Recently, The Industrial Internet Consortium released an interesting paper with their Recommended Security Best Practices for the Endpoint.
Barbara IoT is always excited with this kind of initiatives as we strongly believe that there is a lot of work to do in IoT security and the device is probably the weakest link currently present in the IoT value chain. And as we know, the chain is as strong as the weakest link, so securing devices should be a must (if it is not already).
This article goes through the basics of the IIC recommendations and maps them against the Barbara Software Platform, a secure solution for IoT device lifecycle. The following table summarizes the compliance matrix:
|IIC Recommendation||Barbara Software Platform Compliance||Comments|
|Root Of Trust||Depends on HW||Provides hooks for easy integration with TPMs|
|Endpoint Identity||Yes||Privately owned PKI|
|Secure Boot||Depends on HW||Can be ported to hardware supporting secure boot|
|Cryptographic Services & Secure Communications||Yes||“At-rest” and “in-motion” encryption. ALL comms authenticated and encrypted|
|Endpoint Configuration and Management||Yes||Barbara Panel provides OTA updates and Remote Configuration|
|Continuous Monitoring||Yes||Barbara Panel|
|Policy and Activity Dashboard||Yes||Barbara Panel|
|System Information and Event Management||Yes||Barbara Panel|
But let us get into the details….
IIC defines three security levels, Security Level Basic (SLB), Security Level Enhanced (SLE), and Security Level Critical (SLC), corresponding to security levels 2, 3, and 4 as defined in IEC 62443 3-3. The Basic level protects against “intentional violation using simple means with low resources”. The Enhanced level protects our system against “sophisticated means with moderate resources”. The Critical level steps up providing with protection for “sophisticated means with extended resources”. Depending on the application and the circumstances, you must protect your endpoint with the appropriate Security Level.
Based on these security levels, IIC propose three different architectures that should be based on open standards and should be interoperable between multi-vendor, multi-platform endpoints to be considered safe.
Let us go deeper into each one of these components, describing them in more detail and discovering how Barbara Software Platform complies with the IIC guidelines.
Root of Trust
Root of Trust (RoT) constitutes the basis of every endpoint security and provides features like endpoint identity and attestation of software and hardware identity and integrity. As you can imagine, the endpoint will be as strong as the Root of Trust so a secure implementation of the Root of Trust is mandatory.
Specifically, IIC claims that for enhanced and critical security levels, Root of Trust should be implemented based on Hardware. To comply with IIC recommendations we may need a specific hardware security chip (or similar) with tamper resistance.
Regarding Root of Trust, Barbara Software Platform puts together all security features to strengthen Root of Trust. Our software stack uses a privately owned PKI (Public Key Infrastructure based on Public Key Cryptography Standards) and provides the corresponding hooks to allow easy integrations with Trusted Platform Modules of the customer’s choice.
Endpoint identity is a basic component to build most of the security features. According to IIC recommendations, PKI (Public Key Infrastructure) support is mandatory to cover basic, enhanced and critical levels. It is also recommended to implement an Open standard certificate management protocol for issuing and managing certificates from an internal or external CA (certificate authority).
As commented before Barbara Software Platform is including its own PKI based on PKCS (Freeipa, www.freeipa.org/). FreeIPA is an integrated Identity and Authentication solution which provides centralized authentication, authorization, and account information. As requested by IIC, FreeIPA is built on top of well known Open Source components and standard protocols.
A trustable Secure Boot system cryptographically protecting endpoint power on is again a requirement for both basic, enhanced and critical levels. According to IIC best practices, this may implement cryptographic hashes based on PKCS (Public Key Cryptography Standards). Doing that we can be sure that software without the proper keys would be able to boot the device. Barbara Software Platform can be ported to hardware boards supporting a secure boot with reasonable effort.
Cryptographic Services and Secure Communications
Using cryptography during data transportation (in motion), for data storage (at rest) and applications (in use) is a clear requirement for the three security levels aforementioned (Basic, Enhanced, Critical). The features needed to provide such a protection are:
- Cryptographic Algorithms based on standards validated by NIST/FIPS.
- Asymmetric and symmetric cipher suites, hashing functions and random numbers, generators strong enough and based on PKCS (Public Key Cryptography Standards).
- In field update capability of cryptographic algorithms to be able to cover possible vulnerabilities.
- Policy-based control of the applications use of cryptographic functions, avoiding the use of non-secure cryptography.
- Interoperability of crypto keys and certificates across multi-vendor systems.
The Barbara Software Platform implements several features that guarantee the quality of the Cryptographic Services. It uses LUKS by default, which is the standard for the LINUX hard disk encryption. LUKS is Open, so it is easily auditable and It is based on PKCS as recommended.
On the data transport side, Barbara OS contains the required libraries to communicate using IoT standard application protocols over encrypted transport (TLS and DTLS).
On top of that, a secure end-to-end communications stack is required for the three defined levels. This communications stack should include support for authentication, protected connectivity, endpoint firewall and the inclusion of secure transport protocols (TLS, DTLS, SSH…). All these features are included in the Barbara Software Platform, so ALL Barbara communications are authenticated and encrypted.
Endpoint Configuration and Management
A scalable system to update the Operating System, applications and/or configuration of the device is required to comply with Enhanced and Critical levels, taking into consideration that it may be necessary to perform such updates over millions of endpoints at the same time. Of course, all of these operations should be performed in a secure environment including a certificate-based validation between the entity serving the update and the endpoint receiving it.
In this regard, the Barbara Software Platform includes the Barbara Panel. The Barbara Panel is the server side solution to manage all the endpoints of an IoT deployment. It provides a simple and centralized console for OTA (Over The Air) update management, device monitoring, and configuration management. All these features are offered within a first-class security environment.
Real-time monitoring of the endpoint is a requirement for the Critical security level, according to IIC. This would allow the user to control and prevent unauthorized changes in the configuration and have control at the application level to detect and prevent unauthorized activities such as the use of insecure ciphers that may compromise the system
The Barbara Panel includes an Alert system that would allow the user to receive predefined security alerts and define their own alerts and push them to the endpoints.
Policy and Activity Dashboard
To be compliant with Critical Level, the ability to remotely manage endpoints is required. The system administrator should be able to push and execute policies in a way that guarantees the correct distribution of the policies across the network, in that way acting as an effective security framework.
Barbara Panel allows deployment managers to monitor endpoint activities and define and push security policies based on the information acquired. As an example, new policies can deploy new rules in the aforementioned firewall when suspicious communication patterns are detected.
System Information and Event Management
Linked to the former paragraph, the ability to capture event logs and define and distribute the policies based on the information from the logs is also a requirement at the Critical level. These management operations are recommended to be done using data models or extensible formats like REST API or JSON.
Barbara Software Platform logging system provides system administrators with great amounts of information used for the generation of security policies.
Barbara IoT is making a huge effort to build a secure product. A product that can be used in the most demanding scenarios in terms of industrial security. Like IIC, we think that these kinds of initiatives can help the whole of the industry’s ecosystem by promoting confidence and empowering all actors within the ecosystem.
- IIC Endpoint Security Best Practices; IIC:WHT:IN17:V1.0:PB:20180312 Steve Hanna, Srinivas Kumar, Dean Weber.
- What users should know about Full Disk Encryption based on LUKS, Simone Bossi and Andrea Visconti; Cryptography and Coding Laboratory (CLUB), Department of Computer Science, Universitá degli Studi di Milano http://www.club.di.unimi.it/
Article written by Miguel Ángel Fernández, Product Manager at Barbara IoT.