Design security into cameras, says consultant
Mark Hebbel, head of consultancy at Chainstep, on the importance of cybersecurity in vision sensors now that factories are more connected
The security of IoT devices is always a last thought in new markets. It is important to get the functionality working first, the AI, the network connection, the processing, and image capture. Without this functionality there is no point in having a secure system – there would be nothing to sell.
But at some point the system is so functional that hacking it becomes dangerous to the owner or the owner becomes unwillingly involved in an exploit.
Unfortunately securing a modern-day system is a lot of work. In this article I’ll cover some of the misconceptions I sometimes hear from colleagues and friends in the industrial machine vision space when thinking about device security. I’ll look at some of what should be considered when implementing IoT security measures – not an exhaustive list, but it is meant to give the reader an idea of the scope of the undertaking. I’ll also touch on the future of security in industrial IoT (IIoT), namely through mathematically encrypted blockchain technology.
‘I’m okay just using commercial software’
Often heard but it is not true. You cannot simply outsource the security topic without binding it into a concept (more about that later). A survey  of COTS vendors – well known companies like ABB, Arm, Bosch, Huawei, and Intel – showed regrettable statistics: 25 vulnerabilities are detected per device; 60 per cent has vulnerable firmware and user interfaces; 70 per cent do not encrypt any communications at all; and 80 per cent fail to request a password for authentication that has a secure length. Not a good basis for a secure system. Are these companies providing basic products which are then built into your products with more code and likely more vulnerabilities?
‘No one can find my device’
One argument not to improve security on the device is that the device is not discoverable – security through obscurity. There are so many things connected to the internet, many people think that their devices will be lost in the sea of other devices.
Unfortunately, this is not true. https://shodan.io/ is known as the google of IoT. With it you can quickly find any IoT device connected to the internet by searching for keywords. Try it out by searching for your own devices. You might be surprised by what you find and how much information is open to the world.
The classic machine vision architecture
The classic architecture of a machine vision system is normally a row of simple sensors feeding their information to a central PC, which itself processes and then outputs to a database. The connections to the PC are direct and non-standard, and the connection to the database is usually one-way.
With only one hackable PC the security requirements are straightforward: secure this one box. This is normally done by the IT department of the company installing the PC. But architectures are changing and the sensors are becoming smart and full of programmable components. This means each sensor must be protected and also normally the connecting protocols.
Modern architecture with firewall
Modern architectures often have smart sensors connected together in a network, with maybe several processing devices in the network. They often have a bi-directional connection to the cloud to send data and to receive software updates. All these individual sensors and processing devices can be hacked and have to be secured. With multiple devices, the chances of missing something goes up. In addition, the cloud connection has to be secure.
Often the entire system is inside the customer’s firewall. Many people see this as justification for not having to do anything about security for individual smart sensors, as these are all hidden behind the firewall.
This is, of course, wrong. If the attacker manages to get spyware inside the firewall on any device – for instance, by using an automatic update running over an unsecure server in the cloud – then suddenly the entire system is accessible. In February this year, the US government released a Federal Strategy  implementing a ‘Zero Trust’ network as a security measure to stop this line of attack. The strategy states that all objects in the network must be secure in case the network firewall gets penetrated.
Building blocks of IoT security
For security to be taken seriously, hardware, software and data must be considered together. Hardware needs a secure boot mechanism, a trusted platform module and, of course, where possible, physically secure. Software through the secure boot launches into a secure OS, with a secure communication stack, closed ports, and a firewall. Data stored on the device and in transit must be encrypted and securely hashed to make sure it has not been tampered with.
Security for a decentralised system is much more complicated than for a single PC. Challenges include algorithmic complexity – the sheer number of units – audit trail and decentralised ownership. The list of challenges gets longer for IoT, with difficulties in implementing access control while keeping the usability, systems being optimised for time-to-market or cost, and lack of accepted standard between manufacturers. On top of this, topics like human safety in process control, data storage locations and industrial sabotage are all relevant for industrial IoT. The list of considerations is much longer and continues to grow.
This is not meant to demotivate the reader but to encourage them to see this as an ongoing design issue for their product portfolio, and not just an extra feature they have to shoehorn in somehow. I recommend building a cross-portfolio cybersecurity team for the products. Getting this team to work with the experts in IT would also be beneficial, although this can be tricky since in most organisations the IT department normally has nothing to do with the engineering department or those involved in building products.
The future and where machine vision is special
Most security measures rely on a unique ID. This ID is then used to generate a private/public key pair, which is then used as the basis of all encryption and hashing functions. This ID has to be unique and if possible only reproducible by a certain hardware function so that the device cannot be replicated. This stops the attacker making a fake device with the same ID, a way to intercept traffic or produce fake traffic on the network.
One potential security measure in modern chips is the physical unclonable function (PuF). This hardware-based approach comes from quantum effects in the silicon of the chip, created during the production process. Another possibility is the sensor fingerprint from a vision sensor in a machine vision camera. These are created the same way as PuF and could be used as the basis of encryption. This would provide extremely strong encryption for any vision based systems.
This ID can then be read out and distributed. Most proprietary systems for fleet management currently use hidden databases controlled by one company, which do not encourage distributed systems made up from the products of different companies. The concept of a globally decentralised identity brings blockchain technology to the rescue. With it a globally accessible store of IDs and associated services can be produced, which is unchangeable thanks to high-end mathematical cryptography used in securing the chain. Such systems are being tried out by the author’s company in the Gaia-X  research projects funded by the European Commission. The collaborative project involves large names such as Bosch, together with modern blockchain companies like Iota and Ocean.
Cybersecurity is a topic which has become more important in a politically unstable world where the number of ransomware attacks increases every year. IoT devices are also susceptible to attacks, and may be used in these attacks. An IoT device in a smart factory which is subject to an attack could paralyse production and cost the company.
But cybersecurity is a race and continues indefinitely – just building in security as a feature is not enough. It must be continuously improved and updated for all products.
 Butun, I., Österberg, P., Song, H.: Security of the internet of things: vulnerabilities, attacks and countermeasures. IEEE Commun. Surv. Tutorials (2019). https://doi.org/10.1109/COMST.2019.2953364)
Chainstep, based in Hamburg, consults and builds trust, security and identity solutions with blockchain and self-sovereign identity technology in B2B.