Quite recently, The Industrial Internet Consortium has released an interesting paper with their Recommended Security Best Practices for the Endpoint.
Barbara IoT is always excited with this kind of initiatives as we strongly believe there is a lot of work to do in IoT security and the device is probably the weakest link currently present in the IoT value chain. And as we know, the chain is as strong as the weakest link, so securing devices would be a must (if it is not already).
This article goes through the basics of the IIC recommendations and maps them against the Barbara Software Platform, a secure solution for IoT device lifecycle. The following table summarizes the compliance matrix:
|IIC Recomendation||Barbara Software Platform Compliance||Comments|
|Root Of Trust||Depends on HW||Provides hooks to easy integrate with TPMs|
|Endpoint Identity||Yes||Privately owned PKI|
|Secure Boot||Depends on HW||Can be ported to hardware supporting secure boot|
|Cryptographic Services & Secure Communications||Yes||“At-rest” and “in-motion” encryption. ALL comms authenticated and encrypted|
|Endpoint Configuration and Management||Yes||Barbara Panel provides OTA updates and Remote Configuration|
|Continuous Monitoring||Yes||Barbara Panel|
|Policy and Activity Dashboard||Yes||Barbara Panel|
|System Information and Event Management||Yes||Barbara Panel|
But let’s get into the details….
IIC defines three security levels, Security Level Basic (SLB), Security Level Enhanced (SLE), and Security Level Critical (SLC), corresponding to security levels 2, 3, and 4 as defined in IEC 62443 3-3. Basic level protects against “intentional violation using simple means with low resources”. Enhanced level protects our system against “sophisticated means with moderate resources”. Critical level steps up providing with protection for “sophisticated means with extended resources”. Depending on the application and the circumstances, you must protect your endpoint with the appropriate Security Level.
Based on this security levels, IIC propose three different architectures that should be based on open standards and should be interoperable between multi vendor, multi platform endpoints to be considered safe.
Let’s go deeper into each one of these components, describing them in more detail and discovering how Barbara Software Platform complies with the IIC guidelines.
Root of Trust:
Root of Trust (RoT) constitutes the basis for every endpoint security and provides features as endpoint identity and attestation of software and hardware identity and integrity. As you can imagine, the endpoint will be as strong as the Root of Trust so a secure implementation of the Root of Trust is mandatory.
Specifically IIC claims that for enhanced and critical security levels, Root of Trust should be implemented based on Hardware. To comply with IIC recommendations we may need an specific hardware security chip (or similar) with tamper resistance.
Regarding Root of Trust, Barbara Software Platform puts together all security features to strenght Root of Trust. Our software stack uses a privately owned PKI (Public Key Infrastructure based on Public Key Cryptography Standards), and provides the corresponding hooks to allow easy integrations with Trusted Platform Modules of customer’s choice.
Endpoint identity is a basic component to build the most of security features. According IIC recommendations, PKI (Public Key Infrastructure) support is mandatory to cover basic, enhanced and critical levels. It is recommended as well to implement an Open standard certificate management protocol for issuing and managing certificates from an internal or external CA (certificate authority).
As commented before Barbara Software Platform is including its own PKI based on PKCS (Freeipa, www.freeipa.org/). FreeIPA is an integrated Identity and Authentication solution which provides centralized authentication, authorization and account information. As requested by IIC, FreeIPA is built on top of well known Open Source components and standard protocols.
A trustable Secure Boot system cryptographically protecting endpoint power on is again a requirement for both basic, enhanced and critical levels. According IIC best practices, this may be implemented cryptographic hashes based on PKCS (Public Key Cryptography Standards). Doing that we can be sure that software without the proper keys would be able to boot the device. Barbara Software Platform can be ported to hardware boards supporting secure boot within a reasonable effort.
Cryptographic Services and Secure Communications:
Using cryptography during data transportation (in motion), for data storage (at rest) and applications (in use) is a clear requirement for the three security levels aforementioned (Basic, Enhanced, Critical). The features needed to provide such a protection are:
- Cryptographic Algorithms based on standards validated by NIST/FIPS.
- Asymmetric and symmetric cipher suites, hashing functions and random number. generators strong enough and based on PKCS (Public Key Cryptography Standards)
- In field update capability of cryptographic algorithms to be able to cover possible vulnerabilities.
- Policy based control of applications use of cryptographic functions, avoiding the use of non-secure cryptography.
- Interoperability of crypto keys and certificates across multi-vendor systems.
The Barbara Software Platform implements several features that guarantees the quality of the Cryptographic Services. It uses LUKS by default, which is the standard for LINUX hard disk encryption. LUKS is Open, so it is easily auditable and It is based on PKCS as recommended.
On the data transport side, Barbara OS contains the required libraries to communicate using IoT standard application protocols over encrypted transport (TLS and DTLS).
On top of that, a secure end-to-end communications stack is required for the three defined levels. This communications stack should include support for authentication, protected connectivity, endpoint firewall and inclusion of secure transport protocols (TLS, DTLS, SSH…). All these features are included in Barbara Software Platform, so ALL Barbara communications are authenticated and encrypted.
Endpoint Configuration and Management
And scalable system to update the Operating System, applications and/or configuration of the device is required to comply with Enhanced and Critical levels, taking into consideration that it may be needed to perform such updates over million of endpoints at the same time. Of course, all this operations should be performed in a secure environment including certificate-based validation between the entity serving the update and the endpoint receiving it.
In this regard, Barbara Software Platform includes the Barbara Panel. Barbara Panel is the server side solution to manage all the endpoints of an IoT deployment. It provides a simple and centralized console for OTA (Over The Air) update management, device monitoring and configuration management. All these features are offered within a best of class security environment.
Real time monitoring of the endpoint is a requirement for Critical security level, according IIC. This would allow the user to control and prevent unauthorized changes in the configuration and to have control at application level to detect and prevent unauthorized activities as the use of insecure ciphers that may compromise the system
Barbara Panel includes and Alert system that would allow the user to receive predefined security alerts and to define her own alerts and push them to the endpoints.
Policy and Activity Dashboard
To be compliant with Critical Level, it is required the ability to manage endpoints remotely. System administrator should be able to push and execute policies in a way that guarantees the correct distribution of the policies across the network, acting in that way as an effective security framework.
Barbara Panel allows deployment managers to monitor endpoint activities and to define and push security policies based on the information acquired. As an example, new policies can deploy new rules in the aforementioned firewall when suspicious communications patterns are detected.
System Information and Event Management
Linked to the former paragraph, the ability to capture event logs and to define and distribute policies based on the information from the logs is also a requirement for Critical level. It is recommended these management operations to be done using data models or extensible formats like REST API or JSON.
Barbara Software Platform logging system provides system administrators with great amounts of information that would be used for security policies generation.
Barbara IoT is making a huge effort to build a secure product. A product that can be used in the most demanding scenarios in terms of industrial security. Like IIC, we think this kind of initiatives can help the whole industry ecosystem by promoting confidence and empowering all actors within the ecosystem.
- IIC Endpoint Security Best Practices; IIC:WHT:IN17:V1.0:PB:20180312 Steve Hanna, Srinivas Kumar, Dean Weber.
- What users should know about Full Disk Encryption based on LUKS, Simone Bossi and Andrea Visconti; Cryptography and Coding Laboratory (CLUB), Department of Computer Science, Universitá degli Studi di Milano http://www.club.di.unimi.it/