Cryptographic Security in IoT (I)

viernes, 21 de octubre de 2016

The proliferation of IoT services platforms and devices is occurring much faster than the adoption of security measures in its field. In the face of the urgent need for mechanisms that guarantee the authentication, integrity and confidentiality, of both communications and the devices themselves, the trend is to transfer cryptographic solutions contrasted in traditional IT, such as public key digital certificates over SSL/TLS protocols.

But the main problem with this approach is to be found in the storage of these certificates on the device. In traditional IT, the operating system is generally responsible for this task. Both Microsoft Windows and Mac OS X, or Linux/UNIX, and their mobile variants (Windows Phone, iOS and Android) have a software tool for this purpose (KeyStore), that generally comes pre-loaded with multiple trust certificates, at least, for the operating system manufacturer.

Microsoft Windows Certificate Manager

Cryptography in IT
But these software storage systems present several weaknesses due to their very nature, and so, in IT settings where security is a priority, the current trend is to use a cryptographic hardware element called a TPM (Trusted Platform Module).

The technical specifications of the TPM module are set forth in an open standard defined by the Trusted Computing Group (TCG). The TCG is a non-profit organisation made up of the main market manufacturers of software and hardware, whose goal is to define, develop and promote open specifications and standards for “secure and reliable computing”.

The TCG started its work in 2003, following in the footsteps of the Trusted Computing Platform Alliance, created in 1999. Since its beginnings, the organisation has been mired in controversy. The free software community, with Richard Stallman at the forefront, has been particularly critical, as the original motivation for it was to protect intellectual property via digital rights management, or DRM.

The TPM module is based on a crypto-processor (discrete chip) that provides advanced security capabilities. It enables the generation and storage of cryptographic keys and operations to be performed on them, in such a way that the keys never abandon the chip, which is specifically protected against physical attacks (tampering).

Produced by different manufacturers (Infineon, Atmel, STMicro, Broadcom, etc.), alongside protection against physical attacks, they include security mechanisms to withstand logical attacks. The NIST accredits them with level 4 certification FIPS 140-2. The use of TPM modules presents restrictions in several countries such as China, Russia, Belarus and Kazakhstan.

Many desktops, business range laptops and servers incorporate a default TPM module (estimated at over 300 million), though it is also possible to incorporate one separately through the connector that the LPC bus presents in a wide variety of post 2004 domestic machines.


TPM modules can securely store a large variety of objects: digital certificates, asymmetric keys, symmetric keys, credentials, cookies, signatures, audit logs, etc.

These are integrated at the BIOS/UEFI level of the machine, and enable certain security criteria to be added in the system pre-start, such as integrity check for configuration changes. These mechanisms are known as “Platform Configuration Registers” or PCRs. One interesting and highly useful function is that it offers the option to authenticate the device rather than the user. Thus, it is possible to establish network access policies in AP wireless, firewalls, routers, switches, etc. compatible with standard 802.1x.

TPM settings in an American Megatrends BIOS
TPM integration with the Operating System provides a complete API of cryptographic services that can be widely exploited with Microsoft Windows from the Vista version and Server 2008. Worth particular mention is its ease of use with BitLocker to encrypt disc units, with Outlook for encrypting and/or signing emails, in the storage of digital certificates and VPN credentials, and with different group policies for the Active Directory on Windows Server. For its part, Apple briefly included TPM modules in their first Intel processor MacBook in 2006, but official support is practically non-existent these days.

On the GNU/Linux side of things, different drivers and tools have been developed for the use of TPM modules. Its support is included in the Linux kernel starting with version 2.6, along with the possibility of housing SSH keys and establishing security policies for system start-up through Trusted GRUB and U-boot.

Google distributes its Chromebooks with a default pre-activated TPM, as indicated, due to security questions that have been analysed by MIT researchers.

TPM specifications are set down, as of 2009, in the ISO/IEC standard 11889. The most recent version (TPM v2.0) is from 2014 and incorporates numerous advances, such as the possibility to use multiple Root Keys, SHA-256 overviews and elliptic curve cryptography “ECC” algorithms. But the most significant advance is the possibility to implement the TPM module in firmware mode (fTPM), executed within a Trusted Execution Environment (TEE). It is provided at a hardware level in the most recent Intel, AMD and Qualcomm processors, and is omnipresent in ARM architecture where it is called TrustZone.

Microsoft Windows TPM management component
Thus, the hardware security characteristics provided by TEE make up the foundation of the cryptographic security that most modern smart phones are implementing, both in the biometric authentication process and it their use as a payment method. However Apple has its own development of similar characteristics known as "Secure Enclave", integrated into its new A7 processors.

Cryptography before IoT
When we browse the Internet of Things, we find tiny embedded systems that, with any luck, manage to execute reduced versions of Linux as an operating system because, in many cases, they only have an SoC (System On a Chip) type microcontroller.

