like to ensure the security of their organization's data when connected through the IoT. Business analysts and managers will also find this book useful.

What this book covers

Chapter 1, A Brave New World, introduces you to the basics of IoT, its definition, uses, applications, and implementations.

Chapter 2, Vulnerabilities, Attacks, and Countermeasures, takes you on a tour where you will learn about the various threats and the measures that we can take to counter them.

Chapter 3, Approaches to Secure Development, focuses on the different engineering approaches a developer/manufacturer might take to securely design and deploy IoT devices.

Chapter 4, Secure Design of IoT Devices, provides readers with the tools needed to securely develop their own custom additions to an enterprise IoT implementation.

Chapter 5, Operational Security Life Cycle, introduces a system security life cycle for the IoT that focuses on operational aspects related to the planning, deployment, management, monitoring and detection, remediation, and disposal of IoT systems.

Chapter 6, Cryptographic Fundamentals for IoT Security Engineering, provides a background on applied cryptography.

 Chapter 7, Identity and Access Management Solutions for the IoT, dives deep into identity and access management for the IoT.

Chapter 8, Mitigating IoT Privacy Concerns, explores IoT privacy concerns. It will also help you to understand how to address and mitigate such concerns.

Chapter 9, Setting Up an IoT Compliance Monitoring Program, helps you to explore how to set up an IoT compliance program.

Chapter 10, Cloud Security for the IoT, explains the concepts of cloud security that are related to the IoT.

Chapter 11, IoT Incident Response and Forensic Analysis, explores incident management and forensics for the IoT.

To get the most out of this book

You will need SecureITree version 4.3, a common desktop or laptop, and a Windows, Mac, or Linux platform running Java 8.

Download the color images

We also provide a PDF file that has color images of the screenshots/diagrams used in this book. You can download it here: https://www.packtpub.com/sites/default/files/downloads/9781788625821_ColorImages.pdf.

Conventions used

There are a number of text conventions used throughout this book.

CodeInText: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: "Securely store your client credentials: client_id and client_secret."

A block of code is set as follows:

chmod +x start.sh# ./start.sh

Bold: Indicates a new term, an important word, or words that you see on screen. For example, words in menus or dialog boxes appear in the text like this. Here is an example: "Select System info from the Administration panel."

Get in touch

Feedback from our readers is always welcome.

General feedback: If you have questions about any aspect of this book, mention the book title in the subject of your message and email us at [email protected].

Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit www.packt.com/submit-errata, selecting your book, clicking on the Errata Submission Form link, and entering the details.

Piracy: If you come across any illegal copies of our works in any form on the internet, we would be grateful if you would provide us with the location address or website name. Please contact us at [email protected] with a link to the material.

If you are interested in becoming an author: If there is a topic that you have expertise in, and you are interested in either writing or contributing to a book, please visit authors.packtpub.com.

Reviews

Please leave a review. Once you have read and used this book, why not leave a review on the site that you purchased it from? Potential readers can then see and use your unbiased opinion to make purchase decisions, we at Packt can understand what you think about our products, and our authors can see your feedback on their book. Thank you!

For more information about Packt, please visit packt.com.

A Brave New World

While any new generation prides itself on the technological advancements it enjoys compared to its forebears, it is not uncommon for each to dismiss or simply not acknowledge the enormity of thought, innovation, collaboration, competition, and connections throughout history that made, say, smartphones or unmanned aircraft possible. The reality is that, while previous generations may not have enjoyed the realizations in gadgetry we have today, they most certainly did envision them. Science fiction has always served as a frighteningly predictive medium, whether it's Arthur C. Clarke envisioning Earth-orbiting satellites or E.E. Doc Smith's classic sci-fi stories melding the universe of thought and action together (reminiscent of today's phenomenal, new brain-machine interfaces).

While the term Internet of Things (IoT) is new, the ideas of today's and tomorrow's IoT are not. Consider one of the greatest engineering pioneers, Nikola Tesla, who, in a 1926 interview with Colliers magazine, said the following:

Source: http://www.tfcbooks.com/tesla/1926-01-30.htm

In 1950, the British scientist, Alan Turing, stated the following:

(Source: "Computing Machinery and Intelligence." Mind 49: 433-460.)

