We know that consumer trust takes time to build. This is all the more reason why we can’t afford to leave internet of things (IoT) devices vulnerable to attack.
“We have seen so many different news (items) recently…we see devices like cars (and things) in the home and in industrial getting hacked,” said Majid Bemanian, director of segment marketing at Imagination Technologies and a board member of the IoT Security Foundation (IoTSF). “The challenge that exists is, trust takes time to build. We can’t afford to have IoT devices out there being compromised and lose the trust of the consumer.”
This spring, technologists gathered for the first Bay Area meeting of IoTSF at Imagination Technologies offices in Santa Clara. The non-profit, vendor-neutral IoTSF was launched in London in September 2015 to promote knowledge and best practices in appropriate security for those who specify, make, and use IoT products and systems. Its 90-plus members come from industry and academia.
Why Technology Alone Won’t Solve the Security Problem
The IoTSF has formed several working groups to address topics including connected consumer/home, patching constrained devices, vulnerability disclosure, the IoT security landscape, and trustmark/regulatory issues. Pamela Gupta, president of OutSecure Inc. and chair of the IoTSF’s self-certification working group, told the Bay Area gathering: “We are not going to solve this problem by technology alone. We need a holistic approach to security.”
To define a holistic security approach, the self-certification working group has developed a trust framework for self-regulation that focuses on the device in the scope of the ecosystem and the different touchpoints. Learn more about the framework and the IoTSF by reading my article, “Want consumer trust? Secure your IoT design” in Embedded Computing Design.
Simplify Security with Embedded Security ICs
Even though technology alone isn’t enough to solve the security problem, it’s still an essential component in protecting designs from security breaches. Between software- and hardware-based security methodologies, hardware-based approaches have proven to be the most robust. Establishing a “root of trust” using a secure microcontroller that executes software from an internal, immutable memory can guard against attempts to breach an electronic device’s hardware. Since the executed software is stored in the microcontroller’s ROM, it’s considered to be inherently trusted because it can’t be modified. That’s why it’s called the root of trust.
Security managers, secure microcontrollers, and secure authenticators are examples of embedded security ICs that can help simplify the process of protecting entire systems. For example, Maxim’s DeepCover portfolio of embedded security solutions provides advanced physical security to safeguard critical data and keys. Maxim also offers reference designs that ease the design process. For example, the MAXREFDES155# IoT embedded security reference design can be used to authenticate and control a sensing node using elliptic curve-based public key cryptography with control and notification from a web server. The MAXREFDES155# reference design features an ARM mbed shield and attached sensor endpoint; the shield contains a DS2476 DeepCover ECDSA/SHA-2 co-processor. The sensor endpoint contains a DS28C36 DeepCover ECDSA/SHA-2 authenticator. Because the design is so simple, it can be quickly integrated into any star-topology IoT network.
Tapping into a holistic design methodology and integrating embedded security ICs into your IoT design can give your customers the confidence that their data is protected.