IoT or Internet of Things, the technology behind connected devices, appliances, wearables and vehicles keeps surfacing in news articles and media reports every now and then. It is claimed to be the “next big thing” and set to transform virtually every aspect of human endeavours. Though we have already have tasted IoT prowess with smart wearables and devices, it is yet to roll out with full swing.
With the rise of IoT ecosystem and more and more devices connecting to the internet , security of these devices and systems is going to be the next big challenge. This article discusses about IoT devices, cars, wearables and how physically unclonable features (PUF) can ensure security of IoT devices.
Internet of Things: connecting the dots
If you do a quick Google search about “Internet of Things” and go through a few stories, you will probably find yourself in a science fiction world where almost everything we deal with in day to day life, will be connecting and communicating with via the internet. These devices, appliances and vehicles will require minimal human intervention and with the help of machine learning and artificial intelligence, they will even get cleverer with time. But when you come out of your IoT science fiction session and look at your car, it seems far from what Google search said. Your fridge cannot connect to your phone to tell you it is running out of apples.
As of now, IoT scenario depicted above may seem like a science fiction, but it is bound to happen at some point in future. The reality is that IoT ecosystem is building itself, connecting the dots and sneaking in our life without disrupting anything. Manufacturers are coming up with IoT appliances and wearables but they are yet to be a commonplace. No wonder soon everything from your refrigerator to your jogging shoes, will ask for your Wi-Fi password as soon as you put them to work.
Things might look quite unchanging superficially but if you look closely a lot of movement can be felt beneath the surface. IoT appliances and devices are yet to replace traditional ones. IoT cars are under testing. Soon you may see a car overtaking yours with nobody behind the wheel! We are going through a transition phase. We may already have some IoT devices or appliances that we can purchase and deploy right away. However, a lot yet to come, we are yet to see connected self-driving cars on road, and that will probably be the most apparent portion of the IoT transformation.
IoT wearables and implants are expected claim a huge portion of overall IoT ecosystem and will be turning human beings into cyborgs. In fact, wearables are already commonly available IoT devices. Today, you can buy smart watches, activity trackers, smart bands, etc. and put them to work right away. As is the case with IoT devices, IoT wearables are equipped with microcontroller and sensors to sense the surroundings / movements and generate data. Some of IoT devices can even be implanted beneath the skin and even deep down in human body.
What made IoT wearables exist?
Human body and activates generate a lot of data every second, which can be collected with IoT wearables and implants to make the best use of it. It can be used for tracking, improve performance and timely healthcare services. What if there was a chip implanted in your body which could keep track of your health day and night?
Sounds too good to be true? Let’s have a look at this story published in The Sun, which says that Apple watch (an IoT wearable device) alerted its owner to seek immediate medical attention for a deadly heart condition.
It is not a long ago when data generated out of daily human activities was of any use. Also, there was no automatic way to keep track of daily activity data like number of steps taken or time spent jogging / sleeping.
Suddenly activity data became important as it was now possible to capture it with activity bands, and make the best use of it. IoT wearables like fitness bands and activity trackers could keep track of every move you make and calorie you burn. These wearables could send this data to you smartphone, which works as a personal server for your wearable. With the help of an app connected with your wearable; this data can be represented with nicely designed charts and stats.
Another purpose of data capture with wearables can be pure commercial. Just like your online activity, physical activity data can also be commercialized, no wonder if you start seeing ads of protein supplements or jogging shoes after a few days of purchasing your fitness band.
Not all wearables are about activity tracking. Some wearables can help with access control, identification or authentication. Some can be dedicated for location tracking. In healthcare, implanted IoT devices can keep track of a particular health condition, e.g. a connected pacemaker to regulate unstable heartbeat.
The same is set to happen in aspects of our life. Everything generates data, your oven, your refrigerator, your vehicles and what not. The challenge is to capture this data and think the best use of it.
Automotive IoT: bringing IoT to cars and other vehicles
What if your car could learn from others’ mistakes, foresee traffic related problems, read traffic signals, leverage data generated out of other vehicles and communicate with other vehicles as well as road infrastructure to improve safety and avoid accidents? All this may sound little exaggerated but this futuristic phenomenon is happening right now and soon these connected vehicles will be a reality, thanks to Automotive IoT.
Automotive IoT is an approach to integrate IoT technologies in vehicles to improve their mobility by information sharing and improve road safety in order to reduce accidents and fatalities.
Making IoT technologies work flawlessly becomes very crucial in case of such vehicles as any system of infrastructure failure or malfunction can quickly turn into accident in moving vehicles. To achieve this, there are various standards and technologies are being worked upon to make sure that no stone is left unturned in case of IoT vehicles.
For example, C-V2X (Cellular Vehicle-to-Everything) describes a set of technologies that allow vehicles to communicate with each other and other smart transport solutions via existing cellular networks to guarantee full coverage and continuity of services.
