An IoT ecosystem, like any biome on Earth, is constantly subjected to changes and threats at various scales. Whether the system is an asset tracking solution in a hospital to help deliver more effective healthcare or cold chain management ensuring temperature control during transportation, the hardware/sensor is where the data journey commences in an IoT ecosystem. The integrity of these hardware components is paramount to the success of an IoT solution, but there are currently critical threat points on these devices which left unaddressed could be disastrous.
Much of the focus of IoT security is on keeping the communicated data from IoT devices untampered up the solution stack. Methods like end-to-end AES encryption are currently standard by most network protocols and are well secured and tested. An attack on data tampering at this level is difficult and not worth the attacker’s time. Since attacking between the two endpoints of the device and the cloud is somewhat of a dead-end, attackers are starting to focus on the endpoints themselves.
One of the most common attacks from the past couple of years is a distributed denial of service (DDOS) which is an attempt to disrupt traffic of a server, service or network by overwhelming the ecosystem with a flood of Internet traffic by using co-opted IoT devices to ping specific servers of the system. In this attack, the data transmitted may not be malicious, but the attack is successful in disrupting the IoT ecosystem. DDOS attacks are an example of why IoT devices can not compromise on taking security measures on device access. Of all of the recorded DDOS attacks in 2018, 17% of these attacks were using devices with no password authentication to gain access to the device.
Ideally, manufacturers of IoT devices would standardize practices such as CryptoAuthentication and other obstacles to take control of devices, but often there is no financial incentive to do so. While DDOS attacks come from players outside the environment, new threats from inside IoT devices themselves are festering. In this article, we’ll talk about some common threats to IoT hardware that can cripple a solution.
The microprocessor in all of our computers is made up of billions of transistors. Transistors are gates that depending on the voltages of two inputs, can either allow or obstruct electrons to flow to the output. Series of transistors can make switches and other logic elements to create states. Scale up to a million of these logic elements and we have a modern microprocessor in a computer. Moore’s law, developed in 1965 by Intel executives Gordon Moore and David House, predicts that the number of transistors on an integrated circuit will double about every two years by means of greater precision in chip manufacturing and efficiencies in circuit design. As transistors have shrunk to the nanoscale (10^-9 m) we must now evaluate their functionality at the will of quantum mechanics, abandoning the comfortable and somewhat intuitive nature of classical mechanics.
Today, layers of insulating materials that are supposed to curb the flow of electrons so extremely small where a phenomena called quantum tunneling, must be considered. Subatomic particles, like electrons, sometimes act as a particle, but can also behave like a wave. Theoretically, when a wave-acting electron comes across a transistor with a small enough gate, quantum tunneling can occur and what should have been a state of 0 is now a 1, an unintentional bit-flip.
Currently, some transistors are using 5nm nodes and soon 3nm nodes will be on the market. These transistors are at the will of quantum mechanics which affects the ability to predict the behavior of a system with absolute certainty and makes bit-flipping a reality, but it isn’t the only threat that can perform bit-flipping. Solar wind and supernovas in space send an amalgam of charged particles and radiation such as gamma rays, neutrons, pions, muons, and alpha particles at Earth every minute. These particles also are culprits of bit-flipping.
The consequences of bit flipping are serious. In a 2014 election in Belgium, one candidate was given 4,096 more votes than they actually received because of a bit flip in the 13th bit of the vote counter. A bit flip brought Google’s core indexing system down in 2000. In 2008, a Qantas passenger jet was sent into a nosedive because of a bit-flip in the avionics system. These three cases were caused by charged subatomic particles flying across the universe and striking a component of an integrated circuit.
There is a hardware solution to this problem called Error Correcting Code Memory (EECM), which is able to combat unintentional bit flips by storing parity bits and constantly running a detection algorithm through its memory. While effective, these solutions of preventing bit-flips are far from being cost-effective or feasible for battery usage for full-scale IoT deployments. This leaves the solution to cosmic bit flips and keeping the integrity of the data in our IoT ecosystems to the software developers. Using frequent state checks with multiple databases that can verify and (if necessary) flag the system can be used to combat bit flips when logical data anomalies are detected in the system.
The integrity of hardware is critical to the health and effectiveness of an IoT solution, but threats are not being well-managed. Proper access authorization and tested manufacturing protocols of the devices must be used. Without stability at the lowest level of the ecosystem, an effective and reliable solution can not be deployed and can consequently cause harm to the people and environments dependent on the system.