Tuesday 23 December 2014

Security is Paramount in the Internet of Things

This article was written by my friend Kim Rowe of RoweBots and it has been slightly adapted for this blog. The original can be read at http://www.embedded-know-how.com/article/1776/security-is-of-paramount-in-the-internet-of-things...

Security is of paramount concern for internet connected systems because it now controls all infrastructure, most entertainment, most factories, medical systems, all electronic communications – both corporate and personal, and all financial transactions. As a society, we are completely dependent on the Internet and without reliable Internet services society would not function.

 
This Internet dependence will only grow as we add more devices and capabilities creating the Internet of Things. Dependence will create significant vulnerabilities if the devices are not secure. Imagine a connected hospital without security for patient data collected in real time or a voting system vulnerable to hackers. How about traffic lights which can easily be changed by criminals? Without security on all devices, everything that surrounds us will be subject to attack and exploitation by terrorists, criminals, power hungry hackers and vandals. Our society, safety and freedom will be at risk.

If pervasive security is in place, our society will have the capabilities to become much safer, with greater freedom and improved safety and security. The tyranny of the masses could be minimized and a society responsive to individual needs could be created – from getting the right traffic lights while eliminating all accidents, through guaranteeing private information remains private and ensuring that medical results are both secure and immediately accessible. Internet of things devices will go into the field now but will remain viable for many years depending on the application. Traffic lights and utility meters are rarely changed. Communications infrastructure is designed to be compatible and operational for twenty years. Electrical transmission systems last thirty years or more. Homes, offices, industrial buildings and other structures are intended to last indefinitely with retrofits in terms of decades.

If new systems are not secure now, they could be a significant risk for the purchaser very quickly as threats grow. To preserve customers investments in their smart devices and protect society, security is an essential requirement for all new devices. The time to protect society is when systems are designed. How secure can small microcontrollers (MCUs) and microprocessors (MPUs) be? Of the 20-50B devices expected to go onto the Internet in the next few years, all can be secure to the point where abuse and misuse is minimal.  Small devices can be more secure than much larger devices for two reasons. First, they are not subject to the same type of threats – threats are much lower level. Second, they often lack the features to dynamically run new programs and the mechanisms that they have for reloading the program either require physical access or can be secured relatively easily. This does not mean that security is very easy, just that it is not as difficult if you properly exploit the features of MCUs and small MPUs for maximum security. The remainder of this article discusses how to protect small devices on the Internet of Things.

Hacking an Embedded Device

 In the case of systems with dynamic loading, modification of executable files and other sophisticated features, security is difficult. Imagine the following scenario:
  • An intruder moves a file onto the machine using email, ftp or some other means.
  • The file is dynamically loaded and when it runs, it corrupts other executable files. It then cleans up and deletes itself.
  • If the virus is new or unknown to the system, it won't be recognized as a virus and will pass into the system and infect it.
Consider another scenario where communication links are not secure or not properly secured. In this case, there is likely a means to read data at a minimum. There might also be a means to inject new data into the data stream which could be used in turn to corrupt the receiving system. A good example of this is loading a non-secured image for a device over the Internet. When the new image is loaded and run, it could take over the system assuming that it has the correct access. In yet another scenario, a device with critical data on it is stolen. Unless the data is encrypted or sits in an encrypted file system, it could be possible to recover the restricted data from the device. This is another scenario to consider.

To ensure system security, often it is best to consider how the device information will be accessed. Typically, great security would require: something you know (password), something you have (debit card or a wearable device), and something that you are (an iris scan). For small devices this is typically overkill, but in cases where very high security is required, it is possible to achieve this through indirect means as long as the various elements are all secure. By securely interacting with a server which in turn securely accesses the device the device interfaces for security can run on larger machines and still be used to secure small devices.

Another critical element for secure systems is layered security and an assumption that someone will gain partial access. A good design practice uses layered security where possible. In this case, the intruder may access some part of the system but not all the system without significant additional work. Examples of this might be using two different firewalls in cascade to secure a server so that vulnerabilities in one are secured by the second firewall. Following a discussion of the processes required and the components or software elements which provide various security features, the use of these components will be discussed further in the context of system security, addressing each of these scenarios.

