#beyondthenow IoT security Podcast
Mike Dow, Senior Product Manager for IoT Security at Silicon Labs, provides the silicon vendor perspective on this episode of the #beyondthenow IoT security podcast. Mike and David examine the importance of chip security, the role of silicon vendors and the Root of Trust in IoT security, and the importance of looking to the future when designing products to meet customer requirements.
Listen on Your Platform of Choice
The sophistication of the attacks will grow over time and on the silicon side we have to ahead of the game, as it takes years to bake it in. So, we have to look even beyond our customers’ requirements, as essentially when our customers say they want it, we have to already have the silicon which is three years before they have it.
Key talking points in this episode:
- Introductions to Mike Dow (Senior Product Manager for IoT Security, Silicon Labs). [00:45]: “I've spent the last 11 years in various marketing roles in the semiconductor industry. did a lot of business development and industrial wireless, smart energy, smart cities IoT before it was cool and point of sale, which is basically where I cut my teeth on security.”
- Introductions to Silicon Labs. [02:00]: Silicon Labs is “A great IoT company focused on subnets. So, we're very focused on things underneath the big iron and the internet of things. And we have a long legacy of analog devices. We're in almost every Samsung TV with some analog tutors and such.”
- Where are we with silicon security? Are customers asking for security? [03:30]: “The great news is, is that there is pull. When I was working in smart energy and smart meters my customers were saying, well, I'm not going to put security in unless my customers demanded, but now you're starting to see pull.”
- Where is the pull for security coming from? Cybersecurity regulations mean you can’t ignore security in any market. [04:20]: “Regulations are pushing it, there are a lot of companies who are aware of the regulations, the medical industry for sure, but I think the consumer market, basically you've got Google, Amazon, and Apple trying to create these ecosystems in the home. And they want to open that up to as many device manufacturers as they can. Because the more devices that connect to the ecosystem, the bigger ecosystem gets. But the problem is, is how do you trust the device that gets attached to your ecosystem? One bad actor, one bad apple could spoil everything.”
- We’re moving from ignoring security to being actively concerned about the role it plays for a business’ success. [05:45]: “I'm starting to see a lot more, less glassy-eyed looks when we talk about security. They're very curious. And they're saying things like, please tell me more.”
- The change in IoT security over the last two years. [06:25]: “For the last 10 to 15 years in this space it's been about securing the pipe between the different devices. You want to make sure that's secure and people weren't really worried about the end nodes. And I think the big shift over the last two years or so is that now end nodes are in scope. If you look back in our product lines it was really about embedded TLS or some kind of a TLS to secure the connection between endpoints. But you weren't worrying too much about the keys in the device because you were saying ‘most people were going to be trying to do this remotely and they're not very sophisticated’. But we're starting to see attacks on the end devices themselves trying to put malware in the end devices, either remotely, or like I said, intercepting it in the supply chain.”
- Semiconductor vendors now have more IoT security considerations to worry about. [07:30]: “From a semiconductor perspective, now you have to worry about more things. It's not just about cryptography. It's about, having a security subsystem where you get assets, that you're actually protecting in the silicon. There have been secure elements for quite some time, but it only addresses securing the keys and the crypto, but you still have to pull the keys out of the safe to use them. And so, you still have to have a secure microchip.”
- The role of the Root of Trust, the secure boot process, and why this is important for semiconductor vendors. [08:15]: “You think about, okay, I'm going to have to secure the device itself. Right. How do you do that? Well, the first thing you have to do is make sure that the brains of the device, which is typically the microcontroller, has to be secure. And so how do you secure that? How do you secure the brains of the device so that when it boots and comes alive, you can trust that the code that's running in that brain is secure? This is where secure boot comes in. So secure boot is one of the main things that you have to do to create a secure device is you have to boot securely. In other words, the first piece of code that runs needs to be immutable.”
- Do OEMs have an appreciation for the Root of Trust and what it offers them? [10:15]: “At scale, customers are starting to ask for secure boot. I'm not sure they all understand what that means, but they know the term and they know the concept: I need to be able to trust my device because my device, the first thing that boots in my system is going to have to check other things. So, they're starting to ask for a secure boot. I think if you ask a lot of people, what a hardware root of trust was. 10 people, they might give you five or six different answers, but secure boot is something they're starting to ask about.”
- Silicon Labs are the first in the world to achieve PSA Certified Level 3. The role of remote attacks vs. physical attacks and why it is important to protect against both. [11:35]: “You need a secure identity in the device that you can check along the processing path. And even after deployment, you can check the authenticity of the device and that requires a secure identity. And when you say secure identity, that means you've got basically a secret key in the device that needs to stay secret. And this is where physical attack factors come in. You need to protect those credentials.”
- The sophistication of the attacks will grow over time, and we must be ahead of the game. [14:18 ]: “The sophistication of the attacks just grow over time and we on the silicon side have to be ahead of the game because it takes three years to bake it in. So, we've got to look even beyond our customer's requirements because essentially once our customers say they want it, we already have to have the silicon done.”
- The time delta between creating a silicon product and that product being in the market is quite large: We essentially have to predict the future [15:22]: “My world is looking five years out. I have to know what the customer wants before they know they want it.”