No doubt, the incredible advancements in digital processing, communications, manufacturing, sensors, and control are bringing to life the realistic imaginings of both our current generation and our forebears. Such advancements provide us with a powerful example of the very ecosystem of the thoughts, needs, and wants that drive us to build the new tools and solutions that we want for enjoyment and need for survival.

We must counterbalance all of our dreamy, hopeful thoughts about humanity's future by the fact that human consciousness and behavior always has, and always will, fall short of Utopian ideals. There will always be overt and concealed criminal activity; there will always be otherwise decent citizens who find themselves entangled in plots, financial messes, and blackmail; there will always be accidents; there will always be profiteers and scammers willing to hurt and benefit from the misery of others. In short, there will always be some individuals motivated to break in and compromise devices and systems for the same reason a burglar breaks into your house to steal your most prized possessions. Your loss is their gain. Worse, with the IoT, the motivation may extend to imposing physical injury or even death. A keystroke today can save a human life when properly configuring a pacemaker; it can also disable your car's braking system or hobble an Iranian nuclear research facility.

IoT security is clearly important, but before we can delve into the practical aspects of IoT security, we will take a look at the following:

Defining the IoT

Cybersecurity versus IoT security

The IoT of today

The IoT ecosystem

The IoT of tomorrow

Defining the IoT

We arrive then at the problem of how to define the IoT and how to distinguish the IoT from today's internet of, well, computers. The IoT is certainly not a new term for mobile-to-mobile technology. It is far more. While many definitions of the IoT exist, we will primarily lean on the following three throughout this book.

The ITU's member-approved definition defines the IoT as follows:

The IEEE's small environment description of the IoT is as follows:

The IEEE's large environment scenario describes the IoT as follows:

Each of these definitions is complementary. They overlap and describe just about anything that can be dreamed up and can be physically or logically connected to anything else over the internet or wireless networks. Regardless of definition nuances, the services that the IoT provides to a business, government, or private citizen are the truly valuable aspects of the IoT that we must assure. As security practitioners, we must be able to understand the value of these services and ensure that they are kept available and secure.

Defining cyber-physical systems

Cyber-Physical Systems (CPSes) are a huge, overlapping subset of the IoT. They fuse a broad range of engineering disciplines, each with a historically well-defined scope that includes the essential theory, lore, application, and relevant subject matter needed by their respective practitioners. These topics include engineering dynamics, fluid dynamics, thermodynamics, control theory, digital design, and many others. So, what is the difference between IoT and CPS? Borrowing from the IEEE, the principal difference is that a CPS—comprising connected sensors, actuators, monitoring and control systems—does not necessarily have to be connected to the internet. A CPS can be isolated from the internet and still achieve its business objective. From a communications perspective, the IoT is comprised of things that, necessarily and by definition, are connected to the internet and, through some aggregation of applications, achieve some business objective:

It is worthwhile to think of the IoT as a super-set of CPSes, as CPSes can be enveloped into the IoT simply by connectivity to the internet. A CPS is generally a rigorously engineered system designed for safety, security, availability, and functionality. Emergent enterprise IoT deployments should take note of the lessons learned through the engineering rigor associated with CPSes. For more information on building resilient CPSes, consult the National Institute of Standards and Technology (NIST) Framework for Cyber Physical Systems (https://s3.amazonaws.com/nist-sgcps/cpspwg/files/pwgglobal/CPS_PWG_Framework_for_Cyber_Physical_Systems_Release_1_0Final.pdf) and its related efforts to the IoT-Enabled Smart Cities Framework and others (https://www.nist.gov/el/cyber-physical-systems).

Cybersecurity versus IoT security

IoT security is not traditional cybersecurity, but a fusion of cybersecurity with other engineering disciplines. It addresses much more than mere data, servers, network infrastructure, and information security. Rather, it includes the direct or distributed monitoring and/or control of the state of physical systems connected over the internet. Cybersecurity, if you like that term at all, frequently does not address the physical and security aspects of the hardware device or the physical world interactions it can have. Digital control of physical processes over networks makes the IoT unique in that the security equation is limited not only to the basic information assurance principles of confidentiality, integrity, non-repudiation, and so on, but also to the physical resources and machines that originate and receive that information in the real world. In other words, the IoT has very real analog and physical elements. IoT devices are physical things, many of which are safety-related. Therefore, if such devices are compromised, it may lead to physical harm of persons and property, even death.

