RESCURE: A Security Solution for the IoT Lifecycle
The RESCURE consortium, consisting of the companies Technikon and Intrinsic ID, along with the Eindhoven University of Technology (TU/e), was created to address the need for a security solution that spans the lifecycle of devices in the Internet of Things (IoT). The solution provided by the consortium resolves security vulnerabilities in this lifecycle using SRAM Physical Unclonable Function (PUF) technology in combination with state-of-the-art cryptography and security protocols.
The IoT is expanding fast, and so are risks to its security. The fact that IoT devices are deployed frequently with failing security implementations becomes clear with even a quick look at NIST’s National Vulnerability Database. This database includes instances of devices with poorly hidden or repeated secret keys, improper – or absent – authentication, and unguarded software update conduits, to name just a few security issues known to exist in devices already in the field.
The consequences of any IoT breach can be severe as IoT devices are often used in safety-critical applications, such as transportation systems, smart electricity grids, and water-supply systems. Compromising a single device, even a seemingly insignificant one, can bring down complete infrastructures, violate the privacy of millions of people, and disclose confidential data. Because IoT devices typically run autonomously across a broad range of untrusted environments, it can be very difficult to detect an attack quickly, and very costly to physically access the devices for repairs.
Protecting an IoT device is complex. It not only has to be protected in the field, but during its entire complex and far-flung lifecycle. Various phases of the lifecycle of an IoT device involve different parties with a variety of security needs. Often, there is no one party among these varied players that has any incentive, expertise, or even ability to completely take care of security.
RESCURE is a project funded by the EU and the EUREKA programme Eurostars (Grant: E11897, project duration: February 2018 – April 2020). The goal of the project, consisting of the companies Technikon and Intrinsic ID, along with the Eindhoven University of Technology (TU/e), has been to provide a flexible framework that allows IoT device security to be updated throughout the entire lifecycle of the device.
RESCURE achieves this by retrofitting security on existing IoT devices using a low-cost solution, based on SRAM PUF technology. Tiny uncontrollable variations in the manufacturing of SRAM transistors lead to SRAM start-up behavior that is unique for every individual chip. SRAM PUF technology uses SRAM start-up data as a “silicon fingerprint” for the microcontroller unit (MCU), turning this unique property of SRAM into an unclonable device identity by deriving a device root key from the silicon fingerprint. This root key is never stored on the device, but instead it is generated only when needed.
The main advantages gained from this method of key generation and storage are:
- High security, as no root key is programmed externally and it is never stored
- Low cost, as no costly protected memory or other security hardware is required
- High flexibility, as it is even possible to retrofit this security on deployed devices
Security for the Complete Device Lifecycle
Using this technology, RESCURE has created a working prototype of its security architecture that protects an IoT device throughout its lifecycle:
- Manufacturing – Manufacturers need to make sure each device has a unique identity. This identity is used to connect securely to a cloud service, typically using a Public Key Infrastructure (PKI). The devices also need to have secure storage for sensitive data, such as IoT measurement data and valuable software IP.
In the RESCURE security architecture, an SRAM PUF is enrolled on the device in the manufacturing stage, allowing it to create device-unique keys. These include public/private keypairs for setting up secure cloud connections, as well as symmetric keys that are used for protecting all valuable data and IP on the device. These secret keys are only available at runtime and are never stored on the device, so they can never be stolen. The silicon fingerprint of each device is unique; and because the secret keys are derived from this unique fingerprint, there is no possibility of secret keys from one device being copied to another device.
After the manufactured devices are sold, typically to Service Providers (such as energy suppliers or railway operators), who place them in the field. These Service Providers handle the next phases of the IoT lifecycle:
- Setup & Pairing – The generated public/private keypairs are used to obtain device unique certificates. With these certificates the devices are authenticated to the cloud and trusted PKI connections between device and cloud are established.
- Operation – If the data is only encrypted while travelling from device to cloud, it can be decrypted in the cloud before it reaches the Service Provider. To guarantee data remains encrypted until it reaches its destination, another keypair is generated to apply end-to-end encryption from the IoT device to the cloud of the Service Provider. Additionally, all sensitive data on the device is encrypted during operation.
- Update – Cryptographic keys are also used to provide encryption and authentication for over-the-air updates, so that attackers can no longer install malicious updates or intercept updates in transmissions.
- End-of-Life – All sensitive key material of the RESCURE prototype can be zeroized, which means the entire identity of a device, including all its rights and authorizations, can be erased.
- Refurbish – After zeroization of a device, it can be re-enrolled with a completely new identity. The old identity and corresponding keys, however, are gone forever. This way, IoT device hardware can safely be re-used for new purposes.
For more information on RESCURE and its solution for securing IoT devices, have a look at our video. Also, two papers about the project were recently accepted at scientific conferences and will be published at the ARES 2020 workshop WISI and at WISEC 2020.