Earlier this month, we exhibited at the Internet of Things Developers Conference (IoT DevCon) held at the Santa Clara Convention Center. The conference was a great opportunity for us to meet engineers involved in product development, system design, embedded software, embedded devices and intelligent communications for the IoT. Wherever we turned, over the course of the conference, we found that security was very much on the minds of conference participants.
Asaf Chen, Arm’s Vice President of Marketing for Security IP probably spoke for many at the conference when he stated that “without solving security, the IoT will not reach the scale or have the impact it can or should.” Indeed, recent IoT security breaches impacting a wide range of IoT devices from cars to baby monitors were widely shared at the conference, with many presenters noting the very real threat that security vulnerabilities could limit the growth of the IoT.
And because this was a developer’s conference, and engineers like to solve problems, several presenters and exhibitors shared their approaches to security. While generally noting that there is no ‘silver bullet’ when it comes to security, many presenters stressed the importance of implementing secure boot to enable initial trust for an IoT device and device level authentication to protect against device spoofing. Implementing such security requires the product to perform cryptographic operations.
The traditional approach to implement cryptography–which was implied in a number of the presentations we listened to at the conference–involves including a cryptographic coprocessor chip to interface with the main microcontroller. To validate a digital signature in such a design, the microcontroller sends the signature, signer’s public key, and message to the coprocessor; the microcontroller then reads back the result as to whether the signature was valid or not. While this approach is certainly better than doing nothing for security, it has weaknesses. First, it introduces a potential security vulnerability that the coprocessor approach exhibits: the microcontroller communicates with the coprocessor chip using an industry standard SPI or I2C data bus. An attacker with physical access to the IoT product can easily inject false data onto the bus that the microcontroller acts on as if it came from the “trusted” coprocessor chip. Additionally, with added hardware comes added cost and complexity, a real challenge for low-cost IoT devices.
We highlighted our alternative approach to implement cryptography at the conference. Our approach includes cryptographic libraries within the product’s main microcontroller. When the microcontroller needs to validate a digital signature that a remote device has sent, it calls into the crypto library residing within its own firmware. This method for implementing cryptography improves security by eliminating a point of entry for the would-be attacker. Additionally, our method’s simplicity offers developers cost and implementation savings by not requiring an added coprocessor. Finally, our method does not require a network connection, ensuring broad applicability in a variety of environments. Our approach is possible because of the computational efficiencies of our security platform, Group Theoretic Cryptography (GTC). With GTC, and the underlining efficiency of its mathematics, product developers now have a simpler, safer and less expensive cryptographic method that can fit into a resource constrained IoT product’s main microcontroller.