The subject of IoT security, then, is not the application of a single, static set of meta-security rules as they apply to networked devices and hosts. It requires a unique application for each system and system-of-systems in which IoT devices participate. Anything physical today can be connected to the internet with the appropriate electronic interfaces. The security of the IoT device is then a function of the device's use, the physical process or state impacted by or controlled by the device, and the sensitivity of the systems to which the device connects.

Cyber-physical and many IoT systems frequently invoke an intersection of safety and security engineering, two disciplines that have developed on very different evolutionary paths but which possess partially overlapping goals. We will delve more into safety aspects of IoT security engineering later in this book, but for now we point out an elegantly expressed distinction between safety and security provided by the noted academic Dr. Barry Boehm, Axelrod, W. C., Engineering Safe and Secure Software Systems, p.61, Massachusetts, Artech House, 2013. He poignantly but beautifully expressed the relationship as follows:

Safety

: The system must not harm the world

Security

: The world must not harm the system

Hence, it is clear that the IoT and IoT security are much more complex than traditional networks, hosts, and cybersecurity. Safety-conscious industries such as aerospace have evolved highly effective safety engineering approaches and standards because aircraft can harm the world and the people in it. The aircraft industry today, like the automotive industry, is now playing catch-up with regard to security because of the accelerating growth of network connectivity to their vehicles.

The IoT of today

It is a cliché to declare how fast Moore's law is changing our technology-rich world and how connected our devices, social networks, even bodies, cars, and other objects are becoming.

A useful way to think of IoT technological progression is what happens when the network extends not to the last mile or last inch endpoint but to the last micron, where virtual and digital become physical. Whether the network extends to a motor servo controller, temperature sensor, accelerometer, light bulb, stepper motor, washing machine monitor, or pacemaker battery voltage monitor, the effect is the same: the information sources and sinks facilitate monitoring and control functions between our physical and virtual worlds. In the case of the IoT, the physical world is a direct component of the digital information, whether acting as subject or object.

IoT technology is being rolled out across many industries today. In Europe, for example, the Alliance for Internet of Things Innovation(AIOTI) (see https://aioti.eu ) has designed a set of pilot projects that focus on demonstrating real-world use cases of the IoT in action. These pilots are described in the following table and show the reach and potential impact of the IoT on our daily lives. The IoT is much more than consumer toys connected to the internet. IoT systems are progressing towards making a real difference in the well-being of the population and increased productivity in the business environment:

AIOTI system pilot

Description

Smart living environment for aging well

IoT systems support quality of life improvements while reducing care costs for the ageing population. These systems demonstrate the value of pervasive instrumentation and the impact that the IoT can make on an individual level. 

Smart farming and food security

IoT systems enable precision farming and introduce new methods to assure food security and food safety. New autonomous technologies reduce workloads and increase quality.

Wearables

IoT systems become integrated into the fabric of our daily lives through integration with wearables, such as clothing, watches, and body-mounted devices. 

Smart cities

IoT systems enable smart services for citizens, including transport, energy, health care, lighting, water, and waste. Populations will come to rely on these services, as on any other utility, as generations age. 

Smart mobility

IoT systems transform the way we move, through the efficient management of traffic, automated transportation systems (for example, tolling), usage-based insurance, and connected and autonomous vehicles.

Smart water management

IoT systems enable more efficient water management capabilities while keeping our water supply safe and available. 

Smart manufacturing

IoT systems such as industrial robotics and connected factories increase productivity and quality at manufacturing plants. 

Smart energy

IoT systems support energy optimization across asset portfolios, including renewable plants, grid substations, control rooms, demand response applications, and Electronic Vehicle(EV) charging.

Smart buildings and architectures

IoT systems transform building management with a focus on occupant quality of life, through enhancements to lighting, comfort, temperature, air quality, water, nourishment, fitness, and energy use.

