acm-header
Sign In

Communications of the ACM

ACM News

Foiling IoT Hackers


View as: Print Mobile App Share:
NanoLock says its solution secures end-to-end communications between host processors and Internet of Things flash memories.

The greatest security threat today may be to Internet Of Things devices.

Credit: NanoLock Security

Cybersecurity malware is already fleecing industry with ransomware, breaching government computers with espionage spyware, infecting personal computers (PCs) with malicious bots, and the situation is getting worse, according to Better Cybersecurity—A New Blueprint, a document authored by the Better Cybersecurity Coalition, a group of experts who say, "The cybersecurity situation is deteriorating. With rapid technological innovations, adoptions, and geopolitical developments, the situation is only going to get worse, much worse."

Already, academic institutions like Penn State Berks have started offering degrees in cybersecurity software. North Carolina State University (NCSU) teaches hardware engineers how to design root-of-trust electronics (a trust anchor) for secure cryptographic operations, according to Aydin Aysu, an NCSU assistant professor in the department of electrical and computer engineering. Aysu teaches a course for hardware engineering students entitled "Teaching the Next Generation of Cryptographic Hardware Design to the Next Generation of Engineers."

The greatest security threat today, however, is to Internet Of Things (IoT) devices, according to NCSU associate professor Terrence O'Connor, co-author of "Blinded and confused: uncovering systemic flaws in device telemetry for smart-home internet of things," which received the Best Paper award at the 2019 ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec 2019). According to O'Connor, the Internet of Things provided hackers with a new route for breaking into smart home networks. O'Connor and colleagues at NCSU found security flaws in 22 out of 24 widely used IoT devices, and demonstrated how they could be exploited by malicious tools freely downloaded from Hack Forums.

Said O'Conner, "What IoT devices need is a secure tunnel that prevents these hacker tools from determining data packets' inter-arrival timings and frame sizes, thereby preventing identification of the device's signal."

According to Santa Clara, CA-based IoT security vendor NanoLock Security, its communications software, combined with Micron Technology, Inc.'s flash-memory based Authenta hardware, can provide such a secure tunnel. NanoLogic partnered with Micron to locate the root-of-trust cybersecurity hardware on a direct memory accessible (DMA) flash chip, bypassing the processor.

Others chipmakers, like Intel, have located their root-of-trust cybersecurity hardware on the processor chip, which hackers have infected with Meltdown and Spectre. Locating the secure root-of-trust in the flash chip blocks malware even in infected host processors, according to Rik Turner, principal analyst for infrastructure solutions at Ovum, a division of Informa PLC in London. "Rather than locating the security hardware logic on the processor chip, NanoLock's solution locates the security logic circuitry inside the flash memory, where it blocks overwrite, modification, manipulation, erasure, and ransomware [as well as] attacks on boot images and critical applications," said Turner. "This clearly also entails blocking control of the flash by its own host processor."

Until now, flash makers had attempted to bypass infected processors by locating their hardware roots-of-trust on one-time programmable (OTP) nonvolatile memories (as is the case for Cypress), or on application specific integrated circuits (ASICs) such as Rambus' Cryptomanager RISC-V processor (as is the case for Winbond). However, NanoLock reports that besides Micron, it also has partnered with both Cypress and Winbond to relocate their secure root-of-trust hardware to flash chips.

Micron's Authenta is the first implementation of what partner NanoLock aims to make a new standard in secure memory architectures—that is, pin-for-pin compatible with today's flash memories.

Flash makers like Micron already are serializing each flash memory chip they make, allowing them to be used by original equipment manufacturers (OEMs) like normal flash during design, development. and debugging of an end-user IoT device. Once that is completed, the hardware security features are activated by the OEMs themselves when they log into the key-management system (KMS) at Micron.

"All Micron's security logic circuitry is totally housed on our newest flash memory chips," said Jeff Shiner, director of IoT and Security Solutions at Micron. That is only byte-addressable NOR flash now, but soon will be available on block-addressable NAND flash, too. Said Shiner, "Flash is becoming a new category of security element, protected even if their own processors are running hacker code. For instance, a secure boot can be performed entirely by the logic on an Authenta flash, since its logic circuitry manages all memory operations."

NanoLock's Management of Things (MoT) software is adapted for each OEM in order to establish a secure root of trust for in-the-field IoT devices that are constantly monitored by MoT, according to NanoLock chief technology officer Nitzan Daube. "NanoLock works with each IoT OEM to immunize its devices from hacks intended to uncover security flaws being used to protect all an OEM's customers," said Daube.

OEMs using MoT software provision their secure flash IoTs with software updates while simultaneously monitoring and protecting them 24/7 from hacker attacks. MoT alerts OEMs in real time whenever an attack is attempted, without alerting the hacker, according to Daube. MoT then records forensic evidence from the unwary hackers—in the manner of a honey pot sting operation.

"No security system is ever completely foolproof, but our use of real-time forensics introduces the hope that hackers' future moves can be anticipated and countered before they succeed. If successful, that will turn the tide of cybersecurity—making it preemptive, rather than reactive as it is today," said Daube.

To lull hackers, NanoLock uses a key-in-lock method that allows a one-time key to be sent to the IoT device which, when detected by the secure root-of-trust hardware logic on the flash chip, allows the software update to be written to protected memory. After the update is communicated, the single-use key for future updates is changed, so hackers cannot reuse it to insert their own malware.

Besides the Internet, NanoLock is also serving the automotive industry on Controller Area Networks (used mainly for automobiles), Universal Serial Buses (USBs, used mainly for computer peripherals), Bluetooth (used mainly for nearby wireless connections), and even proprietary communications protocols such as those used by the military, national security agencies, and financial institutions.

"NanoLock also has use-cases in static devices such as CCTV [closed circuit television], surveillance cameras, smart meters, routers, and connected cars," said Turner.

Microsoft has also jumped on the bandwagon (without the help of NanoLock) by likewise using Micron's Authenta flash memories as a secure root of trust, but only for IoT devices using its Azure cloud-based Device Provisioning Service (DPS).

R. Colin Johnson is a Kyoto Prize Fellow who has worked as a technology journalist for two decades.


 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account