News

With DDoS Attacks a Now-Common Reality, IoT Firmware Security is Paramount

August 10, 2020 by Adrian Gibbons

Attack vectors are migrating to easier targets, and right now, IoT firmware is fair prey. In 2020, researchers, corporations, and governments are rising to the occasion.

In September 2016, an unknown attacker targeted Dyn, the domain name service (DNS) for many big-name sites such as Twitter, Reddit, Spotify, Github, and The New York Times.

How exactly did this attacker breach such high-security sites? According to Robinson Meyer of The Atlantic, the botnet used compromised DVRs, webcams, and other early IoT devices to take down Dyn using a distributed denial of service (DDoS) attack—a term associated with massive Internet outages.

 

Example of a high-level system architecture

Example of a high-level system architecture with blue boxes indicating the foundational hardware and firmware upon which software (yellow boxes) are built. Image used courtesy of NIST
 

A month after the sweeping cyberattacks, Meyer spoke with prominent security expert Bruce Schneier who affirmed, “There hasn’t been a successful attack like this before.”

Bruce Schneier breaks computer security into three main branches:

  • Confidentiality of information
  • Integrity of the programming
  • Device or data availability

Since that attack, researchers have increasingly looked to firmware for improved security in IoT devices—from assessing the effectiveness of embedded asymmetric encryption to modular end-to-end secure firmware updates.

 

Firmware Security in Embedded Systems

The National Institute of Standards and Technology has issued Platform Firmware Resiliency Guidelines, which are guided by three principles for firmware development:  protection, detection, and recovery.

Maxim Integrated provides an example of how semiconductor suppliers are etching this three-pronged security focus at the silicon level. The company has developed I2C/SPI modules like the DS28C36 and MAXQ1061 to act as “roots of trust” in embedded systems.

 

MAXQ1061

The MAXQ1061 I2C/SPI secure boot/download co-processor is said to ensure end-to-end firmware integrity. Image used courtesy of Maxim Integrated

 

The MAXQ1061 is a “DeepCover” cryptographic controller acting as a co-processor—which, according to Maxim, ensures the integrity of the embedded devices.

 

Scanning for Firmware Vulnerabilities

Companies are also pushing firmware security through testing. A recent collaboration between Sectigo and ReFirm Labs is promising to scan and diagnose a system for firmware vulnerabilities.

According to Red Hat, some of the firmware vulnerabilities to watch out for include (but are not limited to): 

  1. Spectre and Meltdown side-channel attacks of processors
  2. Rowhammer bit flipping of registers
  3. Direct-memory access
  4. Altered boot processes

Many researchers are focusing on boot processes, in particular, to ensure firmware integrity. Corrupted firmware gives the attacker potentially unlimited access to the device at the hardware level, which makes detection by the operating system difficult or impossible.

 

Embedded Cryptography: Not Your Average “Password” 

Researchers from INRIA, the French institute for research in computer science and automation, conclusively showed that cryptographic systems could be incorporated into embedded systems and stored in Flash memory.

However, it required a significant trade-off with cryptographic protocols, using upwards of 51% of the memory allocation budget (depending on the processor). For Internet of Things hardware designers, 51% allocation will limit the actual usable features available in their device.

Devices like Maxim Integrated's cryptographic controller can remedy this strain on memory; digitally-signed firmware is verified by the controller, using public-private key pairs, and the result of the verification is returned to the host processor. It provides secure boot and secure updating without allocating major sections of the primary microcontroller to processing security features.

Another way to ensure secure updates, according to IEEE contributors, is to use a physical unclonable function (PUF) repository to generate keys between the IoT device and the firmware maintainer (OEM).

 

Proposed handshaking process for firmware update using the PUF repositor

Proposed handshaking process for firmware update using the PUF repository without the use of stored public-private keys. Image used courtesy of arXiv

 

This method allows firmware changes without requiring secret keys to be stored on the IoT device. 

 

IoT Security is a Hardware Problem, Too

IoT security can no longer be considered a problem exclusive to software designers. As DDoS attacks continue to mount, critical infrastructure at the hardware level will inevitably be targeted with increasing frequency.

The downtime of Twitter and Reddit may be a minor annoyance to some, but the loss of communication provided by DNS services means real blows to economic growth and human safety. Hardware engineers and firmware developers will have to dedicate more time to the security concerns of their hardware, following guidelines of NIST and learning from software experts.