All About Circuits
All About Circuits

How To Streamline the IoT Security Lifecycle

Security in IoT systems is both an end-to-end problem and a lifecycle challenge. In this article, learn cost-effective ways to craft an enduring, secure IoT implementation.

Industry Article January 15, 2025 by David Haslam, Crypto Quantique

The internet of things (IoT) is becoming the foundation for many novel ways for businesses to improve their operations. That same potential comes with risks. The ubiquitous connectivity that lies at its heart leaves systems integrators and service providers with a potential security headache.

Everything, down to the endpoints, needs to be protected against attack. A holistic approach can deliver effective security to IoT devices. This means ensuring every device added to the network follows a clearly defined lifecycle that covers its progress from manufacturer all the way to end of life.

In between those two ends of the lifecycle, the providers of any of the services in which the IoT device participates need to be sure its firmware or data have not been compromised. That comes by implementing secure boot, flash encryption, and by leveraging public-key infrastructure (PKI) technology.

 

The Role of PKI

PKI works hand-in-hand with a chain of certificates signed using private keys that connect to a known, trusted certificate authority and which can be checked using the corresponding public keys. Any endpoint that interacts with the device can use standard protocols to check that digital certificates stored on a device are legitimate (Figure 1). That is, they are owned by a known provider and an adversary has not been able to tamper with them.

Checking the provenance of certificates and other credentials relies on an interlocking set of cryptographic keys and hardware-security resources within the device. Those hardware resources are implemented as a root-of-trust built into the core computing elements of each IoT device.

 

PKI is used to check that digital certificates stored on a device are legitimate and have not been tampered with.

Figure 1. PKI is used to check that digital certificates stored on a device are legitimate and have not been tampered with.
 

One important advantage of using signed digital certificates in this way is that an IoT device does not have to enroll with a service as soon as it leaves the manufacturing plant. Enrolment and activation can happen much later, in a process known as late binding. Because the chain of trust enabled by the certificates remains in place, services can check eligibility only when the device needs to be added to the network.

To guarantee security, there are vital steps that need to be completed correctly at each stage. The first step is to provision the device with certificates that will give it a unique, verifiable identity. This is potentially the hardest step to secure and normally takes place when encryption keys and certificates are first loaded into the IoT device.

Certificate delivery could take place over a network. But, if a publicly accessible network furnishes the connection between programmer and device, there is no way to guarantee that an attacker cannot intercept the procedure. 

 

Defense Against Attacks Using HSMs

The only viable option is to have a known secure, direct connection between the device and the certificate generator. Manufacturers can achieve this secure connection using a programming device armed with a hardware security module (HSM) on the production line that can connect directly to the device. In a properly secured production environment, there is no opportunity for an adversary to stage a man-in-the-middle attack and insert counterfeit credentials. 

Later, when the IoT device is first used, it will need to connect to cloud services to begin its useful life. The cloud service and device authenticate each other, performed using exchanges based on the certificates generated at manufacturing time. The cloud service will have its own set of certificates generated by the manufacturer to let it confirm the provenance of those on the device. They also let the device check if the cloud service is legitimate.

Once enrolled in the network, the IoT service operator needs to ensure the device receives timely software updates that protect against attacks by potential adversaries. These need to be delivered using over-the-air updates. That requirement, in turn, points to a management infrastructure that recognises devices so that the appropriate firmware images are delivered correctly. The cloud systems may also need to remove and replace certificates if the current owner sells the device on to a different user.

When the device finally reaches the end of its operational life, which may include situations where the service operator considers it as being compromised by an attacker, the certificates used to let it gain access to service need to be revoked. Further changes may include clearing the device’s memory of sensitive data and firmware. That will prevent it from being able to reconnect to other systems on the IoT network. 

 

Weighing Cost Concerns

With such an infrastructure in place, IoT service operators have an excellent foundation for maintaining secure operation over the lifetime of their offering. But it can be an expensive infrastructure to create. That is the case even using off-the-shelf hardware and software components because of the need to coordinate the various elements of the security apparatus without risking gaps in the secure distribution of keys and certificates.

Without support from trusted third parties, these steps can be difficult and potentially expensive for a manufacturer to implement in today’s predominantly outsourced supply chains. Manufacturers need to audit their suppliers at regular intervals to ensure the management of keys and certificates is not at risk of being compromised.

