Inside-Out Security for the IoT
Matt Osminer, Director of Engineering, Cardinal Peak
Many Internet-of-Things (IoT) devices are real-world objects like appliances and thermostats, and therefore network security should be a paramount concern for vendors of IoT systems. Nothing erodes trust faster than real-world and personal consequences: Imagine the headlines if your refrigerator stopped working because of a software bug! There are various layers of security to consider for an IoT product, from base-level traffic encryption to user and device-level authentication. In this post I will focus on network level security. A typical IoT device resides on a private network, behind a firewall. This architecture presents both benefits and challenges. On one hand, it reduces the device’s security surface to the firewall and Wi-Fi network itself and, right or wrong, defers some security responsibility to the network owner. Delegation of security helps keep memory and CPU costs down on the IoT device. On the other hand, the firewall frustrates cloud server attempts to directly connect to IoT devices for purposes of controlling them with a mobile application. For further reading: Read a system design article by Ron Wilson on IoT security. See Altera's FPGA's for small systems. Read about adding local intelligence to home applicances. Some techniques exist that can help bypass a firewall and allow inbound connections from the cloud to the IoT device. However, many of these techniques exploit loopholes that may or may not be allowed on all networks, and in addition this architecture makes it harder to design a truly secure IoT device. By far the easiest, most secure , and most reliable method of bypassing a firewall is for the IoT device to follow the “outbound connections only” rule: All connections should originate from the device to the cloud, and then the device should keep that connection open. This approach is easier and more secure because it doesn’t rely on opening ports in the firewall, or rely on techniques that trick the firewall into routing traffic such as Session Traversal Utilities for NAT (STUN) methods.
E-mail This Article | Printer-Friendly Page |
Related Articles
- A comprehensive approach to enhancing IoT Security with Artificial Intelligence
- IoT Security: Exploring Risks and Countermeasures Across Industries
- How to achieve better IoT security in Wi-Fi modules
- How PUF-based RoT Can Solve IoT Security Issues
- Basics of SRAM PUF and how to deploy it for IoT security
New Articles
- Quantum Readiness Considerations for Suppliers and Manufacturers
- A Rad Hard ASIC Design Approach: Triple Modular Redundancy (TMR)
- Early Interactive Short Isolation for Faster SoC Verification
- The Ideal Crypto Coprocessor with Root of Trust to Support Customer Complete Full Chip Evaluation: PUFcc gained SESIP and PSA Certified™ Level 3 RoT Component Certification
- Advanced Packaging and Chiplets Can Be for Everyone
Most Popular
- System Verilog Assertions Simplified
- System Verilog Macro: A Powerful Feature for Design Verification Projects
- UPF Constraint coding for SoC - A Case Study
- Dynamic Memory Allocation and Fragmentation in C and C++
- Enhancing VLSI Design Efficiency: Tackling Congestion and Shorts with Practical Approaches and PnR Tool (ICC2)