February 25th, 2018 by
The need for technologies that manage and secure digital devices grows as the Internet of Things becomes more prevalent. One thing that facilitates device security and management is having a reliable operating system. However, IoT is not just about devices; it also focuses on a service ecosystem that offers maximum value and functionality to its users. To ensure this, Windows 10 IoT Core adds a myriad of security features to operating systems as discussed below.
ASLR, DEP and Control Flow Guard
Unlike most IoT devices, Windows 10 IoT Core implements modern exploit mitigations. All default executables are compiled with DEP and are ASLR enabled. The IoT Core supports 32-bit boards, so its ASLR implementation is bound to have a lower entropy in comparison to a 64-bit implementation. All installed binaries contain control flow guard that are controlled on apps by developers by executing the /guard: cf switch building configuration setting.
TPM (Trusted Platform Module)
Trusted platform module is a secure crypto-processor that enables creation and storage of cryptographic keys. It is an important security element because some security features like BitLocker and Secure Boot can only work effectively in Windows IoT Core if TPM is installed. There are three TPM types: Firmware TPM, Discrete TPM, and Software TPM. Firmware TPM can be enabled in Minnowboard max and Dragonboard 410c,but is not available for implementation on Raspberry Pis. Discrete TPM can be used on IoT devices that do not use Firmware TPM. Discrete TPM is attached to the developers’ preferred board. Software TPM offers a software interface for apps but does not guarantee security. However, it allows app development on devices without TPM and later, the deployment of such applications on TPM devices without changing your code.
This security feature protects a device from being tampered with when booting by preventing the system from running binaries not digitally signed by the particular authority. It protects systems from bootkits and rootkits among other low-level malware. On Windows 10 IoT Core, TPM must be present for a successful, secure boot installation.
BitLocker facilitates the automatic encryption of the system and user files on the OS drive. It also requires TPM to be installed. IoT Core works with a lightweight version of BitLocker.
A major IoT Core security problem is the device firmware update issue. Vendors fail to implement automatic functionality updates, so they are done manually, which involves several steps that are considered daunting. These include downloading firmware updates from the vendor’s site, connecting your devices’ interface for web management, uploading the latest firmware updates and restarting your device, among other steps like pressing different button combinations. To some, these procedures are not worth the struggle. Happily, however, all devices running under Windows 10 IoT Core do not require manual updates because updates occur automatically.
Understanding how new and emerging technologies work as a new operating system is not only exciting but ensures that all security gaps are sealed. Implementing Windows 10 IoT Core security features like those listed above guarantees maximum system functionality.