IoT Deployment Security Challenges to Maintain Endpoint Integrity

The IoT is changing the way we interact with devices, organizations, and each other. At the same time, it opens new avenues for security incursions, with more complex and far-reaching connections between devices, software, networks, the cloud, and enterprise systems.

IoT Deployment Security Challenges to Maintain Endpoint Integrity
IoT Deployment Security Challenges to Maintain Endpoint Integrity. Photo by Ben Kolde on Unsplash

Companies must approach security as one of the critical requirements for IoT deployments. More than ever, we must continually assess, improve, and enhance security efforts. While each vertical industry has specific and different security concerns, they also share common challenges; one such challenge is maintaining endpoint integrity.

Read on this article to learn:

  • Why endpoint integrity matters
  • Actions you can take to bolster endpoint integrity
  • How to make security a process of continuous improvement

Table of contents

Why Endpoint Integrity Matters
Why Maintaining Endpoint Integrity in the IoT is Difficult
Accessibility
Long Service Life
Operational Constraints
So, What Do We Do?
Security is a Journey, Not a Destination

The Internet of Things (IoT) has enabled organizations to leverage connected devices to optimize operations, identify and respond to problems in real-time, and provide innovative new services. The IoT is changing the way we interact with devices, organizations, and each other.

At the same time, the IoT opens new avenues for security breaches, with more complex and far-reaching connections between components such as devices (hardware), software, networks, the cloud, and enterprise systems. Not only does each component represent an opportunity for exploitation, but as technologies and deployments change, they bring new threats to each component and the overall IoT ecosystem.

Companies must approach security as one of the critical requirements for IoT deployments. More than ever, we must create opportunities for companies to continually assess, improve, and enhance security efforts. While each vertical industry has specific and different security concerns, they also share common challenges; one such challenge is maintaining endpoint integrity.

Why Endpoint Integrity Matters

IoT networks comprise anywhere from hundreds to millions of devices. In aggregate, a report from Gartner Inc. estimates there are nearly 21 billion IoT devices today. Compromising an IoT device allows an attacker to disrupt or disable not only the function of the device itself but the networks and systems the device is connected to. For example, if a device is trusted to communicate with the corporate intranet, an attacker can exploit that trust to infiltrate the site, stealing confidential information, or sabotaging corporate systems.

Insufficient numbers, even seemingly benign consumer devices can turn into powerful weapons. In late 2016, thousands of such devices were enlisted into the Mirai botnet and used to conduct massive Denial of Service (DDoS) attacks that disabled several internet services and severely strained the service providers hosting them.

Why Maintaining Endpoint Integrity in the IoT is Difficult

IoT endpoints represent a vulnerable target due to the following:

Accessibility

Many IoT devices are deployed outside normal IT security perimeters. They could be installed at remote or unsecured locations, making them vulnerable to theft and/or tampering. Furthermore, if a device is inexpensive and easy to buy, hackers can learn how to extract data by purchasing a unit via legitimate channels.

When owners of cars, laptops, smartphones, and connected appliances notice theft or tampering, they can take steps to revoke credentials and limit the damage. However, it’s much harder to keep track of devices such as sensors deployed along thousands of miles of pipeline or even thermostats in large hotels and office buildings.

Long Service Life

Compared to personal electronics such as cellphones, tablets, and laptops which users tend to replace every few years, IoT devices for industrial applications must deliver long service life cycles, as long as 10 to 15 years, as cost-effectively as possible. Therefore, even if a newly installed device contains the latest security features available at the time of manufacture, over its lifespan it will become increasingly vulnerable, either due to the discovery of implementation flaws or from advances in brute-force attack methods.

Operational Constraints

The IoT is comprised of devices across a wide spectrum of capabilities, from those with high-end processors, such as PCs, smartphones, and major appliances, to low-cost sensors. It is safe to assume that in a world with 20 billion or more IoT devices, the vast majority of those will fall into the low-end range. Such devices at the endpoints of an IoT network are the most vulnerable because they:

  • Lack of sophisticated security components such as cryptographic accelerators and secure elements, making it difficult to implement a robust hardware root of trust.
  • Operate under severe bandwidth constraints, making it difficult to deploy security patches or tolerate PKI and crypto overhead.
  • Operate under severe power constraints – some new LPWA devices are intended to run for up to 10 years on a AA battery – making it difficult to do anything other than the device’s core function. Downloading and installing firmware updates, computing hashes to validate code integrity, and performing complex key exchanges all mean that the radio and/or processor have a much higher duty cycle, which severely impacts battery life.

So, What Do We Do?

While the challenge is a daunting one, some steps can be taken to bolster endpoint integrity.

  1. Ensure your device only runs authentic code. Deploy your critical code in read-only storage and use Secure Boot to verify its authenticity using a hardware root of trust. Not only does this make it much harder to inject malware, but it also makes it harder for hackers to experiment with devices to learn what vulnerabilities exist within the authentic code. For example, in 2015, IT security firm IOActive learned how to exploit unmodified code running in Jeep infotainment units by first deploying unauthorized test software on the devices to see what they were capable of.
  2. Ensure firmware updates are deployed by authorized sources. Nothing is secure forever and, by extension, you cannot secure what you cannot update… securely. Secure Firmware Update ensures that update packages delivered to the device come from an authorized source before the installer begins processing them. This is important because the installer itself may have vulnerabilities that can be exploited by a carefully crafted update package. Secure Firmware Update should also include anti-rollback protection to ensure an attacker can’t install an old “authentic” release to take advantage of vulnerabilities that have been patched in newer releases.
  3. Reduce the attack surface. Remove unnecessary code. Disable unnecessary services. Ideally, an IoT device should have no open listening ports on any network interface, relying on device-initiated connections to the cloud or other service platforms. And don’t forget to secure or, better yet, disable local ports – while local attacks on individual devices are inherently more expensive than network attacks and thus less attractive to a hacker, the truth is that many network vulnerabilities are discovered through local experimentation. It will be easy for hackers to get their hands on your device. Don’t make it easy to break in when they do.
  4. Deploy layered end-to-end security. Make sure all device communication is mutually authenticated and uses strong encryption, and then add layers of protection. Use a private APN to whitelist the services your devices can talk to, and add a layer of encryption from the cellular network to the cloud platform to hide your device communications. The private APN also serves as a firewall blocking communication to your devices, but make sure you have a device firewall as well, in case someone compromises the private APN. If your device communicates through a gateway, make sure there is also a firewall there, and perhaps a VPN from the gateway to your cloud platform. Individual protection mechanisms can fail, so use as many layers as you can.
  5. Reduce the incentive. Make sure that if an attacker does manage to compromise your device, there is nothing of value beyond the scope of that device. Most importantly, don’t rely on global shared credentials. Hackers are business people too; if you have properly secured against network attacks and ensured that there is nothing of value to be obtained by a local attack, you tip the cost/benefit assessment in your favor and make your devices less interesting.

Security is a Journey, Not a Destination

You may not be able to implement all the recommendations above right away or in every scenario, but the important thing is to embrace a spirit of continuous improvement:

Assess: Identify your security weaknesses and prioritize them.

Improve: Address your top priorities.

Repeat: Do it all over again, taking into account changes in the threat landscape, new security tools and techniques, and the evolution of your products and services.

Source: Sierra Wireless