Securing Small Devices

 The first and most important thing that is required to secure a small system is the desire to make sure the device is impenetrable by all reasonable means. Without the proper motivation and mindset to make the system secure, it most certainly won't be secure. The second thing that is required is an approach that designs in layered security at the design level. After having completed a design, to then think about how best to secure the device is at best impractical. By using the correct approaches and knowing what is needed at design time, and actually using these tools to achieve a secure system is the next step to a secure system.

The third important approach is a well defined process for testing the security of the system after the implementation is completed and the device is properly configured. Through proper configuration followed with good testing approaches, the security of the final system can be assured; provided that the installation is correct. The final step to a secure system is a secure installation. A secure installation requires a rigorous procedure for installation which is strictly followed. Automation of the process is not necessary but is highly desirable as it can eliminate human error. Final in place testing will ensure that the install was correct and the security is operational.

Security Features

To completely lock down an MCU or small MPU at design time, the following security features are required. Some may not be necessary for your system, but in general, all should be considered. Security using standard information technology security solutions are the core security mechanisms for deeply embedded MCU and MPU products. These security protocols are:
•    TLS
•    IPSec / VPN
•    SSH
•    SFTP
•    Secure bootloader and automatic fallback
•    IP Filtering
•    HTTPS
•    SNMP v3
•    Secure wireless links
•    Encryption and decryption
•    DTLS (for UDP only security)
•    Secure email

TLS, IPSec/VPN, HTTPS, Secure wireless links, and DTLS are all means to secure communications links. SFTP provides secure file transfer while SSH provides secure remote access and Secure email provides email services over encrypted links. A secure bootloader with automatic fallback ensures that the system cannot be corrupted. SNMPv3, encrypted data, and an encrypted file system protects data through encryption either locally or as it is about to be transferred to another machine. IP filtering is really a firewall feature, intended to keep out unwanted and uninvited guests. Each section and each item will be discussed after a discussion on system level security.

System Security

Security is only as strong as its weakest link or component. To make a system secure, all the various communication channels, all the file transfer, all the data storage and any means to update anything must be secure. By making all of these things secure, the system becomes secure.

rowebots140826-1Figure 1. Network Security Components highlighted. The diagram shows the Unison OS Internet protocols, highlighting the components that offer the necessary security for that feature in order to build secure MCU and small MPU based devices. The security components require seamless integration across the entire set of protocols to provide high quality security.





The approach whereby the system is secured in layers using components is an excellent approach and the one used in the RoweBots Unison Operating System and most higher level environments. At the core, all operating system components are secure to protect against unauthorized tampering. Operating system security includes an encrypted file system so even if the device is stolen, the data is protected. Small MCUs use memory protection units (MemPU) and MPUs use their memory management units (MMUs) to ensure unauthorized changes to the programs are prohibited. Often flash reading is eliminated by using memory protection features which stop users from accessing the programs and or executing new programs from RAM or non program flash.

Secure boot and re-flash should be part of the core operating system security. By using the mechanisms provided by a secure boot system in conjunction with secure operating system features, all unauthorized tampering with the program can be prevented.  After the basic OS has been secured, attention is turned to the next layer of security – namely secure data link communications protocols. This includes wireless link level security and various military data link security protocols.

The next layer is at the IP level. This includes the following protocols:
•    PPP, PPPoE, PPTP
•    IPSec (or VPN)
•    IP filtering or firewall capabilities

These protocols securely transfer IP packets over the network. With reference to the OSI model, they all operate in the IP or network layer. IP filtering is used to authenticate and accept and reject connections. IPSec provides a virtual network built on top of the IP network using encrypted packets, and the remaining protocols provide encrypted and/or authenticated communications links for iP packets.

The next layer of security includes the transport, session and presentation layers. This end to end encryption layer includes TLS and DTLS. The remainder of the security protocols are application level protocols and provide the following features:
•    SSH – secure remote access
•    SMTP – secure email
•    SFTP – secure file transfer
•    SNMP v3 – secure device management
•    HTTPS – secure web server access
•    Encryption and decryption provide separately secured data in the environment to prevent unauthorized use.

