This article looks at the key issues in the security of RF systems. While security is becoming a vital element of any roll out of the Internet of Things, it adds additional complexity to the design and development. This article looks at the security implications of different IoT implementations, from low-power ISM networks such as ZigBee and Thread to larger scale Wi-Fi networks.
The Internet of Things is evolving with many different wireless technologies and this is highlighting the need for different security approaches. As more and more devices are deliberately accessible over the Internet, many different security approaches for the different protocols are emerging. There are different security systems for Wi-Fi, ZigBee and Bluetooth, as well as proprietary wireless networks such as Dust that have their own security techniques. All of these are based on the same cryptographics essentials but vary in their implementation and support in components.
Early implementations of the IoT took little regard for security. While there was concern to protect the code in a microcontroller from being copied (or changed, which is a security issue) there was less focus on securing the wireless link. Some took the approach of 'security by security', where developers were fairly confident that hackers would not find the devices. That has been shown to be optimistic by recent situations where wireless cameras have been easily accessible, with that access collected into a website for easy viewing.
Now, securing a wireless IoT network is essential from end-to-end to prevent a wide range of possible attacks. However, there are many different layers of security within such a system, from the access control to prevent unauthorized use of a node, to protecting the data flowing between nodes and gateways with encryption. The overall system configuration and security management also has to be protected (which is essentially the same as the root mode in an operating system).
Because a lot of IoT equipment is aimed at the home, one of the main wireless techniques is Wi-Fi. Prevalent for home broadband networks, this can provide a ready-made infrastructure. However, Wi-Fi has been notoriously difficult to secure and relies on users to enter passcodes (or setup protocols) that are more complex to use and can be compromised.
The security of Wi-Fi wireless links has been a challenge for system designers for many years. The early techniques such as Wired Equivalent Privacy (WEP) are actively discouraged even though it is the most widely used Wi-Fi security algorithm in the world. This is down to its age, backwards compatibility, and the fact that it appears first in the encryption type selection menus in many router control panels. WEP was ratified in 1999 and the first 64-bit versions suffered from the restrictions on exporting encryption technology. This was later boosted to use 128-bit encryption keys, and remained the most common implementation even with later 256-bit key versions and the fact that it was officially retired from use in 2004.
The increasing processing power of microcontrollers allowed new techniques such as Wi-Fi Protected Access (WPA) to use pre-shared keys in WPA-PSK. This added 256-bit keys and integrity checks to prevent 'man in the middle' attacks where hackers captured or altered packets passed between the access point and client. The Temporal Key Integrity Protocol (TKIP) uses a new key for each packet. Although this was more secure than WEP, it was a firmware upgrade and so relied on elements of WEP that could be compromised, and was superseded by the Advanced Encryption Standard (AES) which was used for WPA2.
AES is obligatory for WPA2 and led to the integration of AES engines in many microcontrollers. WPA2 also adds CCMP (Counter Cipher Mode with Block Chaining Message Authentication Code Protocol) as a replacement for TKIP, which is still used for backward compatibility with WPA systems.
Using passcodes to set up the security of a wireless system does not scale with millions of embedded devices, and while the home is a key platform for the IoT, there are different ways emerging to secure the network.
This was one of the key drivers in the development of the ZigBee implementation of the IEEE802.15.4, 2.4 Hz standard. This also uses AES with 128-bit keys implemented in hardware rather than software. It allows the AES algorithm to not only encrypt the data being transferred but also validate the data that is sent. This is handled by a Message Integrity Code (MIC) (or Message Authentication Code (MAC)) that is added to the message. This maintains the security of the header and the data in the payload. It is created from the MAC frame using the network key so that it can be decoded by any of the nodes. If a message comes from a non-trusted (spoof) node, then the MAC of the message will not match that of a genuine packet and so can be discarded before any malware enters a node.
Figure 1: The 802.15.4 ZigBee security framework.
There are three security fields in the 802.15.4 MAC frame. The Frame Control is found in the MAC Header; as is the Auxiliary Security Control, although this is only enabled if the Security Enabled subfield of the Frame Control Frame is on. This has three fields to specify the type of security being used, a frame counter to protect the message from being replayed, and a key identifier.
As an example, Microchip's MRF24J40 RF transceiver includes a security engine that supports encryption and decryption at the MAC sublayer and at higher levels for 802.15.4 systems.
Atmel's AT86RF233 802.14.4 RF engine also adds hardware-MAC support with an Extended Operating Mode and an AES security engine to improve the overall system power efficiency and timing. The stand-alone 128-bit AES engine can be accessed in parallel to all PHY operational transactions and states using the SPI interface, except during SLEEP and DEEP_SLEEP states.
Figure 2: Atmel's AT86RF233 showing the AES security engine that can be used in parallel with any of the physical transactions on the SPI interface.
However, at the higher levels of the standard, all this can add complexity to the firmware; so there are other approaches being developed using the same physical layer.
Dust Networks, now part of Linear Technology, developed its own 802.15e implementation of a mesh network for IoT applications. It worked with Eterna on a FIPS-197 validated encryption scheme that includes both authentication of the nodes and encryption of the data at both the MAC and network layers with separate keys for each node. This not only yields end-to-end security, but if a node is compromised, communication from other nodes is still secure. A mechanism for secure key exchange allows keys to be refreshed and kept secure. To prevent physical attacks on the network, Eterna supports the ability to electronically lock devices and prevent access to the flash and RAM where the keys are stored.
Figure 3: The LTP5901 Dust transceiver module from Linear Technology.
Another approach is being taken by the Thread group. This is developing a protocol based on the 2.4 GHz physical layer of 802.15.4 in the same way as ZigBee, but takes a different approach in the higher levels where the security sits. Although the details are still sketchy, Thread uses 128-bit AES and says it is avoiding the vulnerabilities of Wi-Fi and ZigBee while still being easy to configure. Backed by Yale Security, Silicon Labs, Samsung Electronics, Google's Nest Labs, Freescale Semiconductor, Big Ass Fans and ARM, this has plenty of hardware support.
Other companies have also been looking at layers on top of the physical standards to implement security. For example, a UK startup called Intercede, which is backed by ARM, is also looking at ways to secure the Internet of Things. It already replaces passcodes in banking systems and is now looking at ways to secure wireless communication links between cars and from cars to the roadside infrastructure.
As the cost of a wireless network has fallen, they are becoming more prevalent. With the Internet of Things driving more interest in connecting all kinds of devices to the wider Internet, securing those networks has become a vital element of any design. Network security has evolved from WEP to WPA2, adding new capabilities such as AES that are also being adopted by more embedded networks. While this has come at the price of more overheads and more complexity, other wireless device developers have come up with new ways of making the network secure. As newer protocols roll out into more applications with more partners, there are many more ways for system designers to secure their networks and protect users from an electronic attack.