For the sake of argument, imagine it’s 2005 again. George W. Bush is President of the United States. Grey’s Anatomy is on TV for the first time. Apple iPods are all the rage and 3G connectivity is cutting edge.
Say in this scenario you’re a product engineer. Your job? Design security into your company’s brand-new device — and keep it protected as far into the future as 2025.
Even if you could have imagined the progression to high-bandwidth 5G cellular networks, the internet of things (IoT), mass-scale cloud computing, DevOps and whatever else, you’d have no practical way of knowing how to design for them.
Welcome to the perpetual use problem.
Securing the future
As noted in our recent white paper, products with long lifecycles are bound to outlast the original security measures built into them, especially as the pace of technological advancement speeds up.
So what are your options?
For most companies today the choice is a binary one — between building in protection that’s good enough for now (the “take your chances” model) or over-engineering security to lock everything up tight.
The trouble with over-engineering is that it’s inflexible, expensive and a poor fit for the real-world needs of IoT devices and supply chains. Usually it’s based on X509 PKIs, which are designed for contained, managed environments and devices that have the capacity to handle their own keys and certificates.
Today’s connected devices tend to be smaller-scale than that, without the intelligence or processing power for security functions like generating keys or enrolling certificates. They need something to manage security for them.
There is a third option, fortunately — a path that’s neither “hope for the best” or over-engineer.
An adaptive model
Basically, the ideal would be a security solution that suits present needs and can adapt over time as conditions change. As our white paper points out, first and foremost this requires some careful, collaborative planning and the establishment of a governance model that will last well beyond the careers of any particular individual. You need management structures that will endure.
On top of that human/organizational framework you also need a couple of key technical pieces: hardware trust anchors and right-sized security credentials.
Trust anchors basically sit at the top of a hierarchical security solution design and maintain the privacy of keys and shared secrets. They need to be tamper-proof and able to generate keys on their own out of the hardware.
With respect to credentials, it’s about balancing controls for integrity and confidentiality with the need to rotate keys out or supersede them as time goes by, leaving in the kind of flexibility that gets lost with over-engineering. The solution needs to provide a way of securely managing assets in untrusted environments (since supply chains are far more open-ended than enterprises), and also a way of replacing credentials quickly if trust is ever compromised (which is tough to do when keys are embedded in silicon).
A holistic, platform-based approach
Few manufacturing companies have the inherent expertise to manage end-to-end lifecycle security on their own — fairly, since it’s complex, specialized and has nothing to do with their core business. At ISS, we’ve developed a device lifecycle management (DLM) platform that oversees hardware trust anchors and firmware so OEMs can focus on service interfaces only.
It’s part of a holistic, platform-based approach outlined in our white paper . We invite you to download your free copy and take a deeper dive into the principles and practices that can allow you to beat the perpetual use problem and design in flexible lifecycle security that can last for decades.