Using all of these components and layers together, within a secure framework which has been thoroughly tested will ensure that your layered, secure design has optimal protection.

rowebots140826-2Figure 2. Unison Nanokernel Architecture – highlighted with security components. The Unison RTOS offers an additional secure boot feature at the lowest levels which completely locks down the system. Without an interpreter or other means to load a program which would run and then exploit a vulnerability of the system, it becomes extremely difficult for the system to be attacked.





System Security Revisited

Now consider the security of a MCU or MPU with limited resources needing to apply most if not all of these protocols to achieve security. To provide practical examples, this will be considered for the Unison OS, a tiny POSIX RTOS which has these features off the shelf in its tiny footprint. First, using secure communications protocols, all applications talking to the target device can be made secure. This includes phone applications, secure web based access to a tiny web server and more. Tricks like buffer overflow attacks are not possible because Unison is designed to run in minimal resources and must protect against any unreasonable resource use. Secure wireless links can be used. A VPN may be used.

To transfer files into the system SFTP can be used. This guarantees that the data is not corrupted during transmission – very important to secure the system updates. Adding filtering to the front end processing in the TCP server ensures that only authorized requests and updates are processed. This protects the device from intruders and significantly improves security. In addition, SSH can be used to remotely setup the device using a terminal based approach which may be more conducive to a scripted approach compared to a web server. This guarantees that the setup of the device is secure as well. At this point, the data flowing to and from the device is secure. Any changes or setup is secure and authorized applications and users can get access to the device's data and features. What if the device is stolen? To protect against this either encrypt the stored data on the device, keep no local data or use an encrypted file system. This will ensure that the critical data on the device is secured. If the user has the device, and has a password, this is generally regarded as reasonable security. Additional security in terms of fingerprint scans, iris scans, palm prints and other devices can be added for additional security either with the device or connected to a secure access station. If you review the security scenarios that were first discussed, you will see that all but one of the scenarios has been discussed. The issue of execution of a program which subverts the security system has not been considered in depth.

In the case of an MCU and some MPUs, the program is a single linked image that runs from flash memory. In this case, it is not possible to add anything to the system because the entire image runs from flash and if the boot mechanism or re-flashing mechanism is secure, then an intruder can't introduce new code. This is true in the Unison case which makes the system extremely secure. In the case where an interpreter is in the system, the same cannot be said. An interpreted program could go and change the system image with unfettered access on an MCU or MPU unless elaborate security mechanisms are put into place such as use of a memory protection unit or MMU.

Securing MCU and MPU Systems

In summary, MCU and small MPU systems can be completely locked down using standard IT security protocols, secure boot and by restricting interpreter use. Unison benefits from the complete integration of all these components and the attention paid to layers security as part of this integration. Security should not be an afterthought or something layered on top of the operating system – it should be designed into the system and integrated and tested as a unit for true security.


 Kim Rowe is the CEO of RoweBots Limited, the manufacturer of the Unison Operating System and builder of Internet of Things devices.

More information can be found at http://rowebots.com/products/unison_rtos .

Wednesday 24 September 2014

Industrial Equipment & Network Security - A Growing Concern

Increasingly our industrial world is adopting Information Technology (IT) advances such as networking, remote control via the web, mobile interfaces, 802.11 wireless, USB support,  and now cloud based applications in the race to stay ahead in this competitive world. This application of technology may be coming a a cost of vulnerability and we need to look at this.

At the recent International Manufacturing Technology Show (IMTS 2014) in Chicago, exhibitors showed how they could leverage every advance in the IT world on to the factory floor. At the leading edge 100,000 sq ft DMG MORI booth, amazing new controllers and machines with remote OEM support options and high tech interfaces made in their new Davis, California plant were highlighted.

Following DMG MORI's lead, every manufacturer wants to reduce costs and yet enhance customer service - and leveraging IT is a great way to do so. That said, this openness cannot be done at the cost of making the system less secure and opening up the potential for a cyber attack and disaster.

Anyone in the defense industry (especially in the US) has heard of the International Treaty of Arms Reduction (ITAR) and the many security requirements that this program entails. Right now security on the factory floor is focused on perimeter control (network, magnetic card locks, video surveillance, etc) and the human element (checking out each worker and contractor). This may not be good enough in the future - we must get security into each machine.