The impact that the IoT is having on the transformation of industry capabilities is significant. It becomes clear that, as we begin to rely on these technological improvements, the impact of denying or tampering with these services becomes substantial. Each of these systems must be developed with security and resilience in mind. Next, we discuss additional IoT ecosystems that are beginning to add value to our everyday lives. 

An IoT-enabled energy grid

Fast disappearing are the days of utility companies sending workers out in vans to read electric and gas meters mounted to the exterior of your house. Homes today include an array of Distributed Energy Resources (DER) that can communicate demand and load data with the distribution grid. Within the distribution grid, smart devices are able to collect and analyze data to identify anomalies and instabilities. These devices are then able work together to identify measures for correcting the instabilities and avoiding costly brownouts and blackouts.

Additional IoT technology insertions are modernizing business processes across energy operations. For example, after a natural disaster, operators might deploy Unmanned Aerial Systems (UAS) to survey damage to power lines. As aviation authorities begin to evolve regulations on the use of UAS platforms around the world, autonomous flight operations will begin to allow for rapid fault identification and service restoration.

As EV charging begins to strain the electrical grid, new approaches to distributed energy generation must also be considered. Clean energy solutions, such as solar, allow individual consumers to become energy generators and participate in energy transactions with their peers and the utility. Consider the concept of a microgrid. Microgrids are self-contained energy generation and distribution systems that allow owner-operators to be heavily self-sufficient. Microgrid control systems not only rely on data captured from edge devices such as solar panels and wind turbines, but also require data collected from other internet-based services. The control system may capture real-time energy pricing data from a web service, enabling the system to determine the optimal time to generate, buy, or sell back energy from the utility.

The same control system may incorporate weather forecast feeds to predict how much energy their solar panel installations will generate during a certain period of time. Maturing microgrid models are allowing innovative neighborhood microgrids to emerge such as the LO3 implemented in Brooklyn, New York. The LO3 implements a blockchain-based neighborhood microgrid (https://lo3energy.com/) that allows neighbors to sell excess solar energy directly to each other, connecting each neighbor as an IoT node in a larger IoT system.

Modernizing the transportation ecosystem

IoT connectivity has already transformed the transportation industry and promises continued innovations. Companies such as Bosch and Continental have invested heavily in building semi-autonomous driver assistance tools while other companies such as Mercedes Benz and Audi are working on Level 4 and 5 fully autonomous vehicles. These vehicles and tools rely upon sensors that collect and feed data back to Electronic Control Units (ECUs) within the vehicle. Connected Vehicle (CV) technology is rapidly maturing through multiple CV pilots around the world, the largest being the 8,000+ vehicle New York City Connected Vehicle Pilot Deployment (note: the author, Drew Van Duren, is a security consultant to this deployment). General Motors has also fitted some vehicles with CV technology. The 2017 Cadillac CTS, for example, operates Vehicle-to-Vehicle (V2V) technology on the 5.9 GHz spectrum to share vehicle location, speed, and traffic conditions with peer vehicles on the road. V2V technology supports sharing of vehicle data including latitude, longitude, heading angle, speed, lateral and longitudinal acceleration, throttle position, brake status, steering angle, headlight status, wiper status, turn signal status, and vehicle length and width.

Intelligent Transportation Systems (ITS) promise to optimize traffic across smart cities. For example, queue warnings will let vehicles and drivers know whether a backup is forming. Vehicle navigation systems can then quickly route around the backup, easing traffic congestion. Applications such as these are aided by connected roadside equipment, known as Roadside Units (RSUs). RSUs communicate using protocols including Dedicated Short Range Communications (DSRC) to collect, proxy, and transmit data across the vehicle ecosystem, including with the local roadside (traffic signal controllers, dynamic message signs, and so on) and Traffic Management Centers (TMCs).

Smart manufacturing

The term Industry 4.0 is used to describe CPSes that enable smart factories through automation and data exchange. Sensor data is fused and processed by data analytic systems, and machine learning algorithms are trained on smart manufacturing use cases such as remote monitoring and control, smart energy consumption, predictive maintenance, and human-robotic collaboration. These capabilities provide business value through the minimization of downtime or the optimization of processes and reduction of costs. For example, a Jeep Wrangler production facility in Toledo, Ohio, introduced connectivity for over 60,000 IoT endpoints and 259 robots on the assembly line (source: https://customers.microsoft.com/en-us/story/the-internet-of-things-transforms-a-jeep-factory). This implementation provides flexibility to modify manufacturing plans on demand, based on real-time data collected from sensors. The result is cost reduction and profit increase.

