Cost-Effective Hardware Security for the Home-Automation Market
January 02, 2019
The connected home offers the possibility of lower utility bills, greater comfort, and more effective security for owners and their families, but cyber-protection challenges must be addressed.
The connected home offers the possibility of lower utility bills, greater comfort, and more effective security for owners and their families, but the challenges surrounding cyber-protection must be adequately addressed.
For homeowners, the ability to adjust lights and heating using a mobile device, from inside the home or remotely across the internet, can allow much tighter control over energy consumption, especially when combined with occupancy detectors to add autonomous smart-home functionality into the mix. Security can also be upgraded from traditional intruder alarms, which neighbors may easily dismiss as mere "noise nuisance," by making sophisticated capabilities such as remote surveillance more cost-effective and easier to install than ever before. With the emergence of affordable Cloud-based AI, the possibility to capture and store frames of interest off-site, and apply facial-recognition algorithms, adds an extra deterrence for would-be thieves.
On the other hand, homeowners contemplating investing in this technology may themselves be deterred by the prospect of cyber-attacks against the connected-home infrastructure (figure 1). Such exploits may aim to steal sensitive information, disable equipment such as smart locks or security cameras, or cause systems such as heating, ventilation, or smoke alarms to malfunction. Providers of home-automation equipment and services need cost-effective solutions to help strengthen their products against such cyber threats.
A cyber-attack can target any part of the smart-home infrastructure. The target could be a Wi-Fi connection between a node like a video camera and the central smart-home gateway responsible for managing multiple devices such as intrusion detectors, emergency sensors, remote thermostat programming, or connected lighting. If the gateway is not equipped to check for security credentials, a hacker entering the scene with a Wi-Fi transceiver could gain access to the gateway through the camera connection. The camera connections is a critical vulnerability that compromises the smart home’s security.
If the gateway can challenge devices attempting to connect, it is possible to block the casual or opportunistic hacker who does not have the credentials to access the system. However, smarter or more organized hackers may attempt to analyze, decode, or sabotage connected-home systems.
Reported attacks on devices like thermostats and surveillance cameras show how hackers can exploit inadequately protected nodes to steal security keys that control access to other parts of the network.
In addition, as software-based security solutions become increasingly complex, applying updates or security patches to devices such as security cameras, which must remain operational continuously for long periods, can be difficult and cumbersome.
To be accepted in the marketplace, security measures must be effective within tight limits on cost, memory, and power consumption that constrain typical IoT devices. Also, security should be practically transparent from the end user's standpoint. Hardware-based security solutions are emerging, which can overcome these types of challenges. Equipment designers now have several options at their disposal, to prevent cyber-criminals hacking into smart homes and buildings.
Trusted Computing Goes Embedded
To prevent malicious agents connecting rogue devices to the network, or tampering with the software of legitimate devices to corrupt or take over their functionality, secure system-on-chip (SoC) devices are emerging that enable simple, smart objects to establish an immutable identity that can be neither altered nor copied. Bringing trusted-computing principles to the IoT, the device can be programmed with its own identity at manufacture, and customers can load cryptographic keys and digitally signed code within a controlled, secure environment. Keys are stored in a protected area of silicon that is not externally addressable and is resistant to physical attack.
Secure boot, leveraging industry-standard cryptographic algorithms implemented in hardware, enables the device to check the credentials of software and firmware attempting to load at boot time and prevent the code from running if the digital signature does not check out (figure 2). Similar mechanisms verify any software or firmware updates received over the air.
Preventing unauthorized code from running creates a root of trust that enables devices to authenticate themselves when connecting remotely to a network, and to interact safely with other connected devices. The code can be stored on the device in encrypted form, to prevent inspection or reverse engineering, and the device can also handle encrypted communications to combat interception (figure 3).
A variety of secure ICs from various manufacturers are on the market now, and give designers the option of selecting a device to operate as a security co-processor (or embedded secure element) providing security services to the main host processor, or to act as a standalone microcontroller handling both security and application-level functionality.
Protecting the Connection to the Cloud
Fast-acting, power-efficient, and tamper-proof hardware present an effective solution to securing small home-automation devices such as sensors or cameras, and their links to connected gateway devices. Other attack surfaces remain vulnerable, however, such as the connection between the home gateway and the Cloud. Hence there is a strong need to secure data from smart appliances like refrigerators, ovens, or washing machines, as it is transmitted to a web server or a Cloud service, like Amazon Web Services (AWS) for storage and analysis. From this, we can see that Device-to-Cloud authentication is also vitally important to keep home automation environments safe and secure. Transport Layer Security (TLS) is an ally here, providing authentication and encryption services for smart-home nodes so that data passing between a client and web server is always encrypted.
Software-based TLS, however, can be vulnerable to attacks by hackers and spoofs who may try to break into memory and steal sensitive data by exploiting software bugs. Security co-processors that implement TLS implementation stacks such as a Secure Socket Layer (SSL) like OpenSSL or wolfSSL in hardware, as well as storing private keys, certificates, and sensitive data, can help shut down these opportunities. In addition to providing a straightforward and convenient means of overcoming software vulnerabilities, this approach also accelerates authentication each time a device such as a smart appliance or smart meter utilizes a TLS mechanism to secure a link to the Cloud.
The emerging generation of embedded secure element or co-processor chips aimed at cost-conscious IoT applications such as home and building automation can cost less than 50 cents, yet provide robust protection against numerous remote threats as well as physical attacks.
Efficiently featured to support secure boot, as the first line of defense against attempts to corrupt the embedded code or operating system, they provide a means of establishing a hardware root of trust in small, resource-constrained smart objects like door locks, smoke sensors, wireless security cameras, and motion and contact sensors.
With secure key storage built-in, loading cryptographic keys within a controlled environment —often coordinated by the chip manufacturer —allows pre-programming without any need to expose secrets such as ciphers or OEM code. Moreover, cryptographic hardware accelerators supporting industry-standard algorithms protect data exchanged across the smart-home network.
As cyber-attacks against home automation and connected IoT assets become more sophisticated, the emergence of affordable hardware-based security chips that provide mutual authentication, secure updates, and firmware monitoring could give consumers the confidence they need to begin exploring the many benefits of smart-building automation.
Rudy Ramos is the project manager for the Technical Content Marketing team at Mouser Electronics and holds an MBA from Keller Graduate School of Management. He has over 30 years of professional, technical and managerial experience managing complex, time critical projects and programs in various industries including semiconductor, marketing, manufacturing, and military. Previously, Rudy worked for National Semiconductor, Texas Instruments, and his entrepreneur silk screening business.