Protecting against new types of threats and attack vectors

Protecting against new types of threats and attack vectors

Following on from the first part of this article entitled, ‘Readying Industrial IoT Networks for Today’s Security Challenges’, which reviews the standardized way to approach security, this article goes through ways to protect against new and emerging threats.

Protecting our valuables

The complexity of industrial systems rises yearly, with machine learning (ML) algorithms being deployed in vision systems to optimize production processes. The intellectual property (IP) for such systems also requires protection, such as digital watermarking, to protect the massive investments in training such technology. Authentication of ML models, coupled with authentication prior to allowing firmware updates or access to processor memory storage, helps ensure that valuable IP is not stolen or used outside official maintenance contracts.

Blockchain is also on the horizon, used to provide an immutable chain of transactions that a vendor, its customers, and its suppliers can trust throughout the supply chain. This demands secure keys to sign transaction requests and cryptography. Then there are wireless networks, such as Wi-Fi 6 and 5G, vying to be the alternative to wired connectivity. Advanced robotic systems and autonomous vehicles will need to authenticate with such systems and encrypt the data that flows over them.

Semiconductor vendors offer a range of solutions that support the security needs of developers building these systems, and the service providers and operators that offer the cloud ecosystems they attach to. Devices like PLCs rely on powerful microcontrollers (MCU) or large system-on-chip (SoC) devices to perform the desired function. Developers are provided a wealth of security features in such devices, coupled with the necessary software to operate them correctly. One capability is secure booting to ensure that only authenticated firmware is executed from power on. This can then provide a root-of-trust for establishing wired and wireless connections and authenticating with cloud services. As random numbers also play an essential role in establishing secure connections, appropriate hardware blocks are typically included.

With much equipment operated remotely and without local personnel, the risk of physical tampering to access keys and certificates is high. Silicon vendors impede such efforts with carefully constructed circuits that counter the many varied attack types used and can also detect them. And, while today’s processors deliver exceptional computational power, regular breaks to execute encryption algorithms can prove disruptive, especially for real-time control applications. By integrating accelerators for standard encryption methods, such as AES, SHA2, ECC, and RSA, the impact of security on software execution is minimized. Find more about IoT: Three Types of Security

Surviving in a post-quantum world

Security planning involves assessing risks; many attack vectors are known and well understood. But with researchers and leading technology companies regularly announcing advancements in quantum computing, a new threat is appearing on the horizon. Public-key cryptography relies upon problems from mathematics that require an inordinate amount of time to solve with existing computing capability. Thanks to dedicated quantum algorithms, such as Grover’s algorithm, and Shor’s algorithm, the problems can be solved efficiently using a quantum computer. This means that extracting the secret keys with quantum computers will suddenly be practically feasible. More about the Three Types of Security in IoT

For the time being, existing quantum computers are limited in number and aren’t powerful enough to break encryption. However, the assumption should be that today’s security will be weakened or considered broken when they are. This is exactly why the USA’s National Institute of Standards and Technology (NIST) started a worldwide standardization effort already six years ago to look for promising post-quantum secure alternatives. In July 2022, the winning algorithms were selected and the sole winner to become the next key-exchange standard is the CRYSTALS-Kyber algorithm: a lattice-based proposal co-authored by NXP, IBM, Arm and several academic partners, which was selected due to its great performance, manageable key sizes and the confidence NIST has in its lasting security capabilities.

Never tackle security alone

While we naturally don’t want to share our secrets, it is important to converse about the security for protecting them and how to implement it. As industrial systems become more complex, the need for security measures to protect intellectual property (IP) and ensure trustworthy transactions increases. And, with the emergence of quantum computing, there is a need to consider post-quantum secure alternatives to public-key cryptography. The semiconductor industry contributes significantly to this effort by providing technology that supports proven industry-standard approaches and experts who can advise on the optimal security approach

About the author

This article was written by Joppe Bos. Joppe is a senior principal cryptographer at the Competence Center for Cryptography and Security at NXP Semiconductors. He also currently serves as the Secretary of the International Association for Cryptologic Research (IACR) and the co-editor of the Cryptology ePrint Archive. His research focuses on computational number theory and high-performance arithmetic as used in applied cryptography.