I am constantly confronted with the challenging task to specify and implement security aspects for different IoT (Internet of Things) projects. Let me take a current project in the Automotive sector to illustrate a deep dive into the security matter.
One thing that needs to be considered is that it is very important to get to know your customer´s value and to understand why these are the values that are so important for him. Let´s start here with a threat analysis as this kind of analysis should always be the first thing when you start a new security concept.
Our threat analysis usually focuses the following three points:
- Where (Client/Server/Database/RAM/etc.) is the safety-relevant data located?
- Which are the possible security threats?
- How likely is the exploit of an identified vulnerability?
The threat analysis result of the Automotive project used as an example in this post was a list of 18 security relevant points (a variety of them are displayed in the illustration below). Some of them are solved simply by establishing a secure server connection (SSL). Others are more delicate. For example, securing a native software that is connected as a thing in the IoT project. In this case, the connected native software has a huge economic value and securing it has to be done extremly rigorously.
Another point is the data on the static content server (see illustration point 12). This data has to be strongly secured because it contains information that secures the competitive advantage of our customer.
Don´t ask me for discussing these findings in more detail ;-). But I will explain how we mapped these findings to the software architecture in order to simplify the discussion with our customer.
In order to discuss the potential security threats, we came up with a profound security map. This map is a simple representation of the security threat point, including their localization within the software architecture. Our experience shows that you get almost immediate buy-in from the customer. Using this kind of illustration, the customers feels familiar with his components and you can fully concentrate on the security topic. The following illustration shows a generic IoT software architecture mapped with some typical findings from a threat analysis in this field.
Needless to say that the illustration is anonymized for safety reasons :). Also, not all of our findings are shown in the security map to keep it simple. We´ve used the computer chip and the light bulb (both on the left) to illustrate an internet-based connection to a device (thing).
With this short intro, I hope I managed to illustrate how, at Bosch Software Innovations, we basically approach threat analysis. Now I would like to pass the ball to you: Which methods have proven well in your threat analysis practice? Do you identify different or even much more focus areas?
In my next post in this security series here in the Bosch IoT blog, I’m soon going to explain how we managed to resolve potential security threats in IoT software architecture. Stay tuned!