Industrial IoT (IIoT) has steadily gained popularity in recent years with more and more users migrating to digitized equipment and smart operations. As an increasing amount of IIoT equipment comes online, many unsecured items will be vulnerable to remote software assaults. Inadequate security gives hackers the opportunity to brick and commandeer a device to help build botnets. These malware networks introduce unauthorized code, steal data, or exploit their hosts through some other means. Because device manufacturers want to safeguard their reputations, their IIoT devices must be secure. With more laws, regulations, and standards being created in this vein, security cannot be imposed as an afterthought. This is where "hardware root of trust" comes into play.
IoT or "Internet of Things" is the interconnection of billions of devices between them or through clouds. These fleets of connected systems exchange tremendous amounts of data and their alteration or leakage have impact in both retail (IoT) and industrial (IIoT) worlds. We immediately understand the ideal target that these connected 'things" represent for hackers in terms of threat on the usual triad of "Confidentiality, Integrity and Availability".
Indeed, a non secured device can be counterfeited, used to leak or modify data, as a bridge to go deeper in a network or as part of a larger scale attack (DDOS). The authentication, encryption or signature mechanisms provided by asymmetric cryptography help developers to provide secure communications and authentication processes between connected objects. Those mechanisms help also to protect embedded firmware and software from non-wanted modification.
Nowadays, it appears essential to implement authentication, encryption, and signature mechanisms, not only between connected objects, but also between the electronic components of the objects themselves. IoT and IIoT must be secured by design. Information must be able to be exchanged confidentially between components, and each component must be able to ensure that the information it receives from the previous one is legitimate.
Root of trust establishes the secure process boot up chain, called "Chain of Trust", used to validate software and hardware used on the device. If the credentials used to implement the initial piece of code are verified, each successive piece of code executed is trusted. A strong root of trust consists of identity and cryptographic keys rooted in the hardware of a device. This establishes a unique, immutable, and unclonable identity to authorize a device in a network. It enables a secure boot process using keys for cryptographic operations, ensuring the authenticity of firmware and software until the OS (Operating System) is loaded.
Hardware root of trust can help with a range of security issues that are primarily divided into pre-boot and post-boot. Pre-boot can use a computer chip called a Trusted Platform Module (TPM) to verify/measure integrity and secure the boot process from low-level malware. TPM assists with a variety of activities during post-boot, including root of trust for authentication. Systems that deploy hardware root of trust will use a unified extensible firmware interface (UEFI), which offers options such as “Secure Boot” that help prevent attacks or infection from malware.
Where lines of code, OS and user interface may be altered, the data engraved in the silicon is resistant to change. Hardware root of trust can be assigned to a "Secure Element" type chip which can, on one hand, store information in a secure and immutable (non-modifiable) manner, and on the other hand, perform cryptographic operations (generation of random numbers, encryption, decryption, signature, etc.). An encrypted channel ensures the secure communication between the Secure Element and the main processor.
At Ewon, the security of our remote solutions is at the heart of our concerns. This is why the latest generation of Ewon Cosy gateways, namely the Cosy+ range, has been designed with an embedded Secure Element that ensures hardware root of trust. These gateways are thus totally secure by design.