A system that is secure throughout its entire life cycle


11 May 2015

Cybersecurity is a trending topic. Lots of things are being written and said about this subject at the moment. The Global Conference on Cyberspace 2015 (GCCS2015) is a good example. It’s a good thing that this topic is getting the attention it deserves, because raising consciousness of the issue is an important step towards improvement. But it’s also important to keep it real when it comes to the kind of measures individuals or organizations should be taking. 

Article from Objective 23, 2015

Of course it can’t be denied that there is a rise in cyberattacks. Cyberattacks have recently been reported on companies such as Sony, Belgacom, ASML and Gemalto. The increasing number of reports of companies that have been hacked only offers a glimpse of the problem. Because how much do we actually know about our digital connection with the outside world? And what does that mean for individuals and businesses?

Everything connected…

An important reason for the growth of cyberthreats is that more and more things are connected to the internet. Not only laptops and smartphones, but all kinds of sensors, actuators and other devices; the ‘Internet of Things’ (IoT) – see also 'Coupler of ‘big data’ - The world as a sensor'. This means we have to start giving serious thought to security. At first sight, you might think that the threat of hacking a coffee machine is relatively small. But it can have far-reaching consequences if a hacker manages to gain access to the company network through the coffee machine in the canteen, and thus succeeds in obtaining business-critical information.

Security analysis

Properly protecting a product begins with making a sound analysis of the items that need to be protected, of the threats and of the measures that have to be taken. The threat can be expressed in the amount of time and money that someone might be prepared to spend on trying to gain access to a particular item. Thus a criminal will be prepared to invest a lot to hack a payment system, but will be less interested in attacking a smart TV. The challenge is to find the right balance between the threat and the measures that have to be taken.

It’s also important to distinguish between targeted and non-targeted attacks. In the first case, the cybercriminal consciously tries to hack the system in question. In the second case, the criminal uses various scanning methods to find weak systems on the internet and to use these for criminal activities (for instance to send spam). The scale is enormous: hacking the latest smartphone means gaining access to millions of devices around the world. Not to mention the fact that access to a ‘hacked’ system can be sold to the highest bidder.

Open standards

There are a number of good standards available to safeguard the confidentiality and integrity of the data that we send along the digital highway, for instance AES, RSA, ECDSA, ECIES, ECHD, SHA2, HMAC and PBKDF2. These have been tried and tested over the last few years and offer sufficient protection if the right encryption size is used. An important aspect is the openness of these kinds of algorithms. In the past we have seen too often that ‘security through obscurity’ has a very limited shelf life. Making algorithms open source, and preferably also the implementation, is the best way to prove that proper provision has been made for security.

Hostile environment

This means we have the right algorithms to communicate safely. The first major challenge is in the implementation of the algorithms. Increasing numbers of components are being used in environments where criminals have access to the physical device that safeguards security. Chip cards are a good example. This trend will continue in IoT. For these kinds of products, it’s important not only that the algorithm used produces a safe result, but also that no information is leaked in the calculation process. Technologies such as Differential Power Analysis (DPA) allow hackers with limited means – less than € 2,000 – to hack devices that use safe algorithms but are not designed to protect against DPA , and this in a short period of time.

Key management

A second aspect that we think represents a major challenge is in realizing proper generation, distribution and storage of the key; i.e. key management. Even though a home has excellent hinges and locks, if the whole neighborhood has the same cylinder lock, the situation is not safe. Even if you can trust every single person in the neighborhood, it only takes one neighbor to lose his key to give a criminal access to all the homes. Of course this also means it becomes much more interesting for the criminal to try and get hold of that particular key.

In addition, it’s important to have key diversity. Criminals should not be able to guess a key or to try brute force. This means that digital keys need to be long enough, but also that when they are being devised, the chance of generating each key has to be equal. In a world in which everything is connected safely to the internet, distributing unique keys in a secure and user-friendly way is a challenge. It’s important that this becomes an integral part of the life cycle of a product or service. Suppliers should already be doing this during the development of the product.

Limited shelf life

The shelf life of any safe solution is limited. Something that was regarded as perfectly secure yesterday can today have a huge leak (for instance Heartbleed). It’s a rat race in which you have to proactively try to keep up and pre-empt potential new threats. We’re used to this already when it comes to PCs; we regularly get new updates which we install automatically. The phasing out of Windows XP shows that the life span of software ends when the supplier decides not to supply any further security updates. Given the emergence of increasingly powerful digital means – and soon even the rise of quantum computing – security methods that are currently sufficient will no longer be so in a few years’ time.

It’s necessary to have an active policy to integrate security updates in products and services. And it’s important not only to think about security during development, but also to embed this in the entire life cycle of the product or service. Suppliers of IoT products often think about the possibilities of updates only to a very limited extent. And if they do provide updates for their products, not all users implement them. This is why suppliers should adopt a strategy of standard automatic updates for this kind of product, just as they do for PCs.

Security by design

Security should be an integral part of the design and development process of each piece of hardware and software. Adding security afterwards to a product that was not built with security in mind, is expensive and often ineffective. Technolution is calling for an active policy of security by design: this means taking security aspects into account from the very beginning of a project. It involves not only preventive measures (access control, encryption, key management etc.), but also intrusion detection and response. The goal must be to have a system that’s secure throughout its entire life cycle.