To ‘Trust’ in your IoT Edge

by Nitrozac & Snaggy

Not for the technically challenged (just kidding): There’s quite a bit of technical jargon in here, a collection of my thoughts/ideas on the problem of building ‘trust’ into the #IoT ‘Edge’.

With computing being pushed to the Edge, trust at the edge has taken on a whole new dimension, one that keeps cropping up every time you offload a bit of your cloud’s logic/intelligence onto a relatively underpowered or inexpensive device.

You know those perennial questions that we keep running into -

Can I trust this device? …. How can I trust it?

We end up looking for a security architecture that will serve as the foundation for such a shift but the scope of the problem (might I say) is pretty huge when you consider that we’ll need to address a broad range of often conflicting security requirements.

The solution:

Securing Edge/GW devices with the following unique characteristics

1. Constrained computing environments (CPU, memory, I/O, battery etc.) to fully rich (in resources) computing environments.
2. Modular architectures to fully integrated and heavily interdependent systems.
3. Relatively inexpensive to expensive industrial class deployments.

With such a broad spectrum; we can make the claim that there isn’t a one size fits all solution and that we’ll need multiple options to effectively address ‘the problem’. But in practice, this may be prove to be a NOT so attractive strategy, considering

1. Engineering effort (repetitive need to redo what we’ve already achieved i.e. reinventing the wheel)
2. Time to market (we lose speed and many a times become the blocker)
3. Manageability (variation inherently yields complexity)
4. Legacy overheads

Practical security design:

A better approach would be to leverage a set of guiding principles to build trust into our designs. After much deliberation (years of it), I believe there are 3 core security concepts or logical abstractions found within every digital computing system (embedded/traditional):

1. Isolation
2. Access control
3. Verification

**It’s worth noting — all existing computing architectures leverage these 3 abstractions in some form in their attempt to provide security.

But these abstract notions are a bit vague i.e. How do we arrive at a more concrete/workable architecture by distilling the essence of the above concepts?

I think we can achieve a high degree of ‘assurance for trustworthiness’ in the Edge computing space if we mandate 5 prerequisites

**of course with the assumption that we already have countermeasures for attacks targeting physical aspects of hardware.

1. Secure Boot: Authenticated/Measured boot
2. Secure Storage: Persistent hardware storage via TPM(s), secure elements
3. Secure Update: PKI backed authentication & code-signing
4. Secure Execution: VM(s), containers, microkernel isolation (OR) hardware assisted via TrustZone, SGX
5. Use of approved and (or) validated crypto modules/algorithms