Hack-proof drones offer antidote for IoT security “naiveté”: NICTA researcher

Granular, mathematically-proven security controls built into NICTA's military-grade seL4 operating system will provide a model for countering the “naiveté” of Internet of Things (IoT) developers favouring functionality over security, the head of the organisation's Data61 research program believes.

Developers of IoT devices – which include a growing flood of connected smart watches, home-automation, smart-Internet, sensors, drones, cameras and other equipment that is testing the industry's security capabilities, raising privacy concerns and spurring entreaties for caution from security researchers – have shown “a lot of the same naiveté as in other areas ten years earlier,” professor Gernot Heiser, head of NICTA's Embedded, Real-Time and Operating Systems (ERTOS) Research Program, told CSO Australia.

“Those people are thinking of functionality, but not of security. A lot of people think about functionality but at the moment security is still in the minority. But it's really important that we change that mindset.”

The sense of urgency around addressing the biggest problems with IoT security was rapidly growing after hacks on conventional equipment such as the Jeep Cherokee that was sensationally remote-controlled by hackers earlier this year.

Growing fleets of autonomous cars could, Heiser warned, pose public-safety and economic risks if they were hacked and similarly controlled by malicious outsiders; such threats recently drove the UK to set new rules for driverless cars and inspired Intel to set up the Automotive Security Review Board to focus efforts around car security.

Medical equipment was also, frighteningly, proving exposed as “mushrooming functionality” and improved connectivity to equipment like pacemakers was creating looming security threats. “Security is becoming a safety issue,” Heiser said.

Recognising the need for embedded computing environments to be completely secure, Heiser and his team have spent years tweaking the seL4 environment, a free platform that has been designed from the ground up for security.

Its 10,000 or so lines of code – a fraction of the 10 million lines in the Linux kernel, for example – have been mathematically proven to be completely secure, and a recent field demonstration showed why this was important as researchers hacked into and crashed an off-the-shelf Quadcopter drone – but proved unable to compromise a similar device running an seL4-based controller.


“The interesting thing is that we could take an existing vehicle, with all its negatives, and secure it in some way,” Heiser said. “It's always easier to build something from scratch when you know what you're doing, but it's a bigger challenge to convert something and make it more secure.”

The seL4 microkernel has been built using a minimalist approach with carefully architected hardware wrappers, which provide hooks into the overlying components that control specific functionality of each device.

And while those components were not always as secure as the underlying kernel, its intrinsically secure design was able to isolate the components from systems' core functionality.

“We have high-assurance ways of gluing these components together and ensuring that their interaction is secure,” Heiser said. “Trustworthy components can interact with untrustworthy components, but in a very controlled way.”

Unsurprisingly, the team's work has found great interest within the military community, and the Data61 team has been working with DARPA's High-Assurance Cyber Military Systems (HACMS) program to build on its secure kernel work as part of the five-year, $US18m Secure Mathematically-Assured Composition of Control Models (SMACCM) project. SMACCM, of which the drone demonstration was a recent deliverable, combines teams from NICTA, Rockwell Collins, Galois Inc, Boeing, and the University of Minnesota.

“The core technology, in terms of the OS kernel, provides very strong isolation guarantees and is hack-proof and crash-proof,” Heiser says. “Using this platform, we can just replace a lot of the existing software and develop everything in a more fundamentally secure way.”

With the usage and capabilities of IoT devices exploding – their common vulnerabilities and methods for securing them have become a fundamental part of the security-industry conversation. Organisers of this year's Def Con organised a special workshop for IoT hacking whose sole purpose was to compromise such devices.

Read more: ​The week in security: Open season on IoT, Android as executives slammed on poor security

Vendors are starting to work towards building IoT frameworks that facilitate management and security of large fleets of devices: Verizon Enterprise Solutions launched one such solution earlier this year, as did Fujitsu. LogMeIn this month updated its Xively Identity Manager with an IoT focus, while startups like ZingBox are garnering attention for their specific focus on IoT security.

There will surely be more hacks before manufacturers get a handle on what it takes to do IoT securely, and a recent survey suggested that most Australian IT departments still lack the skills to implement IoT correctly.

However, work like NICTA's is at least starting to attract some interest. Discussions about channeling seL4's legacy into the IoT industry had produced “nothing concrete” yet but Heiser said the organisation is having “a number of conversations with people operating in that space”.


Want to know more?

Why not become a CSO member and subscribe to CSO's mailing list.

Get newsletters, updates, events and more right here.


Join the CSO newsletter!

Error: Please check your email address.

Tags boeingHack-proof dronesOS kernelData61University of MinnesotaIoT securityGalois IncRockwell CollinsIoT hackingnicta

More about AssuranceCherokeeCSOIntelLinuxLogMeInNICTARockwellVerizon

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place