- Looking five years ahead, staying ahead of where the world is moving. How much can you patch later? The role of updatable security subsystems. [16:22]: “We at silicon labs, we believe in updatable security subsystems. We have this philosophy that over time, even a security subsystem that we think we've made perfect, there may be new curves that need to be added to the subsystem. We believe that we need to be able to update our security subsystem over the air and not just the application code, but the security subsystem itself. So that's an important thing you've got to build in.”
- You must start with good-quality silicon, or everything unravels. [18:24]: “You got to start with really good silicon, and you've got to start with it out of the gate as best you can.”
- IoT deployment models and the long lifecycle of IoT, especially for embedded sensors. [19:03]: “We often talk about IoT deployment models being, you know, generally devices are in the field for a long time by technology standards. Maybe 5, 10, 15 years, even, depending on some of the use cases. Looking at the confidence to deploy devices that are in the field for so long and the need to bake in security from the outset. Do you see that hand in hand? Do you have evidence that solving this is part of building the confidence for IoT to really achieve the scale that we keep talking about?”
- If the premise is that that the crooks will always find a way, and always find a hole, then a good engineer will always build in a mechanism to update. [19:57]: “It's paramount. If the crooks will always find a way or always find a hole, then a good engineer will always build in a mechanism to update. Now that's easier said than done.
- Why update policies are suddenly very important. [20:40]: “This is something that's coming through in all the regulations. They're basically acknowledging that security needs to be updated over time. So, one of the things I'm tackling right now is that our update policy on our software is pretty short-term because people were okay with that. But once you start doing security certifications, because the requirements are going to require you to update the device. There are going to be laws that basically require certifications. And now you have to do this warranty. So, how do I offer my customers a long-term support service? Because just telling them they can update their code is not good enough for me.
- PSA Certified Security Report 2021 and the feedback from the industry on cost, the view on cost from a silicon vendor point of view? [22:37]: “I think there are multiple areas of expense. So, the Silicon itself, I would say at 90 nanometers security, a really good security system was I guess, relatively expensive from a dye size perspective. But down to 40 nanometers, I think it's reasonably priced in our world is less than the dye area. It’s certainly way less than the radio. The analog side of it. So, it's digital, so it shrinks typically with the geometry. So, I think security is quite the bargain today.”
- The additional costs such as device management services and insurance add up, but the benefits outweigh the negatives. [24:02]: “There are other costs. if you're going to do over the updates, now I got to add a $0.30 external spy flash. I've got to maybe pay for a long-term support contract for the SDK. I've got to have an over the update service period, where do I get that? This is the device management service that you would have to pay for. I think the benefit is insurance, but it's like any other insurance you take out, you don't like it, but you pay it because the ramifications if you don't are huge, much larger than the investment you're going to have to put in.”
- What can we learn about IoT security certification from other industries? [27:00]: “Certification I'm really passionate about. Because I cut my teeth in the point-of-sale market from an IoT perspective, the point-of-sale market is way ahead on the security front. The payment card industry (PCI) did a good job of protecting consumer data at the terminal. So, if you think about a payment terminal that you slide your card into at a retailer, that is an IoT device, it goes up to the cloud and does the transaction and pushes that backdown. It's a very sophisticated IoT device with sophisticated back in and PCI has very good controls and certification processes for the terminal itself. This market is pretty much dominated by two players. When I was at NXP I created a PIN pad. And I took that through certification and it was incredibly hard to do that. And it took me probably a year and a half to get my certification by the time I started.”
- Inheriting IoT security certification and “crowdsourcing” certifications to avoid choking the ecosystem. [29:00]: The PCI certification process “is not going to scale for IoT. So, we've got to be innovative in how we do this. So, a couple of things, one is inheritance. I'm okay with spending some budget every year to make sure that my silicon is certified, but what needs to happen in the market is that unlike PCI- I did that certification but my customers could not reuse that, they could not inherit it- that's got to be different for IoT. We've got to allow inheritance. So, if I do a PSA Certified level two or three, any customer that uses that chip should be able to inherit that goodness, that certification should come with it. Right. And they shouldn't have to do it again.”
- Mike’s advice for the future of IoT: consolidating requirements and protection profiles. [34:22]: “The requirements have got to consolidate. There are too many. There's NIST and there’s ISO. Then you’ve got ETSI in Europe. So, the base bar of requirements has got to consolidate, and I hope it will. The other thing which we haven't talked about is the need for protection profiles. What’s missing in all the certification standards is that it doesn’t specify what is in scope to test. And that's where a protection profile comes in or a security profile. All the vendors who make a particular type of device, let's say consumer cameras. What would be ideal five years from now is that the top five consumer camera manufacturers in the world sat in a room and created a base protection profile for consumer cameras.”
Share this page
The PSA Certified name, PSA Certified logos, PSA Functional API Certified logo featured on this website are registered trademarks or trademarks of Arm Limited (or its subsidiaries) in the US and/or elsewhere. All rights reserved. Other brands and names mentioned on this website may be the trademarks of their respective owners.
Copyright © 2021 Arm Limited (or its affiliates). All rights reserved.
Sign Up To Stay Up to Date With Our Latest Podcasts Episodes