![Device lifecycle stages]( "Device lifecycle stages")
Figure 1: The device lifecycle process
With IoT devices, perhaps more than any other category, the phrase “baked in” has become synonymous with the approach required to ensuring each individual unit can be kept secure from the time it is manufactured to its end of life. Its meaning is that security should not be considered as an afterthought or an add-on feature but instead must be an integral part of the device's architecture and functionality. It begins with a secure-by-design approach that pays proper attention to security threats and effective defences from the early stages of development. This includes incorporating security features, implementing secure protocols, and conducting threat modelling and risk assessments.
Hardware-based security, leveraging components such as embedded secure elements (eSE) or trusted platform modules (TPMs), provides secure storage of cryptographic keys and credentials such as device identity, as well protecting boot processes and facilitating secure communication. In addition to benefiting from immutability, reliance on hardware components also overcomes the shortage of processing power, typical in IoT devices, that often prevents using complex software security algorithms.
Embedded security also encompasses the use of strong encryption protocols, such as Transport Layer Security (TLS), to ensure secure communication with other devices and backend systems.
Protecting firmware and software calls for the use of secure coding practices, with regular security testing and code reviews. Vulnerabilities must be swiftly addressed through patches and updates. It is also important to minimise device attack surfaces, by analysing and designing-out possible entry points or vulnerabilities and using secure memory management and input validation.
A mechanism for regular, secure firmware updates is also essential, to address security vulnerabilities and patch any security flaws. This usually requires a secure method for distribution and installation, such as over-the-air (OTA) updating with on-device firmware to check the authenticity and integrity of the code. Best practice is to check the code when the update is received and as part of secure boot-up each time the device restarts.
Supply-Chain Management
A comprehensive approach to device lifecycle management should also encompass supply-chain aspects such as the procurement of devices and testing against the specifications and standards for each, as well as logistics and distribution. This includes delivering IoT devices to various locations for deployment. As with manufacturing any other electronic devices, maintaining vendor relationships, quality control, and inventory management to avoid stock outages or excess inventory are important aspects of device management. Maintaining high standards of quality control prevents faulty or defective products reaching the market and ensures that IoT devices meet the specified standards.
Underlying everything, protecting the IoT devices and the data they contain – including intellectual property and any security credentials loaded at the time of manufacture - against malicious interference is extremely important throughout the entire supply chain.
One aspect that must be accounted for is unauthorized production. As an OEM, you typically want to be monitoring the actual number of devices that are effectively manufactured by your contracted partners. Making sure that the device is imprinted with a digital identity for which you or someone you trust controls the issuance is blocking unauthorized production attempts.
Finally, the OEM should also ensure secure firmware installation, meaning the capability to be certain that only the desired piece of software has been installed on the device, and in some cases making sure that this operation can be done while preserving the confidentiality of that piece of software during the operation. This is implemented using similar technologies than in the context of secure firmware update, but the initial installation is absolutely required as it is one of the crucial steps in maintaining trust in the device state.
Deployment and Provisioning
When managing the initial deployment of new devices to the network, it is important that settings are correctly configured for specific use cases or environments. Provisioning ensures that devices in the system are properly prepared to communicate securely, exchange data with other devices or the cloud, and perform their intended functions within the larger IoT ecosystem. The counterpart on the cloud infrastructure is to make sure that it is also configured to authenticate these devices and communicate with them in a secure way. This entails the registration of Certificate Authorities in the system, or whitelisting (and potentially blacklisting) certificates, or a combination of both.
Operational management
IoT devices need to be managed continuously, to perform the expected operational tasks for the duration of their expected lifetime. Monitoring device health, performance, and operational status on an ongoing basis allows the system to optimise the device settings and respond to events such as premature device failure or malicious damage. Monitoring can be achieved by analysing sensor data or by other means such as tracking connectivity statistics and power consumption, or by monitoring the device’s own diagnostic signals if available. In cases where device issues can be detected remotely, remote troubleshooting may also be possible, such as restoring settings or forcibly restarting the device.
Managing and deploying firmware updates, security patches, bug fixes, and feature enhancements is an essential part of device management, needed to keep devices up to date and secure.
Retirement and Decommissioning
Planning for the end-of-life phase of IoT devices is critical and can affect security as well as the environment. Poor disposal practices or simply leaving devices unguarded in the field at end-of-life creates risks such as data leakage and security vulnerabilities. If devices can be stolen or taken over, malicious actors may be able to recover sensitive information from the device. They may try to use stored credentials to gain unauthorised access to the host network.
Proper handling of data on retired IoT devices is essential and several relevant standards provide recommendations. These include ISO/IEC 27001, which offers a framework for information security management, including guidelines for disposal of media and equipment. The US security standard NIST SP 800-53 also has guidelines for secure data disposal, media sanitisation, and decommissioning of information systems.
Conclusion
Effective IoT device lifecycle management encompasses the strategic planning and coordination of activities across the entire lifespan of devices, from design and manufacturing, through operational management and maintenance during the normal lifetime, to retirement. Properly handling the end-of-life phase of IoT devices is essential to mitigate risks with data leakage and minimise security vulnerabilities as well as environmental impact.
This article closes the first part of this series that was focusing on the core concepts of identification, authentication, authorization, and life cycle management. The next articles will cover the different level of architecture involved into a typical IoT use case, from the devices to the network to the cloud infrastructure itself.