Similarly, V2V (Vehicle to Vehicle), V2I (Vehicle to Infrastructure), V2P (Vehicle to pedestrians) are the technologies that allows connected vehicles to communicate with other vehicles, infrastructure (e.g. traffic lights, speed signs and toll stations) and pedestrians (via their phones) respectively.
Potential threats to IoT security
Rise of IoT devices is set to bring unprecedented level of connectivity, in which devices will be communicating with people, infrastructure and other devices via the internet. Manufacturers are eager to bring more and more IoT devices to the market. While the internet connectivity will open doors for numerous possibilities, it will also open doors for cyber attacks originating from the internet.
IoT attacks can be more fatal than traditional cyber attacks. An attacker with sufficient knowledge of the IoT system and its authentication loopholes can take control of an IoT device. He/She can further use it for attacking other devices too. It will not take too much imagination if an attacker is able to hack into an IoT vehicle, power grid or a surgically implanted electronic device for maintaining functions of human body (e.g. a connected heart beat pacemaker).
These are comparatively smaller example, IoT attacks can put even entire city under siege and result in a widespread destruction in completely connected IoT infrastructure.
Challenges in IoT security and physically unclonable features (PUFs)
Traditionally, security of information systems and digital devices is laid using cryptographic methods. It is achieved by encrypting crucial pieces of information, which can be potentially misused by an attacker to gain unauthorized access to a system or a device. Encryption ciphers the information, on which it is applied so that an attacker cannot not apprehend it even it he/she has access to it.
Using cryptographic methods works great in case of IT systems with adequate processing power. However, in case of IoT, implementing encryption based security has many challenges.
- IoT devices have limited computation power, while the process of encryption / decryption requires some level of computational ability.
- IoT devices have to be energy efficient; many devices will run on battery power and also have to ensure longer battery life. Implementing encryption will require more computational power, hence more power consumption.
- IoT ecosystem is expected to face fierce competition in coming years, which will result in price war and low prices can be one of the potential bottleneck in implementing traditional security measures in IoT devices.
To overcome these and other challenges of IoT security, Physically Unclonable Features (PUFs) have been proposed to implement IoT security. PUFs can be leveraged to lay secure authentication on IoT devices without being heavy on resources.
What are physically unclonable functions (PUFs)
Semiconductor devices (e.g. microprocessor, microcontroller chips) carry their own unique digital fingerprint which is created during the manufacturing process. During the semiconductor chip manufacturing, random physical variations occur naturally owning to different factors in semiconductor manufacturing process.
These physical variations are not only unique to a chip but also are unclonable, i.e. they cannot be cloned to another chip. These unclonable physical variations can serve as a digital fingerprint of the particular chip and can be extracted using a special circuit, called PUF circuit.
PUF circuits can be made to work as an authentication barrier to allow access to the semiconductor device. PUFs can be used to implement challenge – response authentication, in which an external stimuli (i.e. challenge) is applied to a particular PUF of the chip and it reacts in an unpredictable but repeatable way. This behavior of the physical features of the microstructures within a semiconductor device can be utilized to setup robust authentication using physically unclonable functions (PUF).
Types of physically unclonable features
Several types of PUFs have been suggested, which can be evaluated to implement an authentication barrier. For example, SRAM PUF leverages the randomness in the power-up behavior of standard static random-access memory on a chip, while Oxide rupture PUF makes use of randomness obtained from inhomogeneous natural gate oxide properties occurring in IC manufacturing process. As much as 40 physically unclonable functions have been suggested.
PUF and embedded fingerprint module
While physically unclonable features on IoT chips can serve as the fingerprint of IoT devices, a low-cost embedded fingerprint module can take the security of IoT devices to the next level. PUF helps authenticates the physical identity of a device. It makes sure that data comes from a trusted source. It also ensures data integrity, means data has not been tempered with while embedded fingerprint module can be used to authenticate user where required.
An embedded fingerprint module is the best biometric solution for IoT security due to their cost effectiveness and compactness. Even low-cost embedded fingerprint module can capture high quality fingerprint images. They are also deemed suitable for IoT security as these devices have limited processing power, memory and power.
At one front, using physically unclonable features can ensure data integrity and confidentiality, embedded fingerprint modules, on the other hand, can ensure that user is physically present to perform authentication. Embedded fingerprint module can take the responsibility of user authentication ensuring his/her physical presence and protecting biometric data with the PUF response at the sensor node.
IoT devices pose more security risk as they have to connect with other IoT devices, infrastructure as well networks. These devices connect and share data with minimal user intervention. A robust authentication becomes imperative in such a scenario, as a breach in IoT security can spread quickly within the particular ecosystem.
PUF is not only extremely secure, but also a low-cost and easy to implement authentication security for IoT devices. It requires very less computational and power resources, which renders it suitable for IoT devices due to their limited computational ability and needs of power efficiency. PUF can secure individual IoT device, and securing each individual device will result in secure homes, vehicles, businesses, infrastructure and eventually secure cities.