“It is impossible to do a good job of protecting firmware integrity if you do not have hardware you can trust.”
Internet of Things (IoT) security begins with hardware authentication. “You’ve got to sign the hardware if you are going to have ecosystem-level rights management and access control,” says Jonathan Cartrette, Director of Technology and IoT Systems at Legrand. “You need certificates, and you’ve got to use crypto.”
The success of all downstream security efforts, including securing software and data, and the ability to secure IoT devices in a network environment, depend on device-level hardware authentication in order to scale.
Although the methods for creating the rooted trust necessary for true hardware authentication are well understood, they add cost and present challenges for compact hardware designs. For many devices, particularly the smaller, lower-cost IoT devices that are becoming ubiquitous in the market, hardware authentication is often an afterthought. Cartrette points out that in some cases, it’s even a challenge to agree on exactly what is meant by authentication. For example, Bluetooth has pretty good protections for pairing to guarantee that only the peripheral and your phone are communicating. Designers may assume that because they are using Diffie-Hellman cryptographic key exchange in their Bluetooth device and the peripheral successfully connects, the hardware is authenticated. In fact, it is not because in this case, the peripheral has no way of knowing if it actually connected to its specific phone unless the phone can send more information to prove it is genuine. Cartrette notes, “Defining authentication in a way that is meaningful to a forward-looking security conversation is critical, or the rest of the conversation is going to be missing something.”