It’s easy to joke about the potential for a cyberattack on the Internet of Things, especially when it comes to smart homes. “Who would want to attack a refrigerator?” you might think. “What are they going to do, tell me I need 10,000 eggs?”
All joking aside, IoT security is actually a serious issue, and one that has the potential to be a defining point in the future of the IoT itself. There have already been documented cases of major cyberattacks stemming from connected devices, and while developers (and users) of IoT devices are beginning to understand and protect against the risks, it’s inevitable that there will be more attacks in the future.
Securing the IoT has a number of moving parts. To an extent, security relies heavily on the user, who is responsible for following best practices (i.e., choosing and using secure passwords, securing administrative privileges, securing routers, etc.) and making sure that the device is secured on an endpoint level. However, security is also dependent on the device itself. Engineers are responsible for creating devices that are capable of being secured, without significant vulnerabilities that are attracting to hackers. One of the most important considerations in this endeavor is memory.
Why Memory Matters
Memory has always played an important role in classic computing (i.e., desktop and laptop computers) and other electronic devices. Without memory, these devices would not function at all, given that memory houses the system code that allows the device to work. Without adequate memory, devices tend to be sluggish at best, and non-functional at worst.
The need for adequate and reliable memory presents a challenge to IoT device designers. Simply put, the typical IoT device does not have the space for a large memory chip. Instead, IoT devices need memory that is not only light, small, and low power, but it must also be fast and reliable, while also secure.
In fact, it’s that last point — secure — that has many engineers looking to new solutions for the IoT. Because most IoT attacks have stemmed from spoofed endpoints (i.e., devices like security cameras) it’s important to ensure that the device memory is adequate for preventing spoofing. There are several technologies being put to use for that purpose.
Considerations for IoT Memory
For most IoT devices, volatile memory is inadequate because it doesn’t meet the power and function requirements for most IoT devices — not to mention, it is typically more expensive than NVM. Typically, engineers rely on flash or serial EEPROM memory for IoT devices, then, because it is more affordable and currently meets the requirements for power, reliability, and security.
Beyond choosing the right type of memory, engineers need to consider other aspects of digital security, which is usually some combination of cryptography and memory protection. Cryptography is usually a four-part process: Securing data via encryption to ensure that it can only be read by authorized parties; confirming that the message was not modified during transmission by using hashing; and authentication, confirming that the message came from where it claimed to originate from.
Memory protection is actually a layered approach that uses several different approaches to protect the chip and the code it contains. The first layer is devoted to preventing physical access to the parts of the chip that contain memory and other important information. During chip production, the interfaces containing this information are disabled or permanently removed to restrict access.
The second layer of memory protection is the Secure Boot, which is a Root-of-Trust to verify that uncertified firmware is not executing. Finally, the chip contains Memory Protection Units (MPUs), hardware that prevents access to the certain areas of the device’s memory. While this will not prevent an attack on the device, it will limit the areas that the attack can access.
By combining cryptography and memory protection, it’s possible to create more secure memory, and by extension, more secure IoT devices. NVM that uses these techniques is more physically secure than other types of memory, which is an important consideration, given the security risks that come from our connected world. Embedding NVM memory into IoT devices not only provides a better security solution and reduces vulnerability to attacks, but they also meet expectation in terms of cost, power, and performance.