What are Threat Models and Why are They Needed?
One of the most effective ways of understanding the security needed when creating connected devices is writing a security threat model. It helps you understand the security requirements that are particular to a device in the environment that it operates in. The process helps you clarify the things you are trying to protect, the assets, from the threats that you consider in scope. It is a necessary step in creating a structured risk assessment before you design at the component level. This type of process is now being recommended by forthcoming regulation, such as the EU Cybersecurity Resilience Act: “…they should determine which other essential requirements related to the product properties are relevant for the concerned type of product. For this purpose, manufacturers should undertake an assessment of the cybersecurity risks associated with a product with digital elements to identify relevant risks and relevant essential requirements and in order to appropriately apply suitable harmonised standards or common specifications.”
Unfortunately, our research in the annual PSA Certified Security Reports tell us that IoT developments rarely start with a threat model; after all, it’s much more fun to get started developing the product and getting it to work. We also know from our research that threat models are also seen as requiring specialist expertise that not many companies have.
To overcome this barrier, since the launch of PSA Certified, we’ve been building up a small library of threat models that you can use as a starting point. The newest ones come with a Creative Commons licence so if you have a similar product, you can add some assets and threats and create your own document tuned to your device and its intended use case. You can find out more about IoT threat modelling here.
Enter the Smart Lock
The latest threat model in the PSA Certified library, is the Smart Lock. We are getting used to authenticating and unlocking our electronic gadgets with a fingerprint sensor, a PIN, a glance into a camera or even our smart watch. Increasingly, this technology is being used more widely and is moving into our physical world. Smart locks are gaining in popularity for both hospitality and domestic use cases, and soon having a big bunch of keys in your pocket will become unnecessary.
The smart lock is a great example as to why a threat model is so important – the security required for a smart lock will vary considerably on what it is trying to protect. Ultimately, a $100 bike, a hotel room and a $5000 e-scooter will require different levels of security robustness and assurance. The basics of a smart lock are easy to visualize, there is an electro-mechanical system where a motor moves a deadbolt after user authentication. The authentication is often done through a keypad, biometrics or virtual keys, stored for instance on the wallet of a smart phone. In the example threat model, there needs to be at least connection to a local network or possibly bridged to the internet using a wireless protocol such as Thread.
Common Threats and Hacks for Smart Locks
When you look at the key functionality of these smart locks, there are three primary attacks we should be aware of and mitigating against.
- Impersonation: An attacker impersonates a legitimate user on the smart lock, either a regular user that can use the device (to lock or unlock a door) or an admin user. It’s possible for an adversary to do this if the user credentials have been obtained through default admin passwords, interception (for instance in insecure communication links), or exposed through data disclosure. The attacker may then use the device, modify configuration or try to modify firmware.
- Man-In-The-Middle attack: An attacker performs a Man-In-The-Middle attack or impersonates a server the smart lock connects to, for instance to download configuration or to upload the event logs. The attacker may rely on insecure communication links or prior modification of the server credentials on the smart lock through insecure configuration. The attacker may then access and modify Logs, Credentials, Configuration data.
- Firmware Abuse: An attacker exploits a flawed version of the firmware and obtains partial or total control of the smart lock. The firmware may have been modified prior to the attack to include a malware or consist of an outdated version of the original firmware. The attacker may for instance use data injection or modify on the device the value of the firmware certificate used to authenticate the installed firmware or firmware updates. Such an attack can allow for elevation of privileges, where a regular user gains access to admin privileges.
Mitigating Hacks on Smart Locks
As a first step the device manufacturer needs to consider basic security by design principles. PSA Certified has captured these as the ten security goals (similar to Microsoft’s seven properties of secure devices). These security goals are generic “best practice”. The threat model builds on these by considering the specific device’s assets and threats to provide a rationale for a set of bespoke security requirements.
The PSA Certified Security Model goals are generic best practice, which you can compare with a threat model for your product that it is tailored to the security requirements of your device.
How Threat Models Help
We know from our primary research, that the move to a bespoke threat model for your product can feel like a challenging step. This is why PSA Certified continues to invest in threat models to demystify the process and help you develop a set of security requirements that are right for your device.
Each of our threat models are examples to help inspire you to develop your own. Some are provided with a permissive creative commons licence so that you can alter them to your needs. For example, the threat model writer can determine if a physical attacker is in scope and what the requirements are for a hardware Root of Trust that protect the cryptographic secrets.
For the first time, we have written a device level threat model using GlobalPlatform’s SESIP Evaluation Methodology (EM). PSA Certified has supported chip RoT SESIP evaluations since 2021, and it’s growing in popularity. Choosing SESIP offers a more sophisticated EM with greater opportunity for the OEM to reuse the chip’s certificate. If the OEM wishes to do a lab-based evaluation of the device they can use the Smart Lock SESIP Profile to write their responses to the requirements (i.e. write their Security Target document).
When you read the Smart Lock Threat Model SESIP Profile (JSADEN020) don’t forget to read the appendices, as they contain useful information. Not only do we cover the analysis of the security problem that justifies the choice of the security requirements, but we also show in Appendix B how a PSA Certified chip’s Root of Trust can meet many of the requirements. This is particularly useful for an OEM, as they can choose an appropriately robust chip (e.g. PSA Certified Level 3 with physical attack resistance) to meet Security Functional Requirements (SFRs) such as Secure Storage and Secure Initialisation of Platform in their end product. This approach reduces the security investment needed by the OEM as they can reuse the chip’s existing certificate in a composition.
Threat Models can help you choose the right chip
When you have developed the threat model for your device you might decide that it needs to resist basic software attacks or that it needs to protect from substantial physical as well as software attacks. To help you choose a chip with the right level of assurance and robustness we have worked with the world’s chip vendors to get the Root of Trust in their SoCs evaluated using PSA Certified. You can choose from many solutions here that have been tested by 3rd party evaluation labs at one of these levels:
- PSA Certified Level 1 – the chip has a basic hardware RoT.
- PSA Certified Level 2 – the chip’s RoT has been lab tested and shown to resist basic software attacks.
- PSA Certified Level 2 + Secure Element – as PSA Certified Level 2 but with the additional benefit of crypto & keys having tamper resistance.
- PSA Certified Level 3 – the RoT protects against substantial physical and software attacks.
Securing the Future with PSA Certified
In conclusion, the first stage of PSA Certified is to analyze your security problem and understand the security requirements. This means that most developers should be writing a threat model to work out their specific security requirements. We know from our research that this is an area where many OEMs lack expertise. To encourage OEMs to start writing threat models PSA Certified has published a set of examples for different devices. These threat models ultimately reduce the time and cost of getting the security right sized for your product and can help if you want to get your own product lab evaluated in the future.
Acknowledgements
The smart lock SESIP profile was written by ProvenRun for Arm and published on behalf of PSA Certified PSA JSA members.