Don?t Let the IoT Botnets Disrupt Your Embedded System

August 20, 2018


Don?t Let the IoT Botnets Disrupt Your Embedded System

The proliferation of the IoT and its seemingly unlimited connected devices provides a virtual playground for attackers. Make sure your system is locked down.

With the expectation that within just a few years the number of deployed IoT nodes will be measured in many tens of billions, ensuring that sufficient security is installed represents a challenge of genuinely huge proportions. There’s a multitude of potential threats to IoT network infrastructure constantly looming, but among the acutest of these is the one posed by botnets.

In simple terms, a botnet is a collection of connected devices that have been compromised through exposure to malware. Consequently, they can form the basis through which a third party can launch a variety of attacks that could gain network control, cripple its operational effectiveness, or allow access to sensitive data. Back in 2016, a high-profile botnet attack, which became known as Mirai, resulted in a large proportion of the United States’ eastern seaboard being without Internet access for more than a day. Here, a distributed denial-of-service (DDoS) attack was to immerse servers in a sea of erroneous data traffic.

The widespread proliferation of IoT connected devices for tasks ranging from industrial automation to smart homes, from traffic congestion management to environmental monitoring, will have considerable benefits to modern society. However, it also means that opportunity for security vulnerabilities to be exposed will increase dramatically. Hence, my objective here is to detail the most effective methods to protect such devices.

In many cases, IoT design projects don’t put enough emphasis on security. This can be due to time-to-market pressures, or those carrying out the design having a lack of relevant expertise. IoT deployments are also often based on the reuse of software and hardware components, to simplify the design process or keep bill-of-materials costs in check. This practice can have repercussions in relation to security.

Given that many IoT hardware devices require both low power and low cost, putting adequate security in place is often difficult. Each IoT node will only have processing and memory resources needed to cover the function for which it’s been deployed, with little or no additional headroom available. Such nodes are not armed with the same degree of protection that would be featured in a PC or network server (which would have its own anti-malware detection and firewall filtering).

Operating-system (OS) access can hinder malware infection detection within embedded devices. Instead of being able to interface with the OS directly, monitoring activities must be done through more limited means such as web browsers or apps. Moreover, most embedded hardware relies on some form of Linux, which though popular has clear security shortfalls (unless appropriately patched, configured, and hardened) and is thus relatively easy for unauthorized third parties to breach.

Figure 1 details how to develop a multi-layer security protection structure that’s suitable for resource-constrained embedded system designs (such as those used in an IoT context). It describes how IoT nodes, the data storage reserves, the supporting network, and finally the ecosystem as a whole can all be secured effectively.

1. Implementing a multi-layer security structure to protect against botnet attacks.

Employing a secure boot process and establishing a hardware-based root-of-trust is pivotal in ensuring that IoT nodes maintain long-term operation in a known and secure state and that any data that they hold is not accessible to unauthorized parties. Also, appropriate authentication mechanisms must be put in place to safeguard against the threat posed by invalid over-the-air (OTA) firmware updates, as this can be a way for hackers to compromise an embedded system.

Secure connectivity should be established between the nodes and other systems (such as cloud-based services) in the network that connects these IoT nodes. This can be done through data links that utilize cryptographic protocols like transport layer security (TLS), and where possible, IoT nodes should only be connected in environments where firewalls are in place. This allows for all incoming traffic to be inspected thoroughly and potential threats identified accordingly. Using DDoS mitigation services is also highly recommended. From a data storage perspective, measures must be taken to prevent critical data from being accessed, so sophisticated authentication and physical anti-tamper mechanisms are called for.

Though until now security has often been unwisely considered an afterthought, things need to change. The time has come for it to be a core priority in all IoT system deployments, and this must begin at the hardware level. A secure on-chip database is needed to store cryptographic keys, but this will have serious cost implications in IoT applications. Incorporating a security stack into the system’s microprocessor/microcontroller will again raise issues, bringing compute-intensive operations with it that will directly impact system performance due to the limited processing resources available. Consequently, the hardware security solutions that would be highly effective outside IoT aren’t necessarily suited here.

An alternative is to specify a dedicated security IC to accompany the system microprocessor/microcontroller. Such ICs offer an optimized way to address the whole security issue, with the hardware key storage, cryptographic acceleration, and TLS hardening capabilities that IoT systems require.

2. The Microchip ATECC508A security device.

Compatible with all of Microchip’s microprocessor/microcontroller portfolio, the company’s ATECC508A is a cost-effective and energy-efficient security IC that integrates the latest elliptical curve cryptography (ECC) algorithms (Figure 2). It’s optimized to provide the authentication needed to defend IoT nodes against botnet incursions, with the capacity to store up to 16 keys (each of 256-bit length) in its 10-kbyte EEPROM. The IC can be supplied in either an 8-lead SOIC or an 8-pad UDFN package.

Maxim’s MAXREFDES143 reference design protects IoT sensor nodes by carrying out authentication/notification to the connected web server and thereby offloading these tasks from the core system so that it can concentrate on other matters (Figure 3). This comprises a small mbed shield with a DS2465 coprocessor, a DS28E15 authenticator, an LCD, and an array of sensors. It communicates with the web server through the integrated WiFi module and with the protected sensor node via the I2C and 1-Wire interfaces. A 256-bit SHA cryptographic hash algorithm is employed for symmetric key authentication.

3. Shown is Maxim’s MAXREFDES143 reference design.

A plethora of industry sectors will benefit from the large-scale deployment of IoT nodes, provided sufficient security mechanisms are installed to prevent botnet attacks from taking hold. The power, space, cost, processing and memory limitations that each IoT node is subject to means that more streamlined approaches need to be taken, that while effective do not represent to heavy an overhead. Innovative IC solutions, such as the ones just described have the ability to meet all of these criteria.

Rudy Ramos is the project manager for the Technical Content team at Mouser Electronics and holds an MBA from Keller Graduate School of Management. He has over 30 years of professional, technical and managerial experience managing complex, time critical projects and programs in various industries including semiconductor, marketing, manufacturing, and military.