Connected homes offer Internet Service Providers (ISPs) a golden opportunity to expand their reach beyond the existing Triple- and Quad-Play offerings (Internet, TV, fixed telephony, and mobile). As the number of Wi-Fi enabled devices in each household rises, operators are aiming to drive higher revenues with a range of new advanced services from Wi-Fi optimization, Quality of Experience (QoE) monitoring, network analytics to intrusion detection systems, parental controls, home and video security, and IoT device management.
The ISP-provided WiFi modem (CPE) has stopped being the humble little box that enables broadband access for the subscriber. The CPE is now at the center of the connected home strategy. To this end, many ISPs are now looking to build more intelligence into their broadband CPE to enable advanced services, offered under their trusted brand.
But how can ISPs make future-proof procurement choices for a new generation of CPE that needs to earn its keep for a decade or more? Security will make or break customer confidence in the ISP brand, so it’s no surprise that we believe it should be the first consideration.
Setting a secure foundation for a new generation of CPE
Operators can’t afford to ignore the growing threat to their CPE. Attacking the CPE offers a great return on investment to hackers. First, CPE are directly exposed to the public Internet and are easy to reach, and any attack can scale up quickly (e.g. ~1M devices in a few days). Second, managed CPE are intrinsically trusted by the ISP’s core infrastructure, and they sit silently at the crossroads of all network traffic generated by subscribers and small and medium-sized businesses.
After a breach, attackers have the luxury problem of choosing their prize. For example, (a) run and rent a large DDoS botnet, (b) lure users to malware-laden websites, (c) access sensitive information captured within a home or business to later subject to digital ransom or (d) use the ISP router as a privileged stepping-stone into the ISP backend infrastructure, where even more personal data can be found. And while the prize for the attackers is very rewarding, the breach leaves the ISP to foot the bill – a costly remediation response while its brand makes it to the headlines for all the wrong reason.
Given the strong incentives seen by cybercriminals, ISPs can only expect to see attacks to routers increase in volume, scale, and sophistication.
Thankfully, ISPs can now rely on new types of security mechanisms built deep in their CPE, inside the System on Chip (SoC) at the core of the router, and out of reach for malware. Unlike previous generations of SoCs often based on old CPU architectures, modern router SoCs include advanced hardware security mechanisms such as Secure Boot and Trusted Execution Environment (TEE). In fact, they are already protecting something as close to you as your smartphone, where they have been standard security features for years, enabling you to safely use, for example, your banking app.
Such hardware security mechanisms constitute a strong security foundation that the entire CPE stack (with all its advanced and revenue-generating services) can be built and relied upon, now and in the years to come. Adversaries, including malware, will have a much harder time in making themselves persistent, in remaining invisible, or in managing to steal system credentials.
Making the most of your hardware security
When correctly configured and utilized, the hardware security features will increase operator and household resilience, ensure CPE recoverability in the event of a persistent malware infection, and make the router more adaptable to changing business needs. However, if they’re not correctly configured and utilized (which is often the case), the ISP is wasting its CPE investment and exposing both itself and its customers to risk.
The question then is… how can an ISP be sure these features are used properly? This is a topic I’ll address in my next blog posts over the coming weeks. I will discuss (1) how the ISP can ensure their CPE always run the intended software, and any malicious modification is detected and efficiently remediated, (2) the importance of having a trusted and unclonable identity into each CPE, to safeguard integrity of their own network and services, (3) how the ISP can ensure that its CPE suppliers all build the right security foundation into the CPE.
You can get a preview of my thoughts and recommendations to ISPs by downloading our new e-book: “Broadband CPE: An ISP’s biggest asset or its weakest link?”.
Ettore Benedetti | Product Manager, Keys & Credentials for Routers