The opportunity here is to investigate Machine to Machine (M2M) security systems - having part programs secure right to each machine (and perhaps once in them). Machine protocols like open source XML-based MTConnect need a secure version to be considered for ITAR or even cloud-based machine monitoring and Overall Equipment Effectiveness (OEE) programs.

In the days to come, Nexas will be looking into just what would be needed to provide secure factory communications to enable mobile, wireless and cloud-based applications. If factory floor network security is not yet a concern - I think it should be. This may indeed be the "next big thing" in the manufacturing sector worldwide...


Reference Links You Should Check Out...

1. 2014 Kaspersky Industrial Security Review
2. LoJack System for Cargo
3. IMPERVIO Information Rights Management System
4. Finding Your Cyber-Security Weak Spots
5. Tofino Factory Automation Security

Tuesday 1 July 2014

Words of Wisdom - 2014 Centennial College Commencement Address

On June 11, 2014, I had the honour of delivering the commencement address to 900 graduates of the School of Transportation and their families at Centennial College in Toronto. Several thousand people came out and I was televised for this formal affair - see the link at the end of this post. The experience was rewarding and exciting, in part because the students and faculty seemed to appreciate my "words of wisdom".

Afterwards, I was thanked by students and even asked by faculty if I would allow them to use it in their future teaching. As each graduate received their Diploma, I got a chance to congratulate them - and many thanked me for my encouraging words.

I wanted to post my speech here so that it becomes a public document reachable for these graduates that I now have a personal interest in. To those that just graduated, may you always keep "Love, Truth & Honour" in your hearts as you make your way in the world...


2014-06-11 Centennial College Commencement Speech

LOVE, TRUTH & HONOUR 
----------------------------------
Distinguished Members of Centennial College’s Board of Governors, President Ann Buller, other members sharing the platform with me today, students, your families and guests… 

I welcome you here and thank you for the opportunity to address you today.

I have come to learn that commencement speeches are quite symbolic and steeped in tradition. 

To graduates, then this speech actually represents the final lesson that Centennial College wishes to share with you before sending you out into the world to make your mark. 

As such, I consider this a high honour to be able to share my thoughts, experiences and life lessons with you today. 


INTRODUCTION – Let Me Share A Little About Myself:
-------------------------------------------------------------
In my incredibly intense and blessed life so far - I have lived, played and worked hard. 

In short, I have had a blast. 

I have built businesses that have uniquely applied technology to the metalworking manufacturing space. 

In fact, two of the companies I founded have gone public, but the first failed largely to timing – being on the wrong side of 911. 

To highlight this, on Sept 11, 2001 my net worth had grown to over $70 million, but I watched as our e-Manufacturing Networks prospectus for financing rained down from those New York towers. I can say that my hopes and fortunes crashed and burned that day too. 

I cannot tell you how gut wrenching that time was with no power to change what was happening, and eventually would happen as a result. 

I would lose everything thanks to this event, but I have bounced back. The message here is one of dogged persistence, of getting up over and over when life hits you hard, as it invariably will to test your heart. 

I have won big, and I have lost big – but I believe that my greatest accomplishment is that I have made a difference with integrity. 

Over the years, I have been seen as a visionary trying to connect every machine on the factory floor to the network. I have also been the co-founder of an open standards group called MTConnect that I am proud to say is being adopted worldwide these days. 

I have truly been “up-to-something” with many supporting me – especially my family, friends & co-workers.

Today my goal is to touch, move and inspire you to even greater things than I have done – for you to make a difference in this world too. 

I want to share with you thoughts in three areas – LOVE, TRUTH & HONOUR.


About LOVE – A Misunderstood 4 Letter Word:
----------------------------------------------------
Although the word “love” is used a lot these days, I don’t think that people appreciate the depth that it has. 

We talk casually about love and often minimize it – but really it is a force that binds the universe together – something you will have to tap into to really succeed at this thing called life.

Over the years I have seen so many people pay a heavy price to rise to other people’s expectations. They have mistakenly chosen to love image, power or money and thus simply lose themselves (and their health, their families, and their self-worth) in the process. 

 “Don’t use people and love things, rather love people and use things.” 