Some companies have introduced services that take on the responsibility of installing secure keys and certificates on behalf of customers who sell IoT devices and services. They have often done so by working directly with some of the leading cloud-computing providers, such as Amazon Web Services or Microsoft Azure.

 

Factoring in Lifetime Costs

In such a system, often each device will be enrolled in the network by having the installation technician use a smartphone or tablet to scan a QR code attached to the product by the electronic manufacturing services (EMS) provider. The QR code is associated with either an individual device or a certain batch of MCUs. Each sticker encodes a URL that begins the process of enrolment in the cloud service, using a round of certificate checks to produce the credentials needed to support the IoT service.

Though these services can be convenient, they can lead to lifetime costs that are higher than anticipated if the relationship between the MCU manufacturer and the cloud-computing operator creates a lock-in to a particular service offering

Such services will need to support the MCU vendor’s method for enrolment, which may be by scanning a QR code supplied with each part. That can increase production, installation and maintenance costs compared to custom operations, where it is more feasible to have the device self-activate and connect to the appropriate service automatically.

 

Avoiding High Startup and Operating Costs

There is another way to achieve the flexibility and other advantages of a fully custom secure-lifecycle management system without their high startup and operating costs. It works by providing users with the choice to use the key-management and secure elements that many leading MCU vendors can deliver. An example is the QuarkLink software platform. This was developed through collaboration between Crypto Quantique, the platform developer, with several leading silicon vendors, as well as cloud-service operators.

QuarkLink (Figure 2) leverages the PKI and certificate ecosystems built by silicon vendors but couples that to a software infrastructure that gives IoT implementers a far greater degree of control. When the device first connects to the network during installation, a small piece of QuarkLink code that is included in the initial firmware programmed into the device during manufacture automatically initiates communication with the QuarkLink server.

 

QuarkLink can deliver the flexibility and functionality of a fully custom secure-lifecycle management system for IoT devices, without high startup and operating costs.

Figure 2. QuarkLink can deliver the flexibility and functionality of a fully custom secure-lifecycle management system for IoT devices, without high startup and operating costs.
 

At this point, back-end services created by Crypto Quantique authenticate the device and, if it has the right credentials, provide it with firmware and data to become a member of the designated IoT network. Policies set by the IoT implementor are then used to determine which cloud services the device will access, whether they are hosted by an operator such as AWS or Azure or a custom solution that is compatible with the standard MQTT protocol.

The system is flexible enough to allow for changes in back-end cloud-computing operators during the lifetime of the device thanks to the use of policy-based configuration.

 

Handling Updates

Policies recognized by the QuarkLink back-end software control the device’s full lifecycle, including the delivery of OTA updates. As soon as updates become available, policies streamline the process of determining which updates each group of devices receives. And configurable policies determine the actions that are taken when the device is to be retired or transferred to another owner.

By working with the silicon and cloud ecosystem, QuarkLink represents a complete infrastructure for managing the lifecycle of IoT devices that gives full control over each of the elements in the chain. That provides the user with the means to tune their IoT implementation for minimum cost and maximum flexibility without sacrificing the security these systems all require.

 

All images used courtesy of Crypto Quantique.

Related Content

IoT Security Technology Global Forum
IoT Security Technology Global Forum
Industry Webinars
Practical Guide to RF Testing Secure Radios
Practical Guide to RF Testing Secure Radios
Industry Webinars
How to Ensure MultiGigabit Automotive Ethernet Compliance
How to Ensure MultiGigabit Automotive Ethernet Compliance
Industry Webinars
How to Defeat Heat with Peltier Devices
How to Defeat Heat with Peltier Devices
Industry Webinars
Hardware-Based Trust Provides Key to IoT Security
Hardware-Based Trust Provides Key to IoT Security
Industry Articles
BlackBerry Secure’s Comprehensive Security Platform for the IoT
BlackBerry Secure’s Comprehensive Security Platform for the IoT
News
How to Set Up ROHM’s Arduino Sensor Shield for IoT | AAC How-To
How to Set Up ROHM’s Arduino Sensor Shield for IoT | AAC How-To
Industry Articles
How To Make A 5V To 15 KV High Frequency Inverter Using An Old SMPS Power Supply
How To Make A 5V To 15 KV High Frequency Inverter Using An Old SMPS Power Supply
Partner Content Hub

Learn More About

iot iot security cybersecurity encryption Crypto Quantique public key security OTA updates IoT lifecycle

You May Also Like