Skip to main content

Silicon, Security, and the Internet of Things

Published Date
Author Maxim Integrated

By Kris Ardis, Maxim Integrated

 

Abstract: The smart grid has broken from the fantasies of the Internet of Things (IoT) to provide something useful. In this article we discuss why the smart grid does not follow the pervasive IoT fantasy projections. We will show how real IoT deployments are made to better manage valuable resources and how an IoT creates a critical need for security.

A Google search on the Internet of Things (IoT) suggests that a multitude of smart devices will soon be talking to each other and deciding how the world operates without our (human) intervention. Fantasy stories on the Internet want us to believe that every atom on earth could be chattering away on a network someday. This sounds futuristic and completely detached from reality, but the IoT is already here, in the form of the smart grid.

Silicon, Security, and the Internet of Things Figure 1

Figure 1:To realize the true potential of IoT deployments, security needs to be designed into the web of sensors that will monitor and control the planet's resources.

IoT - Fantasy and Reality

There are lessons to learn from ongoing deployments of the smart grid. An IoT will not be implemented without an acceptable ROI. IoTs will roll out sporadically and should anticipate flexibility for future applications. There is also an important lesson that is not about efficiency or finances: without adequate security, an IoT could become a technological disaster affecting everyone.

Critical Role of Security

We are well on our way to a smarter grid. About half of the houses in the U.S. already have advanced, communicating electricity meters. Utilities worldwide are installing distribution automation equipment that controls power delivery. Water and gas utilities are beginning to investigate similar technologies. Despite the momentum and progress of this market, there are fundamental gaps in the security of the deployments.

The smart grid provides an incredibly lucrative target for attack. If unfriendly organizations could control some portion of the smart grid, they could cause catastrophic damage. By controlling a utility's communication network, they could mount attacks like a massive underreporting of electricity consumption or falsifying sensor data to induce a power shutdown.

Security is a hot topic today for the smart grid, and there has been some progress. Most communications now use standard cryptographic algorithms such as AES-128 to protect the data and commands on the utility network. However, there is an alarming lack of standards to address the protection of the secret keys or the life cycle of embedded smart grid devices. This is a dangerous situation. The cryptographic algorithms are a good first step to ensure secure communications networks, but the lack of key and life-cycle security mean that alternate attack points are likely. An attacker might try to get communication keys by physically inspecting a smart meter.

Securing the IoT

Ultimately, the smart grid should teach us that security must be designed in from the start of any IoT deployment. Let's look at the characteristics of an IoT and why it demands built-in security,

  • A multitude of remote, distributed sensors and control devices are deployed where they will not be supervised. Unlike an ATM with a security camera nearby, there is no oversight on a smart meter. This makes it easy for an attacker to acquire devices for study.
  • An IoT is likely to be deployed to help manage the health and safety of an important asset more efficiently. For example, a network of health sensors might monitor human lives and better control health-care costs. A network of automated vehicles could create safer and more energy-efficient transportation. These cases impact human health, associated medical costs, transportation safety, and energy efficiency. Such valuable targets increase the likelihood that attackers will try to exploit that IoT.
  • There are risks with machine-to-machine communication. When devices are communicating with each other with little human interaction, tampering may be difficult to detect until something catastrophic happens.

Just as silicon is one of the agents empowering the IoT, it is also a key factor in securing the IoT. Silicon integrating proven algorithms such as AES and elliptic curve cryptography provide toolboxes for designers to build secure applications. More advanced silicon like the MAXQ1050 and MAX32590 secure microcontrollers also have both secure bootloaders to protect the entire life cycle of products and physical attack detection to determine when someone is trying to pry secrets from a product. The silicon is available to secure the IoT, and it remains for product designers to secure future IoT deployments.

The Future of the IoT

The next question is not, "when will the IoT get here?" The smart grid IoT is already with us. Instead, the question should be, "what is the next IoT and how will it benefit people?" Security lies at the heart of an IoT and if an IoT can be adequately protected, the rewards to society could be dramatic.

Let's look at one of the next potential IoTs: smart transportation. Recall again the smart, connected car described at the outset. In its infancy, the idea of a smart car might be limited to delivering media content to vehicles on demand, and perhaps automatically requesting roadside assistance with specifics about a breakdown. But the promise of smart transportation has far more potential. Can we build a sensor grid and vehicles that talk to each other? Then with enough data cars can drive themselves, thereby improving safety. Furthermore, can these cars practice techniques like drafting at high speeds to drastically improve fuel efficiency? Can a sensor network with smart vehicles automatically direct traffic to the most effective route for fuel and time efficiency? We see news daily about autonomous vehicles that are approaching this goal, and the benefits would definitely help preserve precious resources: human lives, fuel, and time.

No one could argue against improving our management of those resources. But to get there, this Internet of Automobiles must be secure. An untrusted smart transportation system would be an unused transportation system! The good news is that the technology to secure both the smart grid and the Internet of Automobiles exists. Now it is up to the visionaries for the next IoT to embrace that technology and make sure that our future is secure.

References

Recall the Stuxnet attack in 2011. Tampered control systems were operating centrifuges slightly out of allowable parameters, but reporting that all was well. Eventually, the centrifuges were damaged and the nuclear processing capability of an entire plant was destroyed. In this case a tampered machine reported that everything was fine to another machine that did not have any other means of validating centrifuge status. No problem was reported until the centrifuges became physically damaged. See Maxim Integrated application note 5445, "Stuxnet and Other Things that Go Bump in the Night."

 

The Bluetooth word mark and logos are registered trademarks owned by Bluetooth SIG, Inc. and any use of such marks by Maxim is under license.

A similar version of this article appears on Smart Grid News November 26, 2013.

 

About the Author

Maxim Integrated provides ease of design, and speeds time to market, through analog integration. The company's analog ICs offer extra features and functionality carefully designed to streamline circuit and simplify design. Look to Maxim for solutions for consumer electronics, personal computers and peripherals, mobile devices, wireless and fiber communications, test equipment, instrumentation, video displays, and automotive applications. Maxim’s analog and mixed-signal solutions include data converters, interface circuits, power, RF wireless circuits, clocks and oscillators, microcontrollers (MCUs), operational amplifiers (op amps), and sensors.

More Content by Maxim Integrated