How to ensure that vulnerabilities in networked devices do not cause the entire organization to appear 瘫痪

Text | Jeff Shiner Director, IoT Solutions, Micron Technology

On June 27 this year, a variant of the ransom virus called Petya began to wreak havoc again. The virus spread rapidly, and WPP, the world's largest communications group, was unfortunately recruited, and many of its companies were urgently shut down to prevent electronic devices from being infected.

How do you ensure that a vulnerability in a networked device does not cause the entire organization to crash? If you start with storage, can you provide more comprehensive protection for the Internet of Things? Take a look at the answer from Jeff Shiner, Director of Internet of Things Solutions at Micron Technology.

The technology industry is still plagued by large-scale WannaCry cyber attacks, and individuals and IT teams have to do their best to patch devices that run a very popular Microsoft operating system with known vulnerabilities in the system.

The attack hit the Spanish telecommunications company and the National Health System (NHS), not only infecting computers, but also affecting other connected devices in the NHS, such as MRI scanners, blood storage refrigerators and operating room equipment.

Unfortunately, this is not an individual event. Think about it:

Last fall, a malware called Mirai invaded DVRs, IP cameras and other devices around the world, launching major malware attacks, including distributed denial of service (DDoS) attacks. The DDoS attack first attacked the domain name system (DNS) provider Dyn, and then targeted the Twitter, Reddit and other important websites, causing the operation of these websites to be interrupted.

Earlier this year, hackers attacked the Dallas emergency alert system, sounding alarms throughout the city and directing loopholes in the municipal infrastructure cyber defense system.

With the advent of the Internet of Things, a large number of more important goals have become the target of cybercriminals. Therefore, we need to proactively deal with this situation and plan accordingly.

According to Sage Business Researcher, the number of connected devices is expected to reach 50 billion by 2020. This number has been growing at an alarming rate: in 2016, it was less than 25 billion in fashion, and in 2012 it was less than 10 billion. Manufacturers have been scrambling to bring Internet of Things devices to market, and sometimes Security is not a priority.

To make matters worse, the Internet of Things has not been standardized, especially when it comes to the uniformity of the personal computer (PC) and smartphone markets. The IoT design is constrained by a decentralized approach to security implementation, which in turn is determined by a variety of system, semiconductor, and software-level options. When these options are combined, the complexity of the problem increases dramatically. The most important point is that improving the security of a group of IoT devices does not bring security improvements to billions of other devices.

There are now efforts to establish a security framework to guide OEMs to incorporate the appropriate level of security into their designs. The groups that advance these initiatives advocate the integration of critical security components in hardware and software, set up defense-in-depth security, and implement other strategies to take advantage of many of the latest known solutions. A good example in this area is presented in a document by the American Industrial Internet Consortium (IIC) called "Industrial Internet Security Framework" (IISF). In addition, the US Federal Trade Commission (FTC) has been working to address threats, such as 2015, which urged IoT companies to adopt best security practices.

Despite all the work, the vulnerability problem is still very serious, especially those companies outside the Fortune 100, who are unable to deploy strong cyber security personnel or allocate budgets, and because of the lack of off-the-shelf IoT security solutions. Unity is hindered.

Unexpectedly, in one of the biggest vulnerabilities in the current IoT system, “code storage memory,” it may be possible to find an easy-to-implement, and possibly more secure, approach to this challenge. By leveraging storage technologies in new and innovative ways and combining them with cloud-based capabilities, it is expected to create greater security.

In more advanced security attacks, malicious code is written to non-volatile storage. This usually happens on devices at the edge of the network or near the edge of the network, that is, on the "thing" in the endpoint or the Internet of Things. Once these devices are infected, an attacker can use them to form a larger botnet with other devices or act on the target system alone. Many of these attacks exploit known security vulnerabilities that are now released and are constantly looking for new "zero-day" vulnerabilities available.