Industry 4.0 is also leading the way toward the adoption of robotics within manufacturing. There are many types of robotic platforms, including vision-capable robots, that can capture and analyze video streams in real time, and collaborative robots that can be guided by humans toward accomplishing a task. Robotic systems rely on many types of sensors, including motion sensors, accelerometers, temperature sensors, pressure sensors, and proximity sensors. These platforms can incorporate computer vision capabilities and make use of complex algorithms that support guidance and path planning.

Smart cities spread across the globe

According to the Smart City Tracker 2018 report by Navigant Research (https://www.navigantresearch.com/news-and-views/navigant-research-identifies-355-smart-city-projects-in-221-cities-around-the-world) over 221 cities worldwide implemented at least one smart city project in 2018. The city of Chicago, for instance, implemented the Array of Things project that resulted in the installation of over 500 multifunctional sensors on lampposts within the city. Sensors measure temperature, barometric pressure, light, vibration, carbon monoxide, nitrogen dioxide, sulfur dioxide, ozone, ambient sound intensity, pedestrian and vehicle traffic, and surface temperature (source: https://arrayofthings.github.io/faq.html). Smart cities are also now embracing the concept of open data, providing citizens with access to data collected through IoT sensors. Amsterdam, for example, provides citizens with the ability to look up all open data projects across the city.

Other examples of smart city innovations include networked LED street lights and clean and efficient buildings. The city of San Diego, for example, created the Smart City Open Urban Platform (SCOUP) to track and reduce greenhouse gas emissions across the city's real-estate portfolio (https://www.sandiego.gov/sustainability/smart-city).

Smart Cities represent a complex IoT example as they bring together systems of systems to meet numerous goals. Organizations such as Securing Smart Cities (https://securingsmartcities.org/) have sprouted up to provide guidance to city officials on how to choose and securely implement technologies.

The importance of cross-industry collaboration

While the majority of this book is devoted to IoT security, the aforementioned IoT use cases clearly emphasize the increasing world demand for cross-disciplined security engineers. We struggle to find it covered in academic curricula outside of a few university computer science programs, network engineering, or dedicated security programs such as SANS. Most security practitioners have strong computer science and networking skills but are less versed in the physical and safety engineering disciplines covered by core engineering curricula. So, the cyber-physical aspects of the IoT face a safety versus security clash of cultures and conundrums:

Everyone is responsible for security

The IoT and CPS expose huge security problems crisscrossing information computing and the physical world

Most traditional core engineering disciplines rarely address security engineering (though some address safety)

Many security engineers are unaware of core engineering disciplines (for example, mechanical, chemical, and electrical engineering), including fault-tolerant safety design

Because the IoT is concerned with connecting physically engineered and manufactured objects, this conundrum more than any other comes into play. The IoT device engineer may be well versed in safety issues, but does not fully understand the security implications of design decisions. Likewise, skilled security engineers may not understand the physical engineering nuances of a device to ascertain and characterize its physical-world interactions and fix them for security deficiencies. In other words, core engineering disciplines typically focus on functional design, creating things to do what we want them to do. Security engineering shifts the view to consider what the thing can do and how one might misuse it in ways the original designer never considered. Malicious hackers depend on this. The refrigeration system engineer never had to consider a cryptographic access control scheme in what was historically a basic thermodynamic system design. Now, designers of connected refrigerators do, because malicious hackers will look for unauthenticated data originating from the refrigerator or attempt to exploit it and pivot to additional nodes in a home network.

