Internet of Things

Always be one Over-The-Air (OTA) update away from (re)securing your IoT devices with a Quarkslab protected firmware

Deployed IoT devices face continuously evolving security threats, and must be regularly (re)secured against these threats. With its IoT security solution, Quarkslab empowers IoT device makers and fleet operators to embed new defences into the firmware, irrespective of their generations and capabilities and securely deploy them via an OTA update with a third-party solution.

A solution built with our partners for the IoT ecosystem

LEVERAGING OUR +10 YEARS EXPERTISE IN IoT SECURITY

Since our inception in 2011, we have provided services to IoT device makers looking to design their devices securely. We are also specialists in IoT Incident Response or reimplement security after a breach or when a vulnerability is discovered.

Read more about our services

Read our latest blog post on auditing a smart lock

The key challenge for IoT project leaders:

balancing between operational concerns and security risks

Operational challenges

Optimizing costs is key

Controlling the Bill of Material (BOM) when deploying thousands of endpoints for a specific use case is no easy feat.

On top of costs directly related to operations, finding the right balance between security versus capital expenditures is crucial and challenging to navigate.

In this balance, security represents a non-negligible cost, and while necessary, operational features bringing value to the project are often prioritized.

Provisioning is hard and difficult

Getting thousands of devices configured in the same fashion while ensuring that they will send a beacon home; well it is easier said than done.

Of course, there is always the possibility to provision at the factory just right before units are sent to the markets.

But what happens when the provisioning system and processes are updated to a new generation, which is of course incompatible with the existing factory-based provisioning?

Managing hardware heterogeneity and multiple versions of devices

Saying that IoT is a fragmented ecosystem would be an understatement. IoT devices will be made of various hardware coming from different manufacturers in the quest for performance and controlling costs. Often, the same device can change components over generations to achieve these two previous objectives. In the end, managing the security of different hardware platforms and several generations of devices seems an almost infeasible task.

Device management: monitoring and reporting

Enterprise and industrial IoT use cases necessarily need a device management capability, allowing for devices to connect to a back-end system.

At the same time, fleet operators must have a complete vision of the status of IoT devices for them to manage device inventory and replacement efficiently.

IoT device security risks

Tampering of a device leading to the compromise of the information system

An attacker taking control of a device now can understand its inner workings and will try to move laterally to compromise the central point where each data point is sent.

Corruption of the device leading to data integrity attacks

When an attacker corrupts a device, it leaves the possibility for the attacker to send forged data to the back-end systems.

In the case of a healthcare device such as a post-surgical patient monitoring device sending back health data points, incorrect data could lead to a safety issue.

Device cloning/counterfeiting

A lack of protection measures against this threat such as firmware diversification can lead to the copy of a device by an external party. In this threat model, an illegal copy could be made by an attacker dumping the device firmware or even a third party in the supply chain, when the software is sent to the factory in order to flash the device before shipping.

Intellectual Property (IP) theft

Valuable Intellectual Property such as machine learning models or algorithms can be extracted or reconstructed by an attacker with some reverse-engineering skills by simply studying the device.

AGILE AND AFFORDABLE IoT SECURITY

For Device Makers

  • Reduce your security costs by using agile software security
  • Reduce your operational costs with a seamless provisioning and update system

 

For Fleet Managers

  • Gain instant visibility on the security status of your IoT fleet
  • Easily update and (re)secure devices with an OTA (Over-the-Air) update

 

The right security and operational stack for the IoT

Each one of these threats can be countered with the alliance of these crucial elements, from Quarkslab and its technological partners

Hardware security features

These features establish a Root of Trust (RoT) on which we can build to attest of the device integrity:

Features:

  • Trusted Platform Module (TPM)
  • Secure Element
  • Trusted Execution Environment (TEE)

Read more about STM32 (MCU) portfolio

Read more about STM32 (MPU) portfolio

Leveraging Software Security

These items are crucial to protect the application and the device against an attacker looking to extract valuable secrets or study the device.

Features:

  • Intellectual Property (IP) Protection: code obfuscation (protection against reverse-engineering)
  • Firmware protection: anti-tampering features
  • Device integrity: remote attestation

Read more about Quarks AppShield

Device Management Solution

A device manager enables IoT devices update, allowing to push new features and security updates, as well as monitoring.

Features:

  • Over-the-Air (OTA) updates
  • Device monitoring

Read more about the Mender solution

Software provisioning and secrets management

Software identifiers can bring much more flexibility than hardware identifiers for device identity.
White-box cryptography allows hiding cryptographic keys in software and has the advantage of providing a good security level while being more flexible and much less costly than a hardware identifier.

Features:

  • White-box cryptography: hiding cryptographic keys in software
  • Digital Vault: Key/certificate provisioning using hardware security features

Read more about Quarks Keys Protect

Read more about Quarks Digital Vault

 

Security is never too late: we can bring agile and affordable security at any stage of your project!

Ready to (re)secure your IoT devices? Reach out to our team for a consultation