ANSI SCTE 256:2019 pdf free download – IoT Security Considerations and Recommendations for Operators
Persistent memory is any memory that retains the data when power is not applied. Examples include flash memory, battery backed up memory, serial electrically erasable read only memory (EEROM), and hard disk drives (HDD). It can include firmware and configuration and general data. Configuration data includes critical data such as the device ID (e.g., MAC address) and encryption keys (e.g., root of trust, certificates), and non-critical data such as customer settings and operation rules. Persistent memory probes are a common method to locate vulnerabilities. This allows people to read the firmware programs to probe to look for vulnerabilities. While encryption of the firmware would be ideal, this is generally not practical for some IoT devices. However, obfuscation can add enough complexity to thwart most probes and is relatively simple to implement. Some examples are to swap address lines, swap data lines, and/or logically “exclusive or” all data with known values. Under all conditions, data integrity needs to be insured by using error detection mechanisms such as hashes or cyclic redundancy codes (CRC) as well as redundancy for critical configuration data, such as the media access control (MAC) address or encryption keys. If there is an error detected in the firmware, then the firmware should have a mechanism that puts the device in a “safe” mode that minimizes network interaction other than to download new firmware, or if not, cease all operation and be considered as a failed unit. If there are any methods to display status to the user in the device, (e.g., light emitting diodes, or LEDs), then discovering types of problems could potentially be made easier if there is a specific pattern displayed on the LED to indicate type of failure.
6.2.2. Non-Persistent Memory
Non-persistent memory is any memory that does not guarantee the retention of data when power is removed. Note that some memory might retain or partially retain the data depending on the length of power removal or if the device is rebooted. This memory can also be probed even though it is more difficult to probe than persistent memory. This type of memory includes dynamic random access memory (DRAM) , static random access memory (SRAM), internal registers, etc. Since this memory can contain firmware, working data, configuration data, buffers, etc., it is important that any memory which is externally available be obfuscated, and if the data is critical, preferably by encryption. Note that memory can be internal to the system on chip (SoC) but still be available externally, either through buses or via diagnostic ports, such as Joint Test Action Group (JTAG). It can be very difficult to obfuscate internal memory, and the better mechanism is to not allow access to any internal memory externally.