Security engineering is maturing as a cross-discipline, fortunately. We can argue that it is more efficient to enlighten a broad range of engineering professionals in baseline security principles than it is to train existing security engineers in all physical engineering subjects. Improving IoT security requires that security engineering tenets and principles be learned and promulgated by the core engineering disciplines (originating in their academic curricula) throughout their respective industries. If not, industries will never succeed in responding well to emergent threats. Such a response requires appropriating the right security mitigation techniques at the right time when they are the least expensive to implement (that is, the original design as well as its flexibility and accommodation of future-proofing principles). For example, a thermodynamic process and control engineer designing a power-plant will have tremendous knowledge concerning the physical processes of the control system, safety redundancies, and so on. If they understand security engineering principles, they will be in a much better position to dictate additional sensors, redundant state estimation logic, or redundant actuators, based on certain exposures to other networks. In addition, they will be in a much better position to ascertain the sensitivity of certain state variables and timing information that the network, host, application, sensor, and actuator security controls should help protect. They can better characterize the cyber attack and control system interactions that might cause gas pressure and temperature tolerances to be exceeded with a resultant explosion. The traditional network cybersecurity engineer will not have the physical engineering background on which to orchestrate these design decisions.

Medical device and biomedical companies, automotive and aircraft manufacturers, the energy industry, even video game makers and broad consumer markets are involved in the IoT. These industries, historically isolated from each other, must learn to collaborate better when it comes to securing their devices and infrastructure. Unfortunately, there are some in these industries who believe that most security mitigations need to be developed and deployed uniquely in each industry. Standards organizations frequently promote this thinking as well. This isolated, turf-protecting approach is ill-advised and short-sighted. It has the potential of stifling valuable cross-industry security collaboration, learning, and development of common countermeasures.

IoT security is an equal-opportunity threat environment; the same threats against one industry exist against the others. An attack and compromise of one device today may represent a threat to devices in almost all other industries. A smart light bulb installed in a hospital may be compromised and used to perform various privacy attacks on medical devices. In some cases, the cross-industry link is due to intersections in the supply chain or the fact that one industry's IoT implementations were adopted into another industry's systems. Real-time intelligence as well as lessons learned from attacks against industrial control systems should be leveraged by all industries and tailored to suit. The discovery, analysis, understanding, and sharing of how real-world threats are compromising ever-present vulnerabilities need to be improved for the IoT. No single industry, government organization, standards body or other entity can assume to be in control of threat intelligence and information sharing. Security is an ecosystem.

The IoT ecosystem

The IoT world forum reference model describes seven levels of an IoT ecosystem. These levels are as follows:

Physical devices and controllers

Connectivity

Edge computing

Data accumulation

Data abstraction

Application

Collaboration and processing

We will borrow these seven levels to explore and discuss the makeup of the IoT ecosystem.

Physical devices and controllers

There are so many different types of things within the IoT that it becomes difficult to prescribe security recommendations for the development of any one in particular. At their core, however, IoT devices are hardware-based and contain sensing and communication capabilities. They may also support actuation, storage, and processing capabilities. 

The hardware

Popular IoT development boards include Arduino, Beagle Board, Pinocchio, Raspberry Pi, and Cubieboard, among others. These development boards are used for prototyping IoT solutions. They include microcontrollers (MCUs), which serve as the brains of the device, provide memory, and a number of both digital and analog General Purpose Input/Output (GPIO) pins. These boards can be modularly stacked with other boards to provide communication capabilities, new sensors, sactuators, and so on to form a complete IoT device.

MCUs well suited for IoT development come from ARM, Intel, Broadcom, Atmel, Texas Instruments (TI), Freescale, and Microchip Technology, among others. MCUs are Integrated Circuits (ICs) that contain a processor, Read-Only Memory (ROM), and Random Access Memory (RAM). Memory resources are frequently limited in these devices. Often, manufacturers IoT-enable physical products by augmenting the MCUs with complete network stacks, interfaces, and RF/cellular transceivers. All of this horsepower is going into system-on-chip configurations and miniaturized daughter boards (single board computers).

In terms of IoT sensor types, the sky's the limit. Examples include temperature sensors, accelerometers, air quality sensors, potentiometers, proximity sensors, moisture sensors, and vibration sensors. These sensors are frequently hardwired into the MCU for local processing, responsive actuation, and/or relay to other systems.

Real-time operating systems

IoT devices often employ a Real-Time Operating System (RTOS) for process and memory management, as well as utility services supporting messaging and other communications. The selection of each RTOS is based on needed performance, security, and functional requirements of the product. There are many RTOS available, including those noted here:

TinyOS

Optimized for low-power embedded systems. A framework that incorporates components that support development of an application-specific operating system. Written in NesC, which supports event-driven concurrency. Refer to http://www.ann.ece.ufl.edu/courses/ee16935_10spr/papers/tinyos.pdf.

