IIoT security when using passive RF devices

The Industrial Internet of Things (IIoT) is expected to add tens of billions of new Internet endpoints over the next decade. This new infrastructure will provide opportunities to reduce operating cost, reduce risk, and to capture new revenue streams across a wide variety of applications and use cases. However, these billions of new endpoints also provide a tempting target for malicious actors.

Security is a fundamental issue in the design of IIoT infrastructure. Typically, the major focus for security in IIoT deployments include protecting data integrity, authenticity and ensuring data privacy while also preventing the many new IIoT endpoints from becoming entry points to hack into enterprise systems. Many of the IIoT endpoints are simple sensors connected directly or through WiFi/Bluetooth to the existing network.

Security in the IIoT

The endpoints vary widely in how effectively they have implemented authorisation and authentication, data transport encryption, and secure web interfaces. Vendors are working actively to manage both the actual risk and customer perception. For example, in the consumer IoT market, Google’s Nest home thermostat and smart home hub has implemented a bounty program to reward users who identify vulnerabilities that need to be closed.

Passive RF data and sensor tags, which connect to the network via a UHF reader, are expected to become an important segment of IIoT endpoints — numbering in the tens of billions. Approximately 5 billion devices were sold in 2015 alone, primarily simple low-memory tags used for tracking consumer products through the supply chain.

However, the latest generation of passive RF chips can store 3000 times as much data, and can incorporate sensors. The cost, durability, and simple deployment characteristics (no battery or external power required) of the RF data chips make them attractive for IIoT use cases such as capturing and storing operational and lifecycle history data to the point of use. For these devices security need to be considered at the device, reader, and network level.

Protecting data at the endpoint

The data on a passive RF device can range from a product code and authentication signature to extensive operational and life cycle history data. In any case, the integrity of the system is dependent on preventing data from being accessed or changed by unauthorised users.

Passive RF devices have an inherent advantage in that a reader and physical proximity to the tag are required to read or write to the data. Readers typically have a relatively short range, so in a secure location the risk of unauthorised readers, unauthorised writers, or tag cloning is minimised. Additional security measures will be important for chips which are located in areas where access by unauthorised readers is a possibility.

Most passive RF chips currently adhere to the EPCglobal Gen2 standard. Version 1 of the standard has some basic security capabilities, such as a 32 bit password that allows authorised users to lock the read/write capability, or to permanently disable the chip with a 'kill switch'. Version 2 of the standard has recently been adopted, which adds more secure passwords, encryption, and additional security options.

Most consumer RFID chips contain only a 96 bit EPC code, and a small amount of additional memory for management and security. Hence security capabilities are inherently limited by the small memory footprint. There is simply no room for long passwords or for security certificates. High memory data and sensor tags provide many more capabilities for managing and securing data.

Some of these tags have an advanced memory management that allow data to be password protected at the partition level. These tags come with the capability to facilitate the integration with standard computer file system. The expanded memory capability also provides the ability to use more passwords than the current 32 bit EPC standard, as well as to add digital signatures or certificates authenticate each record on the tag.

Protecting data transmissions and network access

Readers may be fixed location hardware, or portable devices — which are increasingly based on smartphones or tablets. Portable readers in particular need to ensure that the user is authenticated. This will typically mirror the authentication used for other enterprise services distributed to smartphone or tablet devices. Protecting the device to reader transmissions from 'eavesdropping' by non-authorised readers is another important consideration. The EPC Gen 2 V2 standard is 128 bit encryption. However some vendors already provide the capability to utilise other standard encryption tools — such as RSA 512 bit.

The fixed location hardware is typically connected to an internal network in a company owned facility, which makes it easier to manage hacking vulnerability and data transmission risk. Portable readers may often be used in remote location and connect back into enterprise systems over public networks. So deploying appropriate authentication, transport encryption, and secure web access is necessary for these devices, as with other enterprise services deployed on these devices.

Passive RF devices are expected to become an increasing share of IIoT endpoints in industries including aerospace, healthcare, energy production, and manufacturing. Although RF tags used in consumer applications have inherent security limitations, today’s new generation of high memory data and sensor tags can be implemented while meeting the security needs of almost any use case.

Bill Stevenson, Executive Director, Tego Inc.

Image Credit: HelloRF Zcool / Shutterstock