Did you know that over 75 million tourists visit the United States every year? Or that the Transport Security Administration (TSA) screens over 2 million people daily?
The TSA processes 150 passengers per security lane. Imagine the public outrage if it took 20 minutes to screen a passenger and the process publicly disclosed personal information. That’s the average time and result of installing an IoT device today.
What lessons can be applied from security screenings to accelerate IoT device adoption? How can the authentication and installation of new IoT devices be streamlined?
Intel is offering a new approach that’s worth considering.
Real-world passenger security screening
Security screening of passengers is challenging for several reasons:
- The large number of passengers that have to be quickly and accurately processed
- Passenger credentials come in various forms (driver's licenses, passports) and from many different authorities
- The person being screened may be unable to help much due to poor language skills
- Security officials are subject to human errors due to inadequate training or exhaustion
- Passengers are rightfully proud of protecting their Personally Identifiable Information (PII)
Biography & biometry
The U.S. Customs & Border Protection uses both biographic and biometric indicators to streamline security screenings.
Biographic details describe a person and include credentials such as passports, driver's licenses, student IDs and credit cards. They aren’t foolproof, as names may be misspelled and documents can be lost, stolen or even counterfeited.
Biometric identifiers include biological traits, such as photos, fingerprints and eye scans. They are part of a person and much harder to fake or steal. Biographic and biometric indicators used together yield better results. For instance, a fingerprint scan can confirm that the identity of a passenger is the same as the passport being presenting.
IoT devices can be identified in a similar manner.
A biometric indicator for an IoT device is a trait that’s part and parcel of it, such as a digital key embedded in the silicon. It’s hard to tamper, hack or steal it. A biographic indicator for an IoT device is a credential that accompanies it, such as who built, sold or owns it. IoT devices are better authenticated by using both the biometric and biographic traits together.
Authenticating IoT devices
Installing IoT devices often is a trade-off between simplicity and security. Why is it so challenging?
- Devices can be faked and have little computing power to assist with their authentication. Such "headless devices" lack a user interface through which their identity can be queried.
- Device manufacturers may add basic root-of-trust embedded security, but in general they focus on lowering production costs and punt additional security to software vendors or customers.
- It’s hard to track a device’s ownership as it change hands between multiple distributors and resellers before being installed. The device’s identity may be compromised while it is in the supply chain. Or if the device uses traditional PKI-based authentication, it may inadvertently reveal location or other data that makes it easier to attack—privacy and anonymity are key tenets for IoT
- Once installed, an IoT device has to be authenticated and then connected to the cloud service or mobile application that’s responsible for managing the device. How do you prevent the device from being hijacked by a management service that has been set up by hackers?
- Communication between the IoT device and its management platform may be compromised by a man-in-the-middle attack.
- The workers installing an IoT device may get access to its security credentials that may introduce other security concerns.
- It’s difficult to upgrade the security features of an IoT device once it’s been installed, so it has be done right the first time.
- Securely identifying the device
- Preserving the privacy of the device’s ownership/data as it is distributed
- Securing communication from the edge device to the cloud
- Properly configuring the device on the IoT management platform
Combining biographic and biometric traits enables better screening of passengers. Similarly, its authentication is enhanced when a digital key has been embedded in the silicon right from the start when an IoT device is built. This digital key is the foundation for a chain of trust.
Intel’s has a proof of concept (POC) based on an Intel Enhanced Privacy ID (EPID). Intel EPID is an open-source digital signature scheme uniquely suited for IoT. Unlike traditional PKI, in which each entity has a unique public verification key and a unique private signature key, Intel EPID uses a common group public verification key associated with many (typically millions) of unique private signature keys-this delivers anonymity and privacy).
The POC aims to streamline the authentication and device take ownership step that needs to take place ahead of device provisioning, configuration or management. Intel is working with leading IoT platform providers, device ODM/OEMs and other silicon providers to enable their solutions for a streamlined, EPID-based on-boarding model.
POC demonstrated at Intel Developer Forum
The proof of concept starts with the silicon and device manufacturer. The EPID software digital key and software client are embedded in the silicon chips used to build the IoT device. They become part of the boot sequence for the device, so its identity can be established whenever it is turned on. Here's how it works:
1. Track ownership
An ownership trail for the device is cryptographically maintained for each device using the EPID key. This tracks who possessed it all the way from the manufacturer through distributor to the customer. This is important in order to confirm that it wasn’t tampered with along the way. The IoT Device Management Platform tracks the chain of ownership from when a device leaves the factory to when it is installed. This is similar to the stamps in your passport that indicate where you've traveled.
2. Track ID
The IoT device first connects to a third-party brokerage service when it’s installed. The IoT management service, such as Azure, authenticates the device based on its manufacturer’s policies. This step reduces the risk of malware building threat maps of where devices are being deployed to launch a Denial of Service (DoS) attack.
3. Confirm ownership
The device owner, according to the chain of ownership, is compared with the digital EPID key provided by the device. A match indicates that the device is authentic and with the proper owner. It's similar to how a passenger’s identity is confirmed by comparing their fingerprints with those retrieved from an online database with the name on the passport.
How does EPID stack up?
EPID overcomes most IoT security concerns.
1. Device password hacking
IoT devices are often hacked because users forget to change the default passwords shipped with their IoT devices. EPID-based devices confirm their identity digitally, reducing the chance of human error.
2. Breaching communications
A man-in-the-middle attack involves a hacker secretly inserting himself in the communication stream between an IoT device and the cloud management service. A hacker can take over control of the IoT device by inserting fake messages into the communication channel. The device and management server can’t recognize the man-in-the-middle attack and believe that they are working normally. Such attacks have been used to unlock IoT-enabled doors, take control of baby cams and cause refrigerators to malfunction by sending hacked instructions.
EPID randomly disguises and mutually authenticates communications between an IoT device and its management server, making it harder to execute a man-in-the-middle attack.
3. Social engineering
In this form of attack, hackers may manipulate owners into sharing passwords when a device is being installed. This information is used to later to hack the IoT device. Device authentication with EPID happens automatically with the trust broker. This eliminates the information that has to be shared with a technician performing the installation. It also slashes the time needed to install an IoT device.
4. DoS attack
Hackers will intentionally overload a system so that it cannot cope with capacity overload, making it vulnerable to a hack. They need a large number of internet-enabled devices that they can control to generate the traffic needed for such an attack. Hackers convert IoT devices into botnets by installing malware on them. EPID reduces the risk of such attacks by ensuring that the IoT device communicates only with a trusted cloud management provider and does not get tricked into installing malware.
IoT security resources
- The security risks IoT devices - Bruce Schneier
- Five common security IoT hacks - Lea Toms
- Zero Touch Onboarding of IoT Devices - Guy AlLee and Geoff Cooper
- Intel IDF Demo - Jennifer Gilburg
This lighthearted video from the security counter at the Las Vegas airport shows the challenges of confirming identity.
Imagine a future when IoT devices will be installed with the speed and security of going through an airport security check. Intel has solutions coming soon that is making it happen. To learn how you can take part in this proof of concept, inquire here. No passports needed!
This article is published as part of the IDG Contributor Network. Want to Join?