Demystifying Internet of Things Security

Break down the misconceptions of the Internet of Things by examining the different security building blocks available in Intel Architecture (IA) based IoT platforms. This open access book reviews the threat pyramid, secure boot, chain of trust, and the SW stack leading up to defense-in-depth.

The IoT presents unique challenges in implementing security and Intel has both CPU and Isolated Security Engine capabilities to simplify it. This book explores the challenges to secure these devices to make them immune to different threats originating from within and outside the network. The requirements and robustness rules to protect the assets vary greatly and there is no single blanket solution approach to implement security.

Demystifying Internet of Things Security provides clarity to industry professionals and provides and overview of different security solutions

What You'll Learn

Secure devices, immunizing them against different threats originating from inside and outside the network
Gather an overview of the different security building blocks available in Intel Architecture (IA) based IoT platforms
Understand the threat pyramid, secure boot, chain of trust, and the software stack leading up to defense-in-depth

Who This Book Is For

Strategists, developers, architects, and managers in the embedded and Internet of Things (IoT) space trying to understand and implement the security in the IoT devices/platforms.

Conditions of Use

This book is licensed under a Creative Commons License (CC BY). You can download the ebook Demystifying Internet of Things Security for free.

Title: Demystifying Internet of Things Security
Subtitle: Successful IoT Device/Edge and Platform Security Deployment
Publisher: Apress
Author(s): Anil Kumar, David M. Wheeler, Ned Smith, Sunil Cheruvu
Published: 2019-08-14
Edition: 1
Format: eBook (pdf, epub, mobi)
Pages: 518
Language: English
ISBN-10: 1484228952
ISBN-13: 9781484228968
License: CC BY
Book Homepage: Free eBook, Errata, Code, Solutions, etc.

