Cyber Proofing Devices and Data

Over the past decades it became evident that compromise of user and service accounts could play a major factor in high profile cyberattacks, ransomware and data breaches. Through compromise of user credentials, unauthorized access could be obtained to infiltrate networks, install malware (from exploits to viruses, worms, trojans, spyware, ransomware, rootkits, and bootkits), and infect computer systems for nefarious purposes. That led to server and data enclaves within Enterprise data centers under the surveillance of network and service operations center (NOC/SOC) administrators and operators. Later massive migration to the cloud-based platforms and micro-services ushered in the need for single sign-on (SSO), multi factor authentication (MFA), and tokenization for authorization and access controls. In the years ahead, advanced Artificial Intelligence (AI) powered malware will possess immense potential to unleash sophisticated cyberattacks. The staging surface for future cyber-attacks will shift to insecure legacy, brownfield, and greenfield devices. Insecure devices are the soft targets for hackers to infiltrate networks and services. The time has come to cyber proof devices.

Persistent vulnerabilities and exploits on devices

Reports published in 2021 described cyberattacks on small appliances (network routers) in branch offices using compromised administrator credentials to roll back the firmware to circumvent signature checks on secure boot, install malicious firmware, and use data packets for command-and-control of implanted backdoors to exfiltrate data, demonstrates the vulnerabilities and exploits lurking in autonomous lights-out devices. Ransomware has become the bane of NOC, SOC, and CISOs. Millions of Internet of Things (IoT) and operational technology (OT) devices worldwide are vulnerable to domain name service (DNS) based attacks that could cause denial of service or remote code execution.

In AI powered security controls, there is no human in the loop. AI is as unsupervised as the autonomous devices. Use of factory default passwords on headless devices are insecure and easily exploitable. Insider threats pose real challenges to password-based security policies for devices. Managing post quantum threats with quantum resistant cryptographic identities on devices, secure key distribution, and high velocity (automated and on-demand) key rotation will become essential safeguards. Preventing unauthorized overt or covert content downloads to autonomous devices in cyber physical systems and connected devices in controlled mission critical environments will require cryptographic keys, data diodes, and signature manifests for availability, security, and scalability to implement a categorically trustworthy network of users, client applications, services, and devices. Network based countermeasures (e.g., detection methods, brokers for bump-in-the-wire or bump-in-the-stack traffic encryption, and policy-based forwarding with device fingerprinting) and operating system dependent user access controls will not scale across heterogeneous devices, diverse security protocol stacks, and real-time low-latency application stacks.

Foundational first principles for trust in digitally connected things

Trust in devices begins with a device identity established based on immutable and/or controlled identifiers, such as for example a MAC address, serial number, ICCID, or IMEI issued by the device manufacturer (IEEE 802.1AR initial identifier), or a device hostname registered with a local Domain Name Service (DNS) by the device owner/operator (IEEE 802.1AR local identifier). The device identity is next implanted in a device credential such as for example a device certificate alongside an associated private key and the chain of intermediate and root certificates of a PKI service, or symmetric key (i.e., a device key or a derived device key). The device credential is required to perform a device authentication ceremony with a peer device to establish mutual trust. The device authentication requires verification of the device credential through a trusted authenticator such as for example a certificate authority (CA), registration service (e.g., Azure DPS), or a two-factor authentication method the includes the Dynamic Host Configuration Protocol (DHCP), DNS, and key distribution service linked to the operational domain of the device. Finally, the authenticated devices negotiate a secure session key (a symmetric key) based on the underlying communications protocol (IP or non-IP). The applications may then use the symmetric key for data/content signing and/or encryption.

Device keys and certificates provide identity for device authentication. Applications negotiate a symmetric key based on the underlying transport protocol for data protection and secure communications. Symmetric keys provide client authentication, message authentication, data encryption for secure communications, and data signing for content distribution with supply chain provenance. Certificates provide identity based on the subject name for server or client authentication, digital signatures for signing and verification, and the public key in the certificate may be used as a key encryption key (key wrapper) for encapsulated content. Further certificate validation of the leaf certificate requires certificate chain verification of all the linked intermediate CA certificates and the root CA certificate.

Techniques required to thwart AI powered cyberattacks

The following techniques should be used to implement device security policies.

1. Kill device passwords. Factory default passwords and long-lived passwords with a weak password change management policy pose high risks for cyber physical systems.
2. Use DHCP IP address pool validation to detect address spoofing by unauthorized devices.
3. Use DNS security extensions (DNSSEC) as the second factor for device authentication to authenticate the admitted device in the network domain.
4. Protect the shared and private keys. Use quantum resistant cryptography and a secure local element (e.g., Trusted Platform Module (TPM), Subscriber Identity Module (SIM), hardware, firmware, or software based Physically Unclonable Function (PUF)) for key protection.
5. Define quantum resistant symmetric key, asymmetric key, and certificate templates with strong encryption, signing, and hashing algorithms and key sizes.
6. Use strategic key rotation policies. The key is the key (no pun intended), and a change of watch-guard is required periodically for cryptographic agility, key privacy, and as a safeguard against internal, external, and side channel threats.

Countermeasures required to protect against AI powered kill chains

The following countermeasures should be configured at the centralized policy definition and remote management points and enforced at the distributed local policy enforcement points.

1. Ascertain legitimacy of every device admitted into the network with device two-factor authentication.
2. Plan migration to quantum safe keys and cipher suites.
3. Rotate keys on devices at high velocity and on indicators of compromise (minimize the infection dwell time).
4. Implement gated workflows with multi-person rules for digital content inspection and approval as a prerequisite to publishing updates to devices (in operational and information technology).
5. Data diode the devices. Download (pull) authorized content from authorized content stores only.
6. Verify the downloaded content against a signature manifest before applying updates. Notify device update status to upstream management services for track and trace of every update.
7. Use signed messages in all command-and-control plane traffic to prevent data-based attacks (for example, staged using nefarious packets to enable or disable backdoors and landed trojans implanted through unauthorized side channels).

Conclusion

Implementing a zero-trust network architecture for digital trust will require hardening devices, applications, networks, and services. Trust in data requires use of cryptography for integrity and confidentiality at-rest, in-process, and in-transit. The challenges herein include minimizing the impact to established manufacturer, application developer, and operator workflows; achieving the desired level of security, availability, and scalability for operational agility and resilience; and reducing the total cost of ownership with operational efficiencies and AI powered automation to augment human intelligence for risk mitigation with cyber proofed devices and data.