Security in the Internet of Things (IoT) has become a critical requirement, with recent legislation mandating ‘reasonable security features.’ It is very clear that the cost of implementing security within the IoT is necessary, and far outweighs the cost of not doing so.
Security is built up in layers; the first layer needing to be secured is the hardware layer, the second is the network layer. In this article, the network layer referenced is the Thread network layer: a low-cost, low-energy, meshed IoT network.
However, the network is a mix of wireless and wired IP technologies, so there is also a need for application level security. This comes from the OCF application layer; a secure domain where all devices and clients can securely talk to each other, say, Wouter van der Beek, senior IoT architect, Cisco Systems and Technical Working Group chair, Open Connectivity Foundation and Bruno Johnson, CEO of Cascoda, a member of the Open Connectivity Foundation.
The constrained microcontroller requires features to protect it from malicious code and hardware-based snooping that would compromise security. Secure hardware protects the boot sequence of the microcontroller by validating its signature and protects memory and peripheral access to isolate critical parts of the code. This only allows access through a well-defined and trusted application programming interface (API). These features minimise the attack surface of connected devices, providing a secure foundation for the network and application.
The network layer needs to ensure that the data sent over the air cannot be altered and that devices that join the network are legitimate. In order to secure data over the air, Thread uses a network-wide key that employs symmetric key cryptography known as AES-CCM. AES-CCM appends a tag code to each message and encrypts it using this network-wide key. If the recipient has the key, it can decipher, verify the origin, and verify that the message was not corrupted in transit. Lastly, the key is periodically changed based on the existing key and a specific sequence counter in case it becomes compromised.
However, when a new device needs to join a network, it does not know the network-wide key and therefore needs to obtain it. This process is known as commissioning. Of course, the key cannot be transmitted without encryption, as it could be intercepted by an attacker. To overcome this problem, Thread commissioning uses a process known as Password-Authenticated Key Exchange (PAKE), which is part of the Datagram Transport Layer Security standard (DTLS).
PAKE uses a low-strength secret in conjunction with asymmetric cryptography to generate a high-strength secret between the two parties. The high-strength secret is used to encrypt the communication of the key from the Thread commissioner (e.g.