Table of Contents
About the Authors
Acknowledgments
Foreword
Introduction
Chapter 1: Conceptualizing the Secure Internet of Things
	The BadUSB Thumb Drive
	Air-Gap Security
	Stuxnet
	Designing Safe and Secure Cyber-Physical Systems
	Constrained Computing and Moore’s Law
	Trusted IoT Networks and the Network Edge
	Conclusion
Chapter 2: IoT Frameworks and Complexity
	Introduction
	Historical Background to IoT
		IoT Ecosystem
			Connectivity Technology
			Messaging Technology
			Platform Technology
	Elements of an IoT System
		IoT Device
			IoT Device Architectural Goals
				Interoperability
				Security
		IoT Network
		IoT System Management
			Device Lifecycle
				Manufacturing
				Supply Chain
				Deployment
				Normal Operation and Monitoring
				Manage
				Update
				Decommissioning
		IoT Framework
			IoT Framework Design Goals
				IoT Data Model and System Abstractions
				IoT Node
				IoT Operations Abstraction
			Connectivity Elements
			Manageability Elements
			Security Elements
				Consider the Cost of Cryptography
		Summary IoT Framework Considerations
	IoT Framework Architecture
		Data Object Layer
		Node Interaction Layer
		Platform Abstraction Layer
		Platform Layer
		Security Challenges with IoT Frameworks
	Consumer IoT Framework Standards
		Open Connectivity Foundation (OCF)
			OCF Core Framework Layer
			OCF Profiles Framework Layer
			The OCF Device Abstraction
			OCF Security
		AllSeen Alliance/AllJoyn
			AllJoyn Security
		Universal Plug and Play
			UPnP Security
		Lightweight Machine 2 Machine (LWM2M)
			LWM2M Architecture
			LWM2M Device Management
			LWM2M Security
		One Machine to Machine (OneM2M)
			OneM2M Security
	Industrial IoT Framework Standards
		Industrial Internet of Things Consortium (IIC) and OpenFog Consortium
		Open Platform Communications-Unified Architecture (OPC-UA)
			OPC-UA Framework Architecture
			OPC-UA Security
		Data Distribution Service (DDS)
			DDS Framework Architecture
			DDS Security
				Security Enveloping
				Security Tokens
				Security Plugin Modules
	Framework Gateways
		Framework Gateway Architecture
			Type I Framework Gateway
			Type II Framework Gateway
			Type III Framework Gateway
			Type IV Framework Gateway
		Security Considerations for Framework Gateways
			Security Endpoints Within the Gateway
				Security Endpoints in Type I Gateways
				Security Endpoints in Type II Gateways
				Security Endpoints in Type III Gateways
				Security Endpoints in Type IV Gateways
				Security Framework Gateway Architecture
	Summary
Chapter 3: Base Platform Security Hardware Building Blocks
	Background and Terminology
		Assets, Threats, and Threat Pyramid
		Inverted Threat Pyramid
			Sample IoT Device Lifecycle
		End-to-End (E2E) Security
		Security Essentials
			Device Identity
			Protected Boot
			Protected Storage
			Trusted Execution Environment (TEE)
			Built-In Security
		Base Platform Security Features Overview
			CPU Hosted Crypto Implementations
			Malware Protection (OS Guard)
			OS Guard (SMEP)
			OS Guard (SMAP)
			Encryption/Decryption Using AES-NI
			Sign/Verify Using Intel® SHA Extensions
			Intel® Data Protection Technology with Secure Key (DRNG)
		Converged Security and Manageability Engine (CSME)
		Secure/Verified, Measured Boot and Boot Guard
		Trusted Execution Technology (TXT)
		Platform Trust Technology (PTT)
		Enhanced Privacy ID (EPID)
		Memory Encryption Technologies
			TME
			MKTME
		Dynamic Application Loader (DAL)
		Software Guard Extensions (SGX) – IA CPU Instructions
	Identity Crisis
		Enhanced Privacy Identifier (EPID)
			Anonymity
		PTT/TPM
	Device Boot Integrity – Trust But Verify
		Secure Boot Mechanisms
			Secure Boot Terminology Overview
		Overview of BIOS/UEFI Secure Boot Using Boot Guard Version 1.0 (BtG)
	Data Protection – Securing Keys, Data at Rest and in Transit
		Intel Platform Trust Technology (PTT)
		Windows PTT Architecture
		Linux PTT Software Stack
	Runtime Protection – Ever Vigilant
		Intel Virtualization Technology (Intel VT)
		Software Guard Extensions (SGX)
		Intel CSE/CSME – DAL
			Isolation from Rich Execution Environment
			Authenticity and Security
			Portability
		Intel Trusted Execution Technology (TXT)
	Threats Mitigated
		Zero-Day Attacks
		Other Attacks
	Conclusion
		References
Chapter 4: IoT Software Security Building Blocks
	Understanding the Fundamentals of Our Architectural Model
	Operating Systems
		Threats to Operating Systems
		Zephyr: Real-Time Operating System for Devices
			Zephyr Execution Separation
			Zephyr Memory Separation
			Zephyr Privilege Levels and System Authorization
			Zephyr Programming Error Protections
			Zephyr’s Other Security Features
			Zephyr Summary
		Linux Operating Systems
			Pulsar: Wind River Linux
			Ubuntu IoT Core
			Intel® Clear Linux
			Linux Summary
	Hypervisors and Virtualization
		Threats to Hypervisors
		Intel® ACRN
			Real-Time and Power Management Guarantees in ACRN
		ACRN Summary
	Software Separation and Containment
		Containment Security Principles
		Threats to Extended Application Containment
		Containers
		Kata Containers
			Kata Containers Summary
		Trusted Execution Environments
			Software Guard Extensions
			SGX Security Summary
			Android Trusty
			Trusty TEE Security Summary
		Containment Summary
	Network Stack and Security Management
		Intel Data Plane Development Kit
		Security Management
			Secure Device Onboarding
			Platform Integrity
			Network Defense
			Platform Monitoring
			McAfee Embedded Control
		Network Stack and Security Summary
	Device Management
		Mesh Central
		Wind River Helix Device Cloud
		Device Management Summary
	System Firmware and Root-of-Trust Update Service
		Threats to Firmware and RoT Update
		Turtle Creek System Update and Manageability Service
		System Firmware and RoT Summary
	Application-Level Language Frameworks
		JavaScript and Node.js or Sails
		Java and Android
		EdgeX Foundry
		Application-Level Framework Summary
	Message Orchestration
		Message Queuing Telemetry Transport
		OPC Unified Architecture
		Constrained Application Protocol
		Message Orchestration Summary
	Applications
	Summary
Chapter 5: Connectivity Technologies for IoT
	Ethernet Time-Sensitive Networking
		Legacy Ethernet-Based Connectivity in Industrial Applications
		Key Benefits of TSN
		TSN Standards
		TSN Profiles
			802.1AS/AS-Rev
			802.1Qbv
			802.1Qbu
			802.1CB
			802.1Qcc
			802.1Qci
			802.1Qch
			802.1Qcr
			TSN and Security
		OPC-UA Over TSN
	Overview of Wireless Connectivity Technologies
		Considerations for Choosing Wireless Technologies for IoT
			Spectrum
			Range and Capacity
			Network Topology
			Quality of Service
			Network Management
			Security
		Wi-Fi
		Bluetooth
		Zigbee
		NFC
		GPS/GNSS
		Cellular
		5G Cellular
			Key Standards, Regulatory, and Industry Bodies Involved in 5G
			New Use Cases Enabled by 5G
			Key Technology Enablers for 5G
		LPWAN – Low-Power Wide Area Networks
			LoRa
			Sigfox
			Weightless
			Comparison of Low-Power LTE and Other LPWAN Technologies
		A Case Study – Smart Homes
	Summary
	References
Chapter 6: IoT Vertical Applications and Associated Security Requirements
	Common Domain Requirements and the Security MVP
	Some Common Threats
	Retail Solutions
		Security Objectives and Requirements
		Threats
		Standards – Regulatory and Industry
	Transportation Solutions14
		Connected Vehicle Infrastructure
		Security Objectives and Requirements
		Threats
		Mitigations
		Standards – Regulatory and Industry
	Industrial Control System (ICS) and Industrial IoT (IIoT)
		Security Objectives and Requirements
		Threats
		Standards – Regulatory and Industry
	Digital Surveillance System
		Security Objectives and Requirements
		Threats
		Standards – Regulatory and Industry
	Summary
Appendix: Conclusion
	Economics of Constrained Roots-of-Trust
	IoT Frameworks – Necessary Complexity
	Hardware Security – More Than a Toolbox
	IOT Software – Building Blocks with Glue
	Ethernet TSN – Everybody’s Common Choice?
	Security MVP – The Champion Within a Fractured IoT Ecosystem
	The Way Forward
Index