English
Inside-Out Security for the IoT
Matt Osminer, Director of Engineering, Cardinal Peak
Many Internet-of-Things (IoT) devices are real-world objects like appliances and thermostats, and therefore network security should be a paramount concern for vendors of IoT systems. Nothing erodes trust faster than real-world and personal consequences: Imagine the headlines if your refrigerator stopped working because of a software bug! There are various layers of security to consider for an IoT product, from base-level traffic encryption to user and device-level authentication. In this post I will focus on network level security. A typical IoT device resides on a private network, behind a firewall. This architecture presents both benefits and challenges. On one hand, it reduces the device’s security surface to the firewall and Wi-Fi network itself and, right or wrong, defers some security responsibility to the network owner. Delegation of security helps keep memory and CPU costs down on the IoT device. On the other hand, the firewall frustrates cloud server attempts to directly connect to IoT devices for purposes of controlling them with a mobile application. For further reading: Read a system design article by Ron Wilson on IoT security. See Altera's FPGA's for small systems. Read about adding local intelligence to home applicances. Some techniques exist that can help bypass a firewall and allow inbound connections from the cloud to the IoT device. However, many of these techniques exploit loopholes that may or may not be allowed on all networks, and in addition this architecture makes it harder to design a truly secure IoT device. By far the easiest, most secure , and most reliable method of bypassing a firewall is for the IoT device to follow the “outbound connections only” rule: All connections should originate from the device to the cloud, and then the device should keep that connection open. This approach is easier and more secure because it doesn’t rely on opening ports in the firewall, or rely on techniques that trick the firewall into routing traffic such as Session Traversal Utilities for NAT (STUN) methods.
|
E-mail This Article | 
|
|
Printer-Friendly Page |
Related Articles
- A comprehensive approach to enhancing IoT Security with Artificial Intelligence
- IoT Security: Exploring Risks and Countermeasures Across Industries
- How to achieve better IoT security in Wi-Fi modules
- How PUF-based RoT Can Solve IoT Security Issues
- Basics of SRAM PUF and how to deploy it for IoT security
New Articles
- Why RISC-V is a viable option for safety-critical applications
- Dimensioning in 3D space: Object Volumetric Measurement by Leveraging Depth Camera-based Reconstruction on NVIDIA Edge devices
- What is JESD204B? Quick summary of the standard
- Post-Quantum Cryptography - Securing Semiconductors in a Post-Quantum World
- Analysis and Summary on Clock Generator Circuits and PLL Design
Most Popular
- System Verilog Assertions Simplified
- Enhancing VLSI Design Efficiency: Tackling Congestion and Shorts with Practical Approaches and PnR Tool (ICC2)
- System Verilog Macro: A Powerful Feature for Design Verification Projects
- Method for Booting ARM Based Multi-Core SoCs
- An Outline of the Semiconductor Chip Design Flow