Contiki

Supports IP, UDP, TCP, and HTTP, as well as 6loWPAN and CoAP. Designed for operation in low-power systems. Supports link layer encryption for 802.15.4 communications. 

Mantis

Embedded operating systems for wireless sensor platforms. Includes a kernel, scheduler, and networking stack. Supports remote update and remote login. Incorporates a sleep mode for power savings. Refer to: Sha, Carlson, et al. Mantis OS: An Embedded Multithreaded Operating System for Wireless Micro Sensor Platforms. ACM Digital Library. 

Nano-RK

Tailored for surveillance and environmental monitoring applications. Supports energy-efficient mode of operation and preemptive multitasking. Runs on 2 KB RAM and 18 KB ROM.

Lite-OS

Supports a wirelessly accessible shell and a remote debugging system. Runs on 10 KB.

FreeRTOS

A general purpose RTOS. Supports add-on TCP networking and secure communications (TLS). Implementers can use cryptographic libraries such as WolfSSL with FreeRTOS. 

SapphireOS

Supports mesh networking and device discovery. Includes Python tools and a RESTful API server. 

BrilloOS

Runs on 32 to 64 MB RAM and optimized for consumer/home-based IoT devices. 

uCLinux

Embedded Linux supports a variety of user applications, libraries, and tools. Learn more about uCLinux at http://www.uclinux.org/pub/uClinux/FAQ.shtml.

ARM Mbed OS

Incorporates a supervisory kernel (uVisor) that supports creation of isolated security domains on ARM Cortex M3, M4, and M7 MCUs with a Memory Protection Unit (MPU). Refer to https://www.mbed.com/en/technologies/security/uvisor/.

RIOT OS

Runs on 8-, 16-, and 32-bit platforms. Includes TCP/IP stack and supports 6LoWPAN, IPv6, UDP, and CoAP. Supports multithreading and requires 1.5 KB RAM and 5KB ROM. 

VxWorks

Here are the two versions (VxWorks and VxWorks+). Includes optional add-on security profile with secure partitioning, secure boot, secure runtime, loader, and advanced user management. Supports encrypted containers and secure networking. 

LynxOS

Supports TCP/IP, IPv6, and cellular communications. Supports 802.11 WiFi, ZigBee, and Bluetooth. Includes encryption support, access controls, and auditing and account management features. 

Zephyr

Open source designed for resource-constrained systems. Project included a heavy focus on secure development practices. Implements nano-kernel and micro-kernel and supports Bluetooth, Bluetooth-LE, and 802.15.4 6LoWPAN. 

Windows 10 IoT

Supports bitlocker encryption and secure boot. Includes DeviceGuard and CredentialGuard features. Supports updates through Windows Server Update Service (WSUS). 

QNX (Neutrino)

Operating System often used in vehicle infotainment systems. Includes security features such as sandboxing and fine-grained access controls.

Ubuntu Core

A read-only root file system, security sandbox for applications and separate (independent) update of applications from the OS. Allows categorization of applications as trusted or untrusted and supports Unified Extensible Firmware Interface (UEFI) secure boot. Learn more at https://developer.ubuntu.com/en/snappy/guides/security-whitepaper.

OpenWRT

A popular open source OS used often in wireless routers. 

GreenHills IntegrityOS

A higher-assurance operating system.

Many IoT device profiles are shrinking to small but powerful SoC units, capable of running a variety of secured-boot operating systems, featuring strict access controls, process isolation, trusted execution environments, kernel separation, information flow control, and tightly integrated cryptographic security architectures. Safety-critical IoT devices employ RTOS that meet industry-specific standards. Examples of these include the following:

DO-178B

: Software considerations in airborne systems and equipment certification for avionics systems

IEC 61508

: Functional safety for industrial control systems

ISO 62304

: Medical device software

SIL3/SIL4

: Safety integrity level for transportation and nuclear systems

Other critical security attributes pertain to security configuration and the storage of security sensitive parameters. Often configuration settings that are applied to an operating system are lost upon power cycle without battery-backed RAM or some other persistent storage. In many instances, a configuration file is kept within persistent memory to provide the various network and other settings necessary to allow the device to perform its functions and communicate. Of even greater interest are the handling of the root password, other account passwords, and the cryptographic keys stored on the devices when the device is power-cycled. Each of these issues has one or more security implications and requires the attention of security engineers. 

