Expert commentary: Security-by-design in IoT devices

IoTJ: How important is security as a consideration when designing IoT products?

Nicolas Damour: Security is extremely important in our design process. As a hardware manufacturer, we believe that any kind of security must have a hardware anchor. Security-by-design is not just a buzzword; it means thinking about security from the very beginning and integrating it into the hardware. Software-only security does not exist in our view. For example, secure elements like SIM cards in cellular devices provide a level of security similar to smart cards used in credit cards. We build up security by layers in IoT devices from the bottom up so that we know all the software on the device is secure and it is protected from external attacks.

IoTJ: What are some common security threats to IoT devices?

ND: Security threats vary widely. At the most basic level criminals might steal batteries or SIM cards from devices to use them in phones. To counter this, we pair the SIM card with the module so that it only works with that specific module. Other threats include tampering with the information managed by the device or stealing the data. This requires encryption and secure communications channels to ensure the confidentiality, integrity, and availability of data. In other cases, criminals might want to block the data being transmitted from the device or use IoT devices to overload a cell tower. You need to think about the threats and what the malevolent actors would be willing to do, which requires a little bit of imagination.

IoTJ: How do you handle the security of devices in different environments?

ND: Different environments pose different security challenges. For example, routers used in public safety applications, such as police and ambulances, need to be highly secure due to the sensitive nature of the data they handle. On the other hand, a pet tracker might have less stringent security requirements, so it might not need an encrypted connection to the cloud, for example. We design our devices to be flexible enough to meet the security needs of various applications while maintaining a high baseline level of security.

IoTJ: What are some examples of security measures for different types of IoT devices?

ND: For cellular modules, we ensure they have secure boot processes and encrypted communication channels. The same goes for cellular industrial routers, which also include additional functions like VPNs. For both cellular modules and routers, we use secure elements and pair SIM cards with specific modules to prevent unauthorized use. For LoRa chips, we focus on secure communication protocols and external cybertamper-proof hardware. Each type of device has tailored security measures based on its use case and environment. Security is always a matter of finding the right trade-off between protection and resource usage, including computing power and energy consumption. This is particularly true for IoT devices, which often don’t have large amounts of computing power or storage.

IoTJ: Can you give examples of how cybercriminals might target IoT hardware?

ND: One example is during the manufacturing stage, where malicious code could be injected into the firmware. To prevent this, we ensure that our firmware is signed and verified before it runs on the device. Criminals also target firmware updates, which are crucial to ensure that the device remains secure in the case of vulnerabilities being detected, for example. We use secure channels to update firmware and verify its integrity to prevent fake firmware from being installed. If something goes wrong, the module can roll back to the previous firmware.

IoTJ: How do you ensure the security of the manufacturing process?

ND: The security of the manufacturing process is crucial. We produce our devices in secure facilities to prevent malicious code from being injected. We also ensure the robustness of our supply chain to avoid disruptions that could compromise security. For example, during the semiconductor shortage caused by COVID-19, we worked to maintain a secure and reliable supply chain.

IoTJ: How important is Zero Trust for securing IoT devices?

ND: Zero Trust principles provide a flexible and scalable approach to security, which is essential for the diverse and growing landscape of IoT devices. It is particularly useful for unattended devices, which make traditional security measures like two-factor authentication challenging to implement. We use techniques like private keys and PKI to ensure secure connections. These methods ensure that devices can authenticate and communicate securely without relying on human intervention. Certificates stored in IoT devices must be managed carefully to ensure they can be renewed and revoked as needed. This is crucial for maintaining security over the device's lifetime, which can span a decade or more.

IoTJ: What are some future security threats you anticipate?

ND: Future security threats include the use of AI and quantum computing by malicious actors. AI is a tool used by both good and bad actors. It plays a significant role in security, helping to detect anomalies and potential threats. However, AI also poses new security challenges that we need to address. Quantum cryptography is another emerging area that requires attention, as malicious actors may store encrypted data now to decrypt it later using quantum computers. Quantum-resistant algorithms will be necessary to protect data from being decrypted by quantum computers.

IoTJ: What standards and certifications are relevant to IoT security?

ND: There are several standards and certifications relevant to IoT security, including those from the National Institute of Standards and Technology (NIST) and the European Union Agency for Cybersecurity (ENISA). Regulations like the EU Cybersecurity Act and the EU Cyber Resilience Act are increasingly impacting the B2B space, and customers often have their own security requirements.

IoTJ: How do you work with Orange to ensure the security of IoT devices on the network?

ND: Orange has a set of requirements known as the Orange Group Device Requirements (OGDR), which are regularly updated. These requirements include various aspects such as connectivity, SIM, IP communication services, software, privacy, and security. Compliance with the OGDR is essential for devices to be certified for use on Orange's network. The inclusion of security requirements in the OGDR highlights the increasing importance of security in IoT devices.