Though every new SoC generation is stronger than the previous one, they are still far from having the characteristics needed to transfer over cryptographic solutions from traditional IT, such as keystore software or conventional TPM hardware. Small IoT devices require cryptographic solutions that are adapted to their own dimensions, as well as capacity, complexity, usage, cost, etc. Though this may seem it, it really isn’t that new. This need has been a reality for quite some time, as have the solutions. A worthy example would be how naturally we have accepted, for the past 25 years, cryptographic security in our mobile phones. We assume, simply because we have a SIM in our possession, that the operator can unequivocally authenticate us with no risk for error, interference or identity theft, and that our voice and data communication travels through the air meticulously encrypted without any possibility for third party interception.

This, a reality in our day-to-day lives, has been achieved by establishing a shared secret between the operator and ourselves, as simple as a 128-bit symmetric key known as "Ki", jealously guarded in the operator’s infrastructure and sturdily stored within our SIM, from where it will never leave.
In this case, the SIM acts as a cryptographic device, storing the symmetric key, performing the necessary cryptographic operations without ever abandoning the SIM, and implementing additional protective measures against both physical and logical attacks.

And so the various challenges of symmetric and asymmetric key management emerge, in devices that, in general, will be remote, autonomous or unattended. Special importance is given to the “personalisation” phase in device production or post-production, along with deployment techniques or mechanisms or enrolment in their respective service platforms.

Hardware cryptography for IoT
It is possible to find different cryptographic devices similar to the SIM, with both symmetric and asymmetric keys and in different discrete formats. The ATMEL cryptographic hardware family particularly stands out, due to both its ease of use and documentation as well as the accessibility to development kits and open source libraries.

These took on special relevance when Sparkfun joined several of them in a card as an accessory to the BeagleBone board, highly used by Josh Datko in his 2014 book BeagleBone for Secret Agents. That year, he gave a demonstration at the prestigious DEF CON 22 conference.

Similar gadgets began to appear shortly afterwards, particularly boards such as the Raspberry PI, due to its accessibility to the I2C bus and SPI through which these devices usually communicate. Lastly, it was Sparkfun who once again joined all these elements in a Crypto Shield for Arduino, which can be used in a conventional UNO.
In addition to a real-time clock (RTC), it incorporates four cryptographic elements:
  • A TPM Atmel AT97SC3204T, for encryption and RSA asymmetric signing. 
  • An Atmel ATAES132 authenticator, for authentication and AES symmetric encryption. 
  • An Atmel ATSHA204 authenticator, for MAC/HMAC SHA-256 authentication. 
  • An Atmel ATECC108 authenticator, for authentication and encryption via ECDSA Elliptic Curve algorithms.
The presence of a cryptographic hardware device based on hyperbolic curve algorithms, specifically on ECDSA Elliptic Curve ones, seems to indicate the road to go down.

Elliptic Curve Cryptography
Hyperbolic curves have been known about and studied for over a century. Though their application in cryptography initially had its detractors, today it is one of the most promising fields within modern asymmetric encryption techniques.

Though its theoretical complexity is relatively high, it presents certain advantages versus traditional algorithms based on factorisation, such as RSA. Its implementation is very efficient due to the same arithmetic of the elliptic curves and, above all, it manages to reach optimum security levels with significantly reduced key sizes. This property makes elliptic curve cryptography (“ECC”) the ideal candidate for implementation in devices with small capacity for calculation, such as those found in the IoT ecosystem.
These days, elliptic curve algorithms are, by and large, set out in the main international regulations and certifications.


In fact, the most popular cryptographic software, OpenSSL, supports ECDH and ECDSA elliptic curve algorithms for key exchange, encryption and digital signatures, from its v0.9.8 version and through a wide variety of curves. They can be consulted with command:

openssl ecparam -list_curves


As ECC algorithms are already fully compatible with the majority of servers and browser of the World Wide Web, reputed certification entities such as DigiCert, Entrust, GlobalSign and particularly Symantec, have root certificates signed with ECC algorithms, as well as full capacity for their issuance and distribution.
Yet the first large-scale use of elliptic curve cryptography can be found in the crypto-currency Bitcoin, which has been using ECDSA for transactions signatures since its appearance in 2009.



IoT Devices
The need to provide cryptographic capacities in the IoT world is leading manufacturers to include specific hardware in their general use devices destined for the makers’ ecosystem.

One of the first to do so was the Italian firm Axel Electtronica which, with its Smarteverything, managed to unite a large number of sensors and a SIGFOX (868 Mhz) wireless network module, in addition to a Crypto-Authenticator Atmel SHA204a
In the same vein, the official Arduino matrix has announced a new model that is specially conceived for IoT and known as MKR1000, which, among other characteristics such as a WIFI 802.11 b/g/n network module, will have an Elliptic Curve Crypto-Authenticator Atmel ECC508a.
Added to the natural tendency to facilitate wireless connection mechanisms is the trend for including cryptographic authentication elements. It will be some time yet before this practice is generally applied and until it becomes an essential requirement. While this takes place, it will be common to connect them discretely as independent modules.
This is possible via accessible communication standards that generally use an I2C or SPI bus, and the abundant documentation that the manufacturers publish. Practically any system or platform that has an I2C bus can easily incorporate cryptographic hardware; for example, all those based on the Arduino system shown in the following table:



In the following section we will elaborate on other interesting aspects regarding cryptography and IoT hardware and describing the libraries and hardware available practicing with cryptography in IoT. 

1 comentario: