EN 
DE Security basics for developers
Author: Jürgen Messerer, bbv Software Services AG
Contribution – Embedded Software Engineering Congress 2017
In our digital age, we are surrounded by connectivity. Everyone and everything is exchanging information. A crucial component of this digital network is the Internet of Things (IoT) with its countless applications. However, not every application can be implemented with a single technology. A variety of wireless solutions are available for IoT devices. To select the most suitable technologies, various criteria must be considered, such as range, data rate, security, and licensing model. One technology that meets these criteria while being uncomplicated and versatile is the Low-Power Wide Area Network, or LPWAN. LPWAN offers long battery life with broad coverage and low throughput. But what about security? Are we seeing the same issues as with other IoT devices, where security was implemented only sparsely or not at all? This article will show what needs to be considered to prevent tomorrow's LPWAN devices from being immediately reconfigured as bots by unauthorized individuals.
introduction
Security means being in a state that is practically free of threats and dangers. However, the more complex a system is, the more difficult, if not impossible, it becomes to achieve this state. The field of computer technology is such a complex system, and it is constantly evolving. Because protective measures are being circumvented or broken with increasing frequency, a security concept to safeguard confidentiality, availability, and integrity must be developed from the outset. This concept must also consider future security attacks that are not yet even known. Security should never be considered an option! Retrofitting security measures is also highly impractical, as it would exponentially increase production costs.
Security Audit/Assessment
It is important to gain an overview of a product's safety by asking targeted questions. The following simplified questions can already reveal a great deal about a device's safety concept.
Physical Assessment
- Is the device protected against unauthorized access?
- Are the interfaces protected?
Access Control Assessorst
- Who has access to the device and with what access rights?
- Is the access logged?
Vulnerability Assessment
- What software is running on the device and what are its known vulnerabilities?
- How will we be notified about security issues?
Network Security Assessorst
- Are the data being sent to the authorized server?
- How is the server's identity verified?
- Is the data transmitted in encrypted form?
- Are other network services protected?
Software Update Process Assessment
- How are software bugs fixed and how are updates distributed securely?
- How is it ensured that no third-party software is running on the devices?
- Was the received software update obtained from a trusted source?
- Has the integrity of the update been compromised?
Key Management Assessment
- How and where are the keys stored?
- What is the life cycle of the keys?
Security weaknesses in LPWAN implementations
Let's look at a low-power device like an LPWAN device, which is battery-operated and has limited processing power and memory. LPWAN protocols and their implementations, such as LoRaWAN, Sigfox, Weightless-P, RPMA, and NB-IoT, have certain security features that cover only a small part of the assessment listed earlier. Generally speaking, all of these protocols use AES encryption and decryption of data, i.e., symmetric keys.
Unfortunately, in reference implementations, these keys are statically stored in the devices. There is no way to replace these keys if needed. The only option is to physically remove the keys. Another security weakness lies in the inability to distribute software updates over the air. Often, for cost reasons, the keys are not stored in secure storage. How can these weaknesses of LPWAN security be addressed?
- Secure storage of symmetric keys
- Update symmetric keys of LPWAN devices
- Secure over-the-air software update
Security by Design
Security begins with the hardware design. The keys must be stored in a secure memory area. To achieve this, it is advantageous to use a security chip. Microchip, formerly Atmel, offers a whole series of such security chips, each covering a specific security segment. Security memory chips like the AT88SCxxxx are ideally suited for securely storing symmetric keys and, at 50 cents per 1000 units, are in a cost-effective price range. But what about over-the-air key updates?
To enable key updates over an insecure channel, such as over the air, additional security mechanisms are required. Fortunately, such security mechanisms have been known for over 20 years. To ensure that symmetric keys can be securely exchanged over the air, a secure channel must be established. The Diffie-Hellman key exchange, which is based on asymmetric keys, has been used for this purpose for many years. Unlike encryption with symmetric keys, asymmetric encryption is more computationally intensive and therefore consumes more energy. For battery-powered devices, a modified form of the Diffie-Hellman key exchange is used: the so-called Elliptic Curve Diffie-Hellman (ECDH) method, which is based on elliptic curves and is therefore less computationally intensive and more energy-efficient. This method only secures the exchange itself, but not whether the sender is actually the one we trust.
Fortunately, there is a proven method for this as well: the Elliptic Curve Digital Signature Algorithm (ECDSA), a modified version of the conventional Digital Signature Algorithm. These two methods, ECDH and ECDSA, ensure secure key exchange over the air. Microchip offers a cost-effective solution for this as well: the ATECC508A Crypto Authentication Chip. In addition to securely storing keys, this chip provides an easy-to-use interface for key exchange using ECDH and ECDSA. A possible hardware design could look like this:
(see illustration, PDF)
Using ECDH and ECDSA, secure over-the-air software updates could also be implemented. In some implementations, only a limited downlink is offered. If this is the case, it must be verified whether a key update is even possible and thus meets the security requirements. Furthermore, most LPWAN protocols lack a broadcast-to-all feature. Organizations like the LoRa Alliance have recognized these weaknesses and are extending the protocol specification to include precisely this feature.
Summary/Conclusion
From a security perspective, LPWAN protocols and their implementations are inadequate. Using a dedicated crypto chip, such as the ATECC508a from Microchip, it is possible to retrofit functions like ECDH and ECDSA to such LPWAN devices and their implementations. This significantly increases the security of these devices.
author
Jürgen Messerer works at bbv Software Services AG as an embedded software architect. His focus is on small and large embedded systems as well as application development with C++ and Qt5.
IoT / Industry 4.0 – our training courses & coaching
Do you want to bring yourself up to date with the latest technology?
Then find out more here MircoConsult offers training courses/seminars/workshops and individual coaching on the topics of IoT/Industry 4.0/system and hardware development.
Training & coaching on the other topics in our portfolio can be found here. here.
IoT / Industry 4.0 – Expertise
Valuable expertise in IoT/Industry 4.0/system and hardware development is available. here Available for you to download free of charge.
You can find expertise on other topics in our portfolio here. here.
