The Security Manifesto and accompanying Digital Social Contract are an industry‑wide call to action from Arm’s CEO at the recent Arm TechCon, but developers have to act now, using available tools and pushing back to get security right.
Arm’s CEO Simon Segars implanted security at the forefront of everyone’s mind at the recent Arm TechCon event in Santa Clara, California. Clearly in a state of frustration at the currently vulnerable state of so many IoT devices and networks, he announced a Security Manifesto as the foundation of a Social Contract that he hopes everyone in the industry will adhere to; but without teeth, can it really help?
The many attack surfaces IoT devices and connectivity in general present have been well documented. With an expected gush of a trillion IoT devices, according to Arm, the problem of securing those devices looms large. Without a baseline level of security assurance, those trillion devices could create a security nightmare.
To help address the issue on stage at his keynote, Segars introduced Dr. Mary Aiken, a cybersecurity expert who also describes herself as a cyberpsychologist. That psychological aspect is critical, but first let’s look at the Manifesto itself:
- We must inspire trust as we scale the connected world
- No company is exempt from the Social Contract with users
- Security is a collective industry responsibility and is both an opportunity and challenge
- Advanced security intelligence should be distributed throughout the IoT
- Security must be a primary design consideration and be focused on lifetime protection
- We must build security systems that deal with potential human error.
The Manifesto can be downloaded from Arm’s site and comes packaged with a series of feature articles discussing the problem and the possible solutions, from compartmentalizing the CPU to a healthcare system that at one level acts like white blood cells in the human body to detect and attack intruders. A “cyber immune system,” as Segars calls it. If that doesn’t work, higher levels of care can be applied to either fix or remove the infected device from the network.
The Manifesto also includes a foreword by Aiken. In it, she discusses the psychological aspects of security, from usage patterns and user complacency, to analyzing the societal origins and motivations of both coordinated and individual attacks. As it happens, Aiken also serves as advisor on the show “CSI: Cyber” so she naturally suggests anyone implementing security to, “Think like behavioral profilers and consider means, motive, and opportunity.” Essentially, security means developing cyber behavioral insights.
Going further, and in order to reach some kind of globally accepted rules, Aiken is working on a “constitution for cyberspace” that even starts with, “We the people…” that focuses on the common good.
The psychology and business realities of security
Aikens' and Segars’ goals may seem lofty because, well, they are lofty. That makes them attractive at a high level, but for designers on the ground, management is still pushing deadlines and wants a product shipped, before they get beaten to market. This puts pressure on developers to de‑emphasize security and testing: ship now, test in the field, and update over the air. Maybe.
While developers are obliged to push back, and often are successful, in doing so, just as often, their product ships with a possible vulnerability, or two as the market pressure increases. However, armed with the Security Manifesto, developers may have some more impetus to push back, and have more weight when they do.
Still, a Manifesto is not a law, and while UL 2900 and The IoT Security Foundation and other organizations are working on something with more teeth to assure consumers of some level of security, that’s not an easy task. As Segars said in his keynote, security is a moving target and the industry needs to be flexible and anticipatory.
Practical solutions are available
That said, there is still only so much a single chip, board, subsystem or product designer can do: often it a vulnerability by a third party that compromises the security of the whole network. Developers can’t control that, but what they can control is their own design envelope.
To provide hands‑on assistance to designers under the gun, Arm, Ericsson and u‑blox collaborated on a concept that can integrate and secure IoT devices from any ecosystem to help scale secure products on a “massive” scale.
The concept was demonstrated at the last Mobile World Congress and focuses on how to secure identities from all the myriad devices on a network and factor in the many technologies they use. Assuming a massive deployment, a mechanism for hands‑off, or zero‑touch, deployment, provisioning, management, and securing must be used. The alternative, using individual user names and passwords for each, isn’t feasible.
Designers can tackle the security problem at the ground level. Secure deployment of IoT devices on a massive scale was demonstrated using an ODIN‑W2 IoT gateway with Wi‑Fi and Bluetooth.
The demonstration is described in more detail here, but it essentially used a smart goods delivery setup, where each parcel contains a constrained device. It was implemented on an ODIN‑W2 standalone IoT gateway module with Wi‑Fi and Bluetooth, using Arm mbed OS 5. mbed OS 5 has an mbed uVisor that creates a trusted execution environment (TEE) with sufficient security.
The point was that it showed how to leverage the AKA procedure and the EAP‑AKA approach for non‑cellular access to get an efficient low‑cost identity on the device side, and securely provision the identities to the device using the Lightweight Machine‑To‑Machine (LWM2M) protocol.
With a strong pull from the industry level, and active pushing at the development level, the goal of achieving a reliable and resilient level of security, while moving, may become more achievable.