COVID-19 and medical IoT device security
Mitigating risk by implementing PKI at design level
IoT (Internet of Things) has rapidly bridged the gap between our physical and digital worlds through wearable consumer devices, smart home appliances and mission-critical systems like autonomous cars, power grids and medical devices. Device manufacturers and IoT product designers face cybersecurity expectations and an inherent feeling that as an industry we don’t know how to do security right just yet. Cybersecurity is important in all connected devices, but it becomes most critical in devices that keep people alive.
The sheer volume of online and connected devices is growing exponentially year over year. When it comes to security, every new device expands IoT attack vectors. Medical devices like insulin pumps and pacemakers deliver regulated signals to monitor patient health and inform treatment plans. If a cyber-attacker can access the device, they can intercept and modify data, impacting everything from dosage delivery to the device’s software and firmware – potentially impacting the device’s function and more importantly, patient safety.
Common security risks include:
- Weak authentication: Many low-cost medical devices like connected insulin pens have limited data and capabilities, so manufacturers often invest little into security. Yet it’s important to prioritize not necessarily the device, but what data the device has access to.
- Hard-coded credentials: Hardcoded passwords and keys are common in software and firmware to simplify deployment and scale. Developers embedding credentials in plain text into source code make it easier for access when needed, but a high risk if discovered or published online.
- Shared and unprotected keys: Many devices use symmetric encryption, where identical keys are used to encrypt and decrypt data. This is a more secure option than static or hardcoded credentials, but problems can occur when trying to securely provision and/or store these keys. In the event of a key leak on the device or its connected endpoints the entire system could be compromised. Asymmetric encryption can address shared key issues as it uses mathematically related shared key pairs, but if the private key isn’t securely stored, the device remains at risk. This is particularly hard to overcome for developers working to tight timelines.
- Weak encryption: Encryption is only as strong as the cryptographic keys and algorithms it uses. With correct implementation, encryption is practically impenetrable, but weak algorithms and poor entropy sources can undermine cryptography used in IoT devices. Lightweight devices with limited power and ability to generate adequate entropy face greater risk as they lack the random input needed to produce strong encryption keys. A limit or lack of sufficient random number generation can be exploited by attackers, making it easier to access and derive the private key – compromising the device.
- Unsigned firmware: Code signing is becoming a popular tool for developers to help verify the authenticity and integrity of code they push into production.
COVID-19: Rapid device production leads to rapid rise in security risks
In response to the COVID-19 pandemic, governments worldwide have called on manufacturers to re-tool their lines in support of critical technology production. Availability of these devices will make a positive impact on the world’s response to treating the outbreak, as long as any connected products are sufficiently secured. Many IoT devices deployed today have poorly implemented security, as manufacturers continue to ship devices with default passwords or shared cryptographic keys across devices – making entire product lines vulnerable.
Ensuring device security is an important first step that starts at design and stands up through the device lifecycle. Over the last few years industry regulators have released frameworks and guidelines to help manufacturers align to best practices. The pandemic has led those same regulators to relax some rules in support of government’s call for diagnostics, systems and device production to combat the pandemic. Even in these unprecedented times, it’s important to ensure that anyone producing connected devices has the framework and tools they need to make them secure.
One example is the FDA, who issued pre and post market guidance for medical device manufacturers to meet market submission security requirements. The IoT Security Foundation (ISF) and Industrial Internet Consortium (IIC) released similar frameworks.
Unlike traditional IT, the inherent nature of IoT devices means that a deploy first, secure later approach would be expensive and hard to achieve due to the sheer magnitude of IoT deployments. The diversity of hardware, software and protocols is another factor. Regardless of application, IoT implementations share common security requirements: a trusted device identity, data confidentiality, and integrity of data and firmware running on the device. These translate into authentication, encryption and signing.
Secure IoT deployments require:
- Strong mutual authentication between connected devices and applications
- Encryption of data at rest and in transit
- Signing and validation of firmware on the device
Ability to securely update credentials, cryptography and firmware over time
Enabling security at design with PKI technology
Public Key Infrastructure (PKI) is a trust framework composed of hardware, software, policies and procedures needed to manage trusted digital certificates and public key encryption. For decades, PKI has served as the backbone of Internet security, and today it’s a flexible and scalable solution used to address the data and device security needs of the IoT. The real advantage PKI delivers is the ability to implement these safeguards with minimal footprint on the device and at massive scale. It addresses the complexity and diverse security challenges of designing and delivering IoT products to market – providing unique identity, authentication encryption, and secure signals and over the air updates for millions of connected devices.
Key considerations for IoT PKI include:
- Knowing where the certificate root of trust is hosted and identify whether certificates are issued from an internal PKI, public CA or managed PKI.
- Knowing where certificates are stored whether in a TPM or secure element embedded in the device.
- Ensuring connectivity at the factory, whether certificates are generated locally, via a signed CA at the factory, or in advance.
- Understanding risks and regulations that determine the length of certificate validity, key sizes, algorithms and required audit trails.
PKI is a fundamental security tool used by most organizations today, but enterprise PKI is much different than PKI that fits within complex hardware supply chains and IoT device lifecycles – especially for device manufacturers with little to no knowledge of cryptography.
Innovators that provide strong security at scale will differentiate their products, protect their brand and prevent warranty claims or expensive device recalls. PKI done right is a compelling solution for scalable IoT security, particularly as we navigate rapid production through these unprecedented circumstances.
Ellen Boehm is senior director of IoT product management at Keyfactor, providers of secure digital identity management solutions. www.keyfactor.com.