Like all other aspects of information security, securing IoT is a continuous journey.
IoT devices are at risk of attack by a variety of malicious actors which can take advantage of poor security design of an IoT solution. Which is why vendors, operators, suppliers and consumers should take into account best security practices when developing, integrating, implementing and operating IoT devices in all environments.
In this article we will highlight basic principles of good security practices for securing IoT devices.
The degree of protection we should employ depends on the data created, stored, processed and transmitted from an IoT device.
Understanding the types of data ensures that secure design of the solution protects the data from unauthorized viewing, modification or deletion.
While designing the solution, document all the data items and their data flow. Then include the security controls that you will put in place to protect them.
- Ensure all devices are in operation mode and not left in a default setup, reset or pairing mode.
- Test access points on devices should be disabled or locked.
- Use physical locks and place your devices in secure areas.
- Devices should be placed in secure casing when they are used in exposed locations.
Secure Boot Sequence
- To ensure the integrity of the device, a trusted boot sequence must be ensured to minimize the risk of rogue software running at boot time. Make sure that a multi-stage boot loader initiated by a read-only code is used for ROM based boot function.
- Use a hardware-based tamper-resistant capability (e.g. a microcontroller security subsystem, Secure Access Module (SAM) or Trusted Platform Module (TPM)) to store crucial data items and run the trusted authentication/cryptographic functions required for the boot process. Its limited secure storage capacity must hold the read-only first stage of the bootloader and all other data required to verify the authenticity of firmware.
- Check that only expected hardware is present during the boot sequence.
- Prevent booting of the next stage until the previous stage has been successfully booted.
- Ensure failures at any stage of the boot sequence fail gracefully into a secure state.
Operating System Security
- Ensure the OS is securely booted with the latest OS component version available for the device.
- Secure configuration of the OS must be put in place, as strict as possible.
- Reduce the number of components of the operating system like libraries, modules and packages only to those required to support the functions of the device.
- Update the OS with the latest stable versions throughout the lifetime of the device.
- Disable all services and ports which are not used.
- Do not allow users and applications to write to the root file system.
- Do not allow anything to run as root.
- Ensure directories and files have minimum access rights, the ones required to perform the required functions.
- Encrypt the file system if possible and depending on the type of data created, stored and transmitted from the device.
- Remove all default user accounts and passwords.
- Do not hard-code credentials into applications.
- Use the latest stable versions of libraries and modules.
- All applications must be operated at the lowest privilege level possible and have access only to the resources they need.
- Use sand-boxing techniques where possible to isolate applications from each other.
- Use secure coding principles and incorporate security into all stages of the development lifecycle.
- Use strong and complex passwords and employ a secure password reset process.
- Each password stored for authenticating credentials must use an industry standard hash function, along with a unique salt value that is not obvious. Passwords stored must be strongly encrypted using a strong encryption algorithm.
- Store credentials or encryption keys in a Secure Access Module (SAM), Trusted Platform Module (TPM), Hardware Security Module (HSM) or trusted key store if possible.
- Use 2-FA if possible.
- Update of a certificate and the certificate chain must be done securely.
- Certificates used to identify a device must be unique for that device only.
- Never use insecure protocols like FTP, Telnet.
- Always use the strongest encryption algorithm available and only downgrade from that if absolutely necessary.
- When configuring a secure connection, if an encryption protocol offers a negotiable selection of algorithms, remove weaker options so they cannot be selected for use in a downgrade attack.
- If implementing public/private key cryptography, use unique keys per device and avoid using global keys.
- Run only services on the network which are required and only on specific ports.
- Always use secure protocols like SSH, SFTP, HTTPS.
- Do not exchange credentials over unencrypted connections.
- Try to authenticate the incoming and outgoing connections when possible.
- Restrict access to and from the device only to and from specific hosts with valid business reasons for communication.
Logging and Monitoring
- Passwords should not be displayed in logs.
- Store log files separately from system files.
- Set maximum log file sizes.
- Restrict access to the log files to the minimum required.
- Encrypt log files if they are transmitted to a remote location.
- Monitor and analyze logs regularly.
With the number of IoT devices growing, and as wider deployment of 5G creates new opportunities for connectivity, the security of the IoT is vital for data security, regulatory compliance, customer data privacy, and the high availability and reliability of services, generally.
Dimitris is an Information Technology and Cybersecurity professional with more than 20 years of experience in designing, building and maintaining efficient and secure IT infrastructures.
Among others, he is a certified: CISSP, CISA, CISM, ITIL, COBIT and PRINCE2, but his wide set of knowledge and technical management capabilities go beyond these certifications. He likes acquiring new skills on penetration testing, cloud technologies, virtualization, network security, IoT and many more.