Securing edge interactions is crucial to mitigating the risks posed to IIoT devices, reports LEGIC Identsystems.
Until now, internet security has focused on information theft – protecting financial and personal data hosted in the cloud. With the fast-growing Industrial Internet of Things (IIoT), new challenges are emerging as valuable, mission-critical machines and infrastructure become dependent on the same vulnerable internet.
Unlike data, IIoT devices and assets are not stored in the cloud but are at the network edge. The key to protecting these assets lies with the gatekeeper, the security system at the edge that authenticates users and manages their rights to access and use IIoT edge devices such as building access systems, public infrastructure, connected vehicles and industrial machines.
The reason that internet-based services continue to function is the result of considerable efforts to stay one step ahead of hackers who work tirelessly to defeat security measures. Our current line of defence consists mainly of the asymmetric cryptographic protocol “Transport Layer Security” or “TLS” which is the most widely used technology for security of data traversing the internet. This is indicated by “HTTPS” (“HTTP over TLS”) that you see in your web browser address bar. Yet, TLS is vulnerable. First released in 1995, the fact that TLS is now in its seventh release is evidence that it is only a matter of time before any “secure” internet transport protocol is compromised.
As the battle between hackers and security protocols continues, it is generally acknowledged that the best way to protect data from unauthorised interception is to keep encryption keys off the internet and stored in an offline hardware secure element. This is a well-known fact that underpins the success of Bitcoin and other cryptocurrencies.
Protecting the “Internet of Things to Steal”
The number of connected devices has already surpassed the number of human users. We will soon be reading very different headlines as valuable, mission and life critical edge devices become dependent on internet connections; targets include public transportation systems, (driverless) vehicles, healthcare devices, industrial robots, power-grid equipment, dams and nuclear power plants as well as access control systems for offices, schools, airports, government buildings and hospitals. The damage caused by hackers who are able to breach critical infrastructure will far exceed that of a few million Facebook user profiles or stolen credit card numbers.
The most expensive and mission critical connected devices are those that are regularly accessed and shared by multiple users. This includes industrial equipment, shared vehicles, hospital diagnostic machines, construction equipment and hotel rooms, all which typically cost hundreds of thousands, or even millions of dollars.
Authentication of a large user population and management of their permissions to access valuable IIoT assets at scale, and in real time, requires a well-managed relationship between people, devices and required functionalities.
Key system requirements include an automated, end-to-end platform that can securely and, where necessary, biometrically authenticate users. It must autonomously grant usage permission dependent on a person’s credentials: What he or she is allowed to access and use and how, when, where and which features.
As an internet connection is often not available – and even when available can be unreliable, costly and can require IT support such as user log-in – the system also needs to function when the IIoT asset is offline.
Approval or denial of a user, as well as usage permissions granted based on a user’s credentials, must be executed autonomously and immediately at the IIoT asset. Secure authentication intelligence must be provisioned at the network edge in the form of a Security Module with integrated RF transceiver and secure element for storage of encryption keys (Fig. 3). Secure element storage can also be used to safely store sensitive application-specific information such as usage data, audit trails, certificates, whitelists and e-payment data.
An end-to-end authentication system
To meet security and usage requirements, the interface between user and IIoT assets should be made using low cost, existing devices. As recent events have underscored, contactless communication between users and infrastructure is preferrable. Transponders based on smartcards or smartphone apps implementing short range wireless communications such as Bluetooth, RFID, NFC and UWB are the most convenient, cost-effective and hygienic method for people to interact with IIoT devices for authentication and credentialing purposes.
Additional security can be implemented via PIN code or by employing built-in fingerprint or facial recognition apps. Based on the user’s cloud-managed credentials, access to equipment, specific functionalities and physical areas of usage are automatically assigned and managed by smart edge devices.
Keeping encryption keys off the internet
The key to protecting high value or life critical IIoT assets is to never allow user authentication or credential data to traverse the internet or be stored on a smart device in an unencrypted state. Additionally, during system commissioning, a practical method to securely initialise edge devices with encryption/decryption keys via smartcard or smartphone should be possible. Keys should be invisible to human eyes during the process, even to the person executing the installation.
As IIoT apps can be life or business critical, an additional level of security under the service provider’s direct control is desirable such as end-to-end AES (‘military grade encryption’) symmetrical encryption where keys are protected and managed by a hardware security module together with secure element technology running in a trusted environment. These well-established techniques provide the strongest protection against hacking, data interception or infrastructure spoofing.
Short range wireless communication between smartphone/smartcard and infrastructure must also be protected against replay attacks by mutually held, session-dependent encryption keys stored in a hardware secure element.
As a real world example, the chemical manufacturing industry illustrates the need for managed authentication and the permissioning of plant employees and external contractors. A typical chemical plant employs a wide range of staff including plant managers, machine operators, service technicians, quality controllers, external auditors and cleaning personnel. Each member of staff has specific responsibilities which require permission to access buildings, plant areas, machines, administration services, security and logistics systems. Access must therefore be restricted to authorised personnel and may be a function of time; some shift workers will only be allowed to operate specific machines on certain occasions. External contractors such as auditors and cleaning firms must also have controlled access to physical areas and devices.
Important system requirements include the integration of biometric verifications such as fingerprint or facial recognition, real time updating of credentials and the adding and removing of staff at the touch of a button. Online and offline operation is ensured to guarantee operational continuity in the case of network outage. Each edge device is equipped with a Bluetooth/NFC/UWB-enabled security module that is initialised with an encryption key stored in an integrated secure element which is not accessible from outside the module.
With a cryptographically secure, end-to-end IIoT management system in place, electronic user credentials combined with other personal authenticators such as PIN code or biometric data can be employed to authenticate users. User credentials can be combined with location or other context-based information such as sensor data to make tasks easier, more efficient and safer while improving process quality and convenience.
Implemented as a security platform which can be integrated with any application, secure symmetrical cryptography combined with secure element technology and short range radio communication is a strong candidate to ensure safe and secure operations of life and business critical IIoT systems.
For more information, visit: www.legic.com/iot
This article was originally published in the January 2022 edition of Security Journal UK. To read your FREE digital copy, click here.