Other common attack strategies emerged at the end of 2016 , including Mirai- based botnet attacks. This type of attack exploits IoT devices such as DVRs , IP cameras, and home routers that leave unsafe default settings at the factory. At peak times, these devices launched DDoS attacks on various websites , including Twitter , Amazon, and Reddit . Ironically, KrebsOnSecurity is also being attacked.

In both of these attack strategies, device OEMs can adopt the following long-term solutions: redesigning the main hardware and software, deploying devices and cloud solutions to monitor device integrity and fix when the device is compromised.

However, where there are weaknesses, there are opportunities. If the key code stored in the store can be authenticated by encryption and the code can be part of the IoT device, then combining the code with the great features in the cloud allows for end-to-end identity Authentication and encryption firmware management greatly limits the ability of hackers to implant malware on devices.

Over the years, people have been using a set of features called " Root Root " (RoT) to improve network security. RoT provides a security service that typically resides in a trusted computing module and can be used securely by the operating system to verify the identity and health of the device, thereby essentially confirming that the device is part of the network and is not infected.

So far, the burden of providing this security is still borne by the CPU , SoC, and Hardware Security Module (HSM) . Unfortunately, even with these components and the security they provide, hackers can still launch attacks and destroy or stop systems at all levels under the logical components of IoT devices. As the complexity of attacks increases, Advanced Persistent Threat (APT) is becoming a more serious problem because hackers focus on the logical part of the IoT device and embed the code into the device. Among the storage.

Security can be improved by increasing the security of more parts of the solution (ie "defense in depth") and ensuring storage is taken into account. In addition, this method is destined to be relatively simple, low-cost, and insignificant, and can be more widely applied to today's IoT devices that are suffering from various attacks.

Micron is looking for a way to put device ID and small encryption processing functions directly into storage. The combination of these elements will generate some information that enables the cloud computing resources to confirm the identity and health of the storage and the data it contains. In this way, the minimum startup level and load shunting security can be enhanced by the CPU , SoC and HSM .

This approach has been confirmed in the recent security partnership between Microsoft and Micron. The two companies focus on two key aspects that simplify the way customers secure their IoT devices and enable device identity. The first step is to create an end-to-end secure connection built into standard hardware that allows customers to enhance system functionality through a software development kit (SDK) . By leveraging a new standard called Trusted Computing Group (TCG) called Device Identity Synthesis Engine (DICE) , Microsoft Azure IoT Cloud and Micron AuthentaTM technology help ensure that only trusted hardware can access the IoT cloud. .

The solution verifies the identity and health of the hardware that is typically used to store critical code and is expected to provide new security benefits for IoT devices. With this identity feature, the Azure IoT hub can verify that the device's status is "good" or "bad" and take appropriate actions, such as enabling higher-level features such as device health attestation and configuration, and enabling Administrators can securely repair compromised devices on site.

Executing IoT device authentication in storage not only provides a unique level of protection at the lowest boot level, but also leverages the standard flash slots already in the billions of IoT devices. Companies can use Authenta 's Micron flash memory in their current designs and old designs to implement new security features by modifying the software. Both Microsoft and Micron have core middleware with a Software Development Kit (SDK) to enable these solutions on hosts, gateways and even endpoints in Azure , further simplifying software resource requirements. This solution is designed to make it easier to provide secure IoT cloud management and connectivity for new platforms and devices, as well as to make it easier to retrofit older systems.

No security mechanism is perfect, but security can be improved by adding important defense-in-depth features. This is especially true today, when the Internet of Things is on the rise and the number of vulnerable devices on the edge of the network is increasing. With these new solutions from Microsoft and Micron, end-to-end device management will be safer and less costly. Monitoring and managing the health of IoT devices is one of the most complex decisions companies make. At the same time, it is very difficult to quickly eliminate known security vulnerabilities and make the cost of hackers out of the benefits. By leveraging optimal cybersecurity practices and a newly formed ecosystem, many companies' security implementations should begin to become more efficient and less expensive.