5 Key Challenges in Securing Resource-Constrained IoT devices


Last year saw one of the most massive series of Distributed Denial of Service (DDoS) attacks in Internet history. The attacks targeted Dyn, a major provider of Domain Name System (DNS), whose clients include internet giants such as Twitter, Reddit, Pinterest, GitHub, Paypal, Spotify, and the PlayStation Network, among many others.

The series of attacks were made possible by infecting thousands of unsecured Internet of Things (IoT) devices with malicious codes that formed a botnet. The botnet directed huge amounts of traffic to Dyn, making it difficult for users to access the websites serviced by Dyn.

The attack proved that resource-constrained IoT devices - that is, they have limited computational and storage capabilities - are vulnerable to attack because they have not been designed to have effective security measures. Securing IoT devices can be difficult for developers and IoT device designers because it requires experience with embedded system security. Enabling authentication and encryption in the chip and firmware is complex and can be challenging for software developers without experience in cryptography. Five of the key challenges in securing these resource-constrained devices are detailed below:

Challenge No. 1: Limited CPU and Memory

To prolong battery life, IoT devices typically possess low processing capabilities, limited memory and storage on flash or RAM and minimal network protocol support. It is a significant challenge for IoT device manufacturers and software developers to design complex and comprehensive security measures within a memory footprint of 64KB to 640KB. They need to keep the design simple and avoid adding unnecessary features while also leaving enough space for security software controls to defend against security threats.

Challenge No. 2: Vulnerable Networking Options

To simplify connecting a device to a network, many device designers support both Bluetooth and Zigbee. Hackers can easily compromise Bluetooth passwords or spoof mac addresses on a Zigbee network to take over devices. Device designers need to support standard network protocols like TCP/IP, Wifi (802.11i) and use standard PKI authentication techniques to ensure security from the endpoint device to the cloud.

Challenge No. 3: High Performance, Lightweight Cryptography

Like any other security mechanisms, encryption and decryption are resource-intensive tasks. They require significant processing and storage capacities that IoT devices lack. Furthermore, the encrypt-decrypt-re-encrypt process for transmitting and storing information add to the capacity requirements, making it even more difficult for IoT devices to handle. Instead, users and/or manufacturers of IoT devices should use lightweight algorithms that are suitable for resource-constrained environments. These include algorithms that are fast and responsive, more energy and storage efficient than conventional encryption and decryption algorithms, and powered by optimized crypto engines.

Challenge No. 4: Strong Passwords Are Not Enough

Users of IoT devices such as Smart Home owners normally lack the expertise to secure their connected devices. Some users even neglect to change their device's default password, thus leaving it wide open to attacks. Devices should implement more than just single-factor password authentication. By using multi-factor authentication and encrypting keys stored in the device, designers can significantly improve the integrity of the device.

Challenge No. 5: Enabling Secure Updates

Constant updates are critical for IoT devices - security software and firmware. However, IoT devices are often similar to plug-and-play devices. Users tend to set-and-forget and seldom - if ever - check for updates. Additionally, if a device is compromised, a hacker could install an unauthorized firmware update and take over the device. Thus, it is ideal for IoT devices to have a secure update mechanism.

A Trusted Security Platform for IoT Devices

The Mocana IoT Security Platform provides mission-critical IoT security solutions for embedded systems and the Internet of Things. It is comprised of software modules that can be customized and embedded into endpoints, gateways, and cloud servers. It goes beyond traditional perimeter-based security approaches by making devices trustworthy and enabling secure device-to-cloud communications.

With a tiny footprint of less than 30KB, Mocana IoT Security Platform's crypto engine has been optimized for use in processing power and memory-constrained environments while still offering a full-stack architecture and strong cryptographic engine that ensure device trustworthiness, authentication, integrity and confidentiality. Contact our security experts to get more information on how Mocana can help secure your devices.