IoT Chains of Trust

Earlier this year, someone called The Janitor unleashed malware that bricked two million IoT devices. Dubbed Internet chemotherapy (ugh) by its author, the vigilante malware, called BrickerBot, first tried to mitigate vulnerable IoT devices, and then initiated a permanent denial of service (PDOS) attack on any device so poorly administered that it couldn’t be fixed. If your devices got hit, you had a bad day.

When innocuous IoT devices like personal video cameras are targeted by this sort malware, the consequences are obviously less painful. But when the hacking crosses that IT/OT threshold into more serious forms of industrial control where threat intensity is measured in units of human life, then attack consequences can be considerably more severe.

With this risk in mind – and spurred by Alberto Yepez of Trident Capital (where I serve as an advisor), I reached out to Bill Diotte and the Mocana team to deep-dive their IoT protections. Now, forgive me if my writing is a bit wobbly, but my head is still spinning from their no-nonsense technical discussions. These guys are experts and they don’t slow down for laggards. I scribbled ten pages of terse notes.

Here is the Mocana concept in a nutshell: Establishing end-to-end security from the IoT device to the cloud requires attention to device integrity, encrypted transport, and trust abstraction. The goal is to establish a clean, trusted endpoint, and to ensure that subsequent device updates and network connections to cloud applications always preserve that trust. If this is done correctly, the result is an end-to-end chain of trust from device to cloud.

The device itself is surrounded by a plethora of Mocana endpoint controls designed to ensure valid software updates, trusted boot processes, strong authentication using MFA, proper management of firmware, and secure user operations. All these functions are grounded in device-level hardware roots of trust, implemented using a variety of different means, including TPMs, HSMs, TEEs, and other trusted enclaves.

Trust is cascaded from the IoT device through gateways to the cloud application. Unlike techniques that restrict bidirectional communication, the Mocana approach enables dual handshaking, which is a requirement in many IoT environments. The networking protocols supported by Mocana include standard offerings such as IPSec, SSL, and SSH, all implementing FIPS 140-2 L1 encryption.

The result is a protection environment currently supporting over 100 million IoT devices operated by major companies such as General Electric, Siemens, and Panasonic. It’s rare that a product and company with such magnificent scale would be relatively less known in our security industry – but I think this is true with Mocana. It’s one of the most influential security companies that you might not know.

It is true that in brownfield IoT environments where legacy devices and systems prevail, SDK-based trust chain solutions might be more difficult (but not impossible) to integrate. And certainly, the challenge of validating security in cloud-hosted apps requires clever remote cryptographic checking. But for any company desiring more measurable and demonstrable IoT security, Mocana looks to me like an excellent option.

Go visit the Mocana site and have a deeper look – and please share your thoughts.