In my mind, loving yourself means respecting yourself, taking care of yourself, improving yourself, nurturing yourself, and taking time for yourself. You also need to love those supporting you like family, friends and even teachers. Share your appreciation. It is not all about you.

If you ignore these areas, you will learn hard lessons which will be repeated until they are learned I might add.

When I graduated over 26 years ago, I distinctly remember saying – so now what? I look back now and see the ride of my life, as I took on the world.  

I started my first business when I was 14 and I learned a valuable lesson about money – namely that there is no mystery on how to make it … money is made simply by solving another’s problem. 

If you want more money you can either solve bigger problems or more problems for others … or change who you are solving them for.

As the world gets more and more complicated, we vitally need people like you who can fix, maintain, and service mission critical transportation equipment like you can – you are important and even vital. 

Your travels will lead into many areas, but never forget your training here and your worth.

The energy to keep going, growing, learning and eventually recovering from a setback or fall – comes from knowing your worth, loving what you are doing and doing what you love. 

You have to want to change the world and be unreasonable to make this happen. 


Now on to TRUTH:
-----------------------
To me, truth is about seeking and clinging to what I call capital “T” truths. The world is very distracting and will want to pull you in many directions that are not what you love, not who you are, and do not generate happiness in the long run. 

This whole consumer world wants you to serve it first – buy what they are selling – do what they are saying – think what they tell you - so that you will serve their interests first.  Run, don’t walk, away from these detours and temporal traps. 

Truth is about clinging to what is right and just – serving others, and clinging to proven Truths that are unchanging. Protect your heart.

I have had some bitter losses, but I have never compromised on the truths I find to be self-evident. 

Seek wisdom, as it is the principal thing. 


A Note About HONOUR:
------------------------------
I would like to think that as each of you makes your way in the world, that you all uphold the highest character – that no one can buy, bully or entice you to compromise on your values. 

Take time to know your values – write them down even and keep them in your heart.

Be proud, take a stand, and learn to serve others well - this is what honour is all about. Great leaders are of service to others with everything they have – it is who they are. 

In the years ahead you may be asked to compromise on those values – to cheat the system, fudge a report, pass something of bad quality, look the other way or to lie, cheat or steal – do not ever do this, as it will come back to you. It could even have dire consequences that you will regret or be liable for years later. Live an honourable life.

This message here is about character – you need to have courage to take a stand for what is right. 

I believe that you should all consider yourselves as professionals, and act accordingly. Not every boss is good, company culture supportive, or staff morally upright – but you can be. 

I quote Ghandi, who once said: “You must be the change that you wish to see in the world.” 

It is important to align yourself with people who share your values in life, as you will become like those you are around. 

Learn to be courageous and take a stand - even if it costs you. Your goal should be to be respected, and not necessarily liked by all. 


And now, one final thought – Giving Back:
--------------------------------------------
As you get busy with life, it is easy to have focus only on you and your needs, but I want you to consider that part of your life should be dedicated to giving back. By virtue of your time here at Centennial and this graduation, you are way ahead of most people in this world. 

Although I have given back in many areas of my life thus far, I am most proud of starting Peoplewerks Volunteer Association in 2009. Peoplewerks is a non-profit group located in Hamilton dedicated to getting people working – one day at a time. 

I wanted to see a movement where people who want to work can, and thus be productive. It is a shame how many good people are not working, and the ones that are working are often over-worked and could use the help. 

Peoplewerks has been one of my experiments to create a difference – but I think that everyone can start their own action to make the world a better place. 

There is never a day when you cannot be generous – even if it is simply a smile, or a glass of water. 


In Conclusion:
-----------------
I encourage you in all goodness, and wish you well in the ride called your life - armed with your Centennial College diplomas soon to be presented… 

Go forth to make a difference in this world with 
LOVE, TRUTH and HONOUR in your hearts.

So now, I leave you with these immortal lines of encouragement from Britain’s wartime hero 
Winston Churchill:

“This is not the end,
Nor even the beginning of the end,
Rather, this is the end of the beginning!”

Thank you… 
---------------------------------------------------------
For a link to a video of the actual speech - click below and 
jump to 19 minutes 25 seconds where I start: