Professional Documents
Culture Documents
Designing A Secure Solution: Lesson 1 of 7
Designing A Secure Solution: Lesson 1 of 7
1 of 7
Designing a secure solution
When you design an IoT solution, you must address four key areas of security: types of
devices, potential threats, how to handle compromised devices, and understand the
business impact should different device types be compromised. In this section, you will
explore the design principles around a well-architected security framework, discuss the
AWS IoT device qualification program, and introduce Amazon FreeRTOS.
The goal of every IoT solution is to create an infrastructure that will enable ease of use,
flexibility, automated patching, and security. Security should be built into the fabric of
each layer of your design. To determine the potential security issues and how to address
them for each layer, here are some important questions to ask:
What types of devices are you deploying at the edge? You could be deploying:
Identify all the different types of devices in your IoT solution. Plan how to update firmware and
software. List the device physical locations and how you will track and update existing and
newly deployed devices. Understand and track how they behave, and plan to audit their behavior
to identify when they deviate from their normal behavioral patterns.
Physical security is compromised when a IoT device is stolen, disabled, or tampered with and its
internal systems accessed. For example, bad actors could drain the batteries and block alert
notifications, or insert a USB to introduce malicious code to, or extract data from, the device.
Network security can be compromised and data can be exposed, identities stolen, or packets
routed away from their destination.
Encryption compromises occur when bad actors gain access to security keys. When the keys are
breached, these unauthorized users can reconfigure the keys and take control of the device,
system, or environment.
What happens when a device is compromised?
When a device is compromised, the bad actor could potentially, but not always, access your
environment from within.
Ask yourself:
Incorporating these answers into your security design enables faster detection and response when
a breach occurs.
What is the customer and business impact if you experience a security breach?
A personal fitness device that stops tracking a person's steps is a nuisance. A hacked smart house
door-lock, where the owner can't get inside at 2:00 AM, creates a security risk. A person with
diabetes who has their insulin pump compromised and their Personal Health Information (PHI)
exposed to the internet could mean that the company is breaking both compliance, federal law, or
both.
Determine the impact and scope of various attacks and create unique response plans and
simulations. Doing this enables your teams to gain confidence in the plan and in their skills to
execute so that when a breach does occur, they can work quickly to reduce the impact.
Consists of the physical devices, the embedded operating systems, and the
device firmware.
Provisioning layer
–
One of the key value propositions of using AWS IoT is provided by the
ease with which data generated by IoT devices can be consumed by other
relevant cloud native capabilities.
IOT LENS
Enable traceability
Monitor, alert, and audit actions and changes to your environment in real
time. To automatically respond and take action, integrate logs and metrics
with systems.
AWS Identity and Access Management (IAM) ensures that only authorized and authenticated
users are able to access your resources, and only in a manner that you intend.
In the environment in which you define principals (users, groups, services, and roles), build out
policies aligned with these principals, and implement strong credential management. These
permission-management elements form the core of authentication and authorization.
Key Services
IAM supports the protection and management of credentials.
Additionally:
• AWS Security Token Service (AWS STS) lets you request temporary, limited-privilege
credentials for authentication with other AWS APIs.
• IAM instance profiles for Amazon Elastic Compute Cloud (Amazon EC2) instances enable
you to use the Amazon EC2 metadata service and managed temporary credentials for accessing
other AWS APIs.
Detective controls
Directive controls establish the governance, risk, and compliance models the environment will
operate within. By using detective controls, you can identify a potential security incident.
Asset inventory, auditing, and behavior analysis are different types of detective controls that
enable you to identify and react to unexpected activity.
1. Customize the delivery of AWS CloudTrail and other service-specific logging to capture
API activity globally, and centralize the data for storage and analysis.
2. Architects should consider detective controls end-to-end. You should not only generate
and store logs. Your information security function needs robust analytics and retrieval
capabilities to provide insight into security-related activity.
3. Deeply integrate the flow of security events and findings into a notification and workflow
system, such as a ticketing system, a bug/issue system, or other security information and
event management (SIEM) system.
Key Services
Infrastructure protection encompasses control methodologies, such as defense in depth, necessary to meet
best practices and organizational or regulatory obligations. It ensures that systems and services within
your workload are protected against unintended and unauthorized access and potential vulnerabilities.
Key Services
Amazon VPC security groups provide a stateful firewall, enabling you to specify traffic
rules and define relationships to other security groups.
AWS Shield is a managed distributed denial of service (DDoS) protection service.
AWS WAF is a web application firewall.
AWS Firewall Manager is a security management service to centrally configure and
manage AWS WAF rules.
Amazon Inspector is used to identify vulnerabilities or deviations from best practices.
AWS CloudFormation is used to create and manage infrastructure.
Data Protection
Data classification provides a way to categorize organizational data based on levels of sensitivity.
Encryption protects data by way of rendering it unintelligible to unauthorized access.
Key Services
AWS Key Management Service (AWS KMS) enables you to define encryption keys,
encrypt data, and protect keys with IAM and access policies.
AWS CloudHSM provides a hardware security module for managing your keys.
Amazon DynamoDB implements a fast NoSQL database. This can be used to store
encrypted content for your tokens.
Amazon S3 cross-Region replication enables automatic, asynchronous copying of objects
across buckets in different AWS Regions.
Amazon S3 lifecycle polices and versioning enable you to implement a backup strategy
and meet retention requirements.
Amazon Elastic Block Store (Amazon EBS) snapshot operations enable you back up your
volumes attached to EC2 instances.
Incident Response
Have processes in place to respond to and mitigate the potential impact of security incidents. Putting in
place the tools and access ahead of a security incident, then routinely practicing incident response through
test runs, helps you to ensure that your architecture can accommodate timely investigation and recovery.
Key Service
IAM is used to grant appropriate authorization to incident response teams in advance.
AWS CloudFormation automates the creation of trusted environments.
AWS CloudTrail provides a history of AWS API calls that can assist in response, and
trigger automated detection and response systems.
Amazon CloudWatch Events is used to trigger different automated actions from changes
in AWS resources, including CloudTrail.
AWS Step Functions is used to coordinate a sequence of steps to automate an incident
response process.
Lesson 3 of 7
IoT device security
Securing IoT devices
Your IoT environment can have an infinite variety of devices. You must determine the best way
to secure individual devices using standard IoT security rules as a guide. Two important concepts
to understand when discussing potential threats are attack surface and IoT infrastructure.
To learn more about these two important concepts, choose the appropriate card below .
Identify and eliminate unused entry points on your devices, field gateways, and backend
systems.
Know what IoT devices you have, where they are deployed or will be
deployed, and how to access the devices.
Disable unused features
–
If a sensor or an actuator isn't being used, then it's a liability that can be
exploited. Disable the device, quarantine it, remove it from its location. If it
can't be removed, verify that it is both disabled and tamper proof.
Remove insecure configurations
–
Not using a protocol? Not using that function of the device? Remove it or
disable it so that an unauthorized user cannot use it against you.
Reduce third-party dependencies
–
Use the least possible number of dependencies, such as third-party libraries and network
services.
The more dependencies you have, the more vectors for potential bad actors.
Secure-by-default configurations
–
Employ secure-by-default configurations across your IoT infrastructure.
Verify that security is built into your devices and configurations so that the device is
purposely built to be secure.
Update dependencies
–
Only add well-maintained dependencies, and establish a mechanism to keep them up to date.
Devices qualified under the DQP are listed in the AWS Partner Device Catalog, enabling AWS
customers to easily discover devices that are designed to work with AWS services and build on
the IoT expertise provided by the APN Partners.
Business
The AWS Device Qualification Program offers participating APN Partners
benefits for qualifying their devices:
Marketing
Participating APN Partners benefit from marketing opportunities and visibility to AWS
customers, AWS sales, and other APN Partners:
Technical
Qualification of devices offers product differentiation for APN partners and helps reduce
the integration friction for customers:
AWS IoT Device Tester for Amazon FreeRTOS and AWS IoT Greengrass allows
APN Partners to validate devices quickly.
Technical validation combines APN Partner and AWS expertise by helping
customers discover devices that are designed to work with AWS services.
When determining devices for your IoT infrastructure, one major consideration is the footprint of
the operating system on the device. A Microsoft Windows full installation, for example, would
be too large for sensors and devices with limited storage and limited memory capabilities.
However, the devices need to be able to communicate between them, gather data and transmit
that data to AWS IoT Core. So how do they do that? Enter the realm of real-time operating
systems (RTOS) and in particular, Amazon FreeRTOS. Amazon FreeRTOS is a real-time
operating system kernel for embedded devices. Amazon FreeRTOS remains open source and
free, although Amazon owns and is the caretaker of Amazon FreeRTOS. Let's take a moment to
discuss what this is and how it's implemented.
What Is Amazon FreeRTOS?
Amazon FreeRTOS is based on the FreeRTOS kernel, a popular open-source operating system for
microcontrollers, and extends it with software libraries that make it easy to securely connect customers’
small, low-power devices directly to AWS Cloud services, like AWS IoT Core, or to more powerful edge
devices running AWS IoT Greengrass.
Security Capabilities: Amazon FreeRTOS comes with libraries to help secure device data and
connections, including support for data encryption and key management. Amazon FreeRTOS includes
support for Transport Layer Security (TLS v1.2) to help devices connect securely to the cloud.
Code signaling: Amazon FreeRTOS also has a code signing feature to ensure that customer device code is
not compromised during deployment. It also includes capabilities for OTA updates to remotely update
devices with feature enhancements or security patches.
components required for device applications. This image combines functionality for the
applications written by the embedded developer, the software libraries provided by Amazon, the
FreeRTOS kernel, and drivers and board support packages (BSPs) for the hardware platform.
Independent of the individual microcontroller used, embedded application developers can expect
the same standardized interfaces to the FreeRTOS kernel and all Amazon FreeRTOS software
libraries.
Over-the-air updates
With over-the-air (OTA) updates, you can deploy files to one or more devices in your fleet.
Although OTA updates were designed to update device firmware, you can use them to send any
number of files to one or more devices registered with AWS IoT. When you send files over the
air, it is a best practice to digitally sign them so that the devices that receive the files can verify
that they have not been tampered with en route.
Lesson 4 of 7
Student exercise
A university library and the Internet of Things
Read the following scenario and write down or sketch out the necessary IoT devices,
infrastructure, and security measures you would need to accomplish both the customer asks and
objectives.
Scenario
As the administrator of a university library, you must create an IoT infrastructure that allows
students to easily identify and locate books, videos, and research material in the 27-story media
center and library. The solution must identify the availability status of various media, whether in-
stock or checked out; provide location information for the media by floor, aisle, and rack;
automate check-out of available titles; and include a value add that gives students additional
cross-referenced material. The solution must be secure and uniquely identify students.
Additionally, there must be a way to track print services and paper consumption. Each book and
media asset is fitted a smart sensor when it arrives in the library and before it goes into
circulation.
Take a moment to design your IoT Solution:
Look at the solution listed below when you are done.
Solution hints
–
1. Most students have a smartphone. How could you use this for
authentication?
2. What about searching the card catalog electronically?
3. What about smartphone app usage? How could you use this to cross
reference material?
4. Online database?
5. App authentication?
Solution suggestion
–
Depending on budget and resources, there could be many different potential solutions
to the university library scenario.
Below is only one idea. As you review it, ask yourself these questions:
How closely does your solution match?
What could be done better in the solution below?
How could you make this solution more secure?
What additional ideas could you add to your solution?
Potential solution
To verify their student status and account information, students can
authenticate to an application on their smartphone, using their student
ID, a password, and a security question.
Each book sits in a bin or on a cart with an IoT device sensor that
tracks the books in the bins and the location of the cart in the library
to ensure that no book leaves the library without being checked out.
The application contains access to the library catalog and can query
for book titles. The smart-sensors within the books update the catalog
with their status: IN or OUT.
When selecting a title, the application lists the location of the book
and brings up an interactive map to guide them to the proper area.
Sensors in the ceiling of each floor level track their location and guide
them to the book.
Additionally, the application cross-references the topic and author and
displays additional materials for consideration as a value add.
Checkout of the media is accomplished through the application.
Lesson 5 of 7
Best practices
As you move through your IoT journey, you will see many best practices listed and many
recommendations made. Remember that IoT is ever-changing and maturing, and so will the list
of best practices and recommendations. Periodically review them when you review and update
your security designs.
Below are a list of fundamental IoT security best practices from the topics you've just reviewed.
1
Incorporate security during the design phase.
2
Build on recognized IT security and cyber-security frameworks.
3
Proactively assess the impact of potential security events.
4
Reduce the attack surface of your IoT ecosystem.
5
Use the principle of least privilege.
For additional information on IoT security and the Ten Security Golden Rules for IoT
solutions, choose IOT GOLDEN RULES.
IOT GOLDEN RULES
The Internet of Things on AWS – Official Blog
Ten security golden rules for IoT solutions
by Nima Sharifi Mehr | on 20 AUG 2019 | Permalink | Share
The Internet of Things (IoT) solutions help transform your operations and customer experiences
across a variety of industries and uses. That unlimited opportunity brings excitement, but it also
brings security, risk, and privacy concerns.
To protect customers, devices, and companies, every IoT solution should start and end with
security. The best IoT security solution offers multi-layered protection from the edge to the
cloud, letting you secure your IoT devices, connectivity, and data.
Ideally, you could rely on a publicly known and reusable list of security practices for every
building block in your IoT solutions that are aligned with your unique requirements and
constraints. However, in reality, you must plan at least some of your security strategy yourself by
using security rules as your guide.
I compiled the following best practices to help you protect your business and IoT ecosystem,
from design and implementation to ongoing operations and management. A list of high-level
recommendations follows each rule as well. These recommendations are not an exhaustive list
and only clarify the underlying concepts behind each rule.
Glossary of terms
Familiarize yourself with the following terms to help you navigate both this list of best practices
and the larger world of IoT resources that exist across the internet.
Attack surface: All entry points of your systems that a bad actor could target to obtain
unauthorized access to your assets, such as sensitive data, device functionalities, or computing
and networking capabilities.
Deployment artifacts: All source code, configuration, and binary files that users need for secure
and reliable software or firmware installation on IoT devices or general-purpose hosts.
IoT ecosystem: All elements and building blocks of your IoT solution, including device
hardware and firmware, on-premises and in-cloud systems and software, and processes such as
device manufacturing, shipping, and provisioning.
Principle of least privileges: A security best practice to only grant identities with the least
number of privileges required to perform their intended operations within expected contexts.
Threat model: A living document that captures your assets and the systems that interact with
them. It also includes the trust boundaries of your systems and their entry points, relevant threats
to your assets, and corresponding mitigation or accepted risks.
AWS resources
AWS provides the following assets and services to help you identify, sort, and secure your IoT
assets:
Security and Identity for AWS IoT
Amazon Cognito, a service that provides authentication, authorization, and user
management for your web and mobile apps
AWS Identity and Access Management (IAM), a service that enables you to manage
access to AWS services and resources securely
AWS resources
AWS provides the following assets and services to help you authenticate and manage access:
AWS resources
AWS provides the following assets and services to help you encrypt your networks:
AWS IoT SDKs, to help you securely and quickly connect your devices to AWS IoT
Amazon FreeRTOS Libraries, to provide additional functionality to the FreeRTOS kernel
and its internal libraries
AWS resources
AWS provides the following assets and services to help you organize and maintain a continuous
development and deployment pipeline:
AWS resources
AWS provides the following assets and services to help you monitor your security at varying
levels:
AWS resources
AWS provides the following assets and services to help you monitor the integrity of your
security apparatus:
AWS IoT Device Defender
AWS Config, to assess, audit, and evaluate the configurations of your AWS resources
Amazon CloudWatch
AWS resources
AWS provides the following assets to help you determine the effects of a security breach:
AWS resources
AWS provides the following assets and services to help you analyze and reduce your attack
surface:
AWS resources
AWS provides the following assets and services to help you limit access to data and other
resources:
AWS resources
AWS provides the following assets and services to help you keep up-to-date on security news:
Conclusion
This post reviewed some of the best practices for keeping your IoT infrastructure secure. I hope
this helps guide you in your efforts to protect your IoT devices, their connectivity, and the data
that they generate. To learn more about how AWS IoT services help you achieve end-to-end
security for your IoT solutions, check out the on-demand webinar, Securing Your Devices from
the Edge to the Cloud.
If you have your own best practices for maintaining IoT security, comment here to share your
insights.