Gateways

End-to-end connectivity between edge devices and web services may be provided by a series of physical and cloud gateways, each aggregating larger quantities of data. Dell, Intel, and other companies market IoT gateways. Companies such as Systech offer multi-protocol gateways that allow for many types of IoT devices to be connected together, using multiple antennas and receivers. There are also consumer-focused gateways, also called hubs, available in the commercial market, that support smart home communications. The Samsung SmartThings hub is one example of this.

IoT integration platforms and solutions

Xively, ThingSpeak, and others offer flexible development solutions for integrating new IoT devices into enterprise architectures. In the domain of smart cities, platforms such as Accella and SCOPE, a smart-city cloud-based open platform and ecosystem, offer the ability to integrate a variety of IoT systems into enterprise solutions.

These platforms provide APIs that IoT device developers can use to build new features and services. Increasingly, IoT developers are incorporating these APIs and demonstrating ease-of-integration into enterprise IT environments. The ThingSpeak API, for example, can be used to integrate IoT devices via HTTP communications. This enables organizations to capture data from their sensors, analyze that data, and then take action on that data. Similarly, AllJoyn is an open source project from the AllSeen Alliance. It is focused heavily on interoperability between IoT devices, even when the devices use different transport mechanisms. As IoT matures, disparate IoT components, protocols, and APIs will continue to be glued together to build powerful enterprise-wide systems. These trends beg the question of just how secure these systems will be.

Connectivity

The IoT connectivity layer is ripe with competition. There are many competing communication and messaging standards that can be used within an IoT system.

Transport protocols

Both the Transport Control Protocol (TCP) and the User Datagram Protocol (UDP) have a place in an IoT system. REST, for example, is TCP-based, and MQTT was designed to work with TCP. However, the need to support temporal and bandwidth constrained networks and devices has resulted in a move away from TCP and toward the use of the UDP. For example, MQTT-SN is a tailored version of MQTT that works with UDP. Other protocols such as CoAP are also designed to work well with UDP. Given the significant reliance on UDP at this layer, protocols such as Datagram Transport Layer Security (DTLS) exist as an alternative to Transport Layer Security (TLS), used for securing TCP communications.

Network protocols

IPv4 and IPv6 both play a role at various points within many IoT systems. Tailored protocol stacks such as IPv6 overLow Power Wireless Personal Area Networks (6LoWPAN) support the use of IPv6 in the network-constrained environments that many IoT devices operate within. Furthermore, 6LoWPan has been designed to support wireless internet connectivity at lower data rates for devices with very limited form factor. 

In addition to this, 6LoWPAN builds upon the 802.15.4 Low Rate Wireless Personal Area Networks (LRWPAN) specification to create an adaptation layer that supports the use of IPv6. The adaptation layer provides features that include IPv6 and UDP header compression and support for fragmentation, allowing support for sensors in a variety of uses, including building automation and security. Using 6LoWPAN, designers can take advantage of the link encryption offered within IEEE 802.15.4 and can apply transport layer encryption, such as DTLS.

Data link and physical protocols

Radio Frequency (RF) protocols such as Bluetooth Low Energy (BLE), ZWave, and ZigBee support communication between IoT devices or with gateways that then use protocols such as LTE or Ethernet to communicate with the cloud. Tjensvold, Jan Magne, Comparison of the IEEE 802.11, 802.15.1, 802.15.4, and 802.15.6 wireless standards, September 18, 2007. URL https://janmagnet.files.wordpress.com/2008/07/comparison-ieee-802-standards.pdf.

In the energy industry, WirelessHART and Power Line Communication (PLC) technologies such as Insteon are used for device connectivity. PLCs are routed directly over existing power lines, enabling power-connected devices to be controlled and monitored—refer to http://www.eetimes.com/document.asp?doc_id=1279014. PLC is implemented in support of both home and industrial use cases.

IEEE 802.15.4