Yann Loisel and Stephane di Vito, Maxim Integrated
embedded.com (January 11, 2015)
Security of electronic devices is a must in today’s interconnected world of the Internet of Things (IoT). Electronic devices range from smart connected refrigerators to uranium centrifuge control systems. When the security of a device is compromised we can no longer rely on the device for secure data exchange, processing, or storage. If electronic transactions, critical systems such as nuclear plants, or implantable medical devices are hacked, then the global trust would be impacted dramatically.
This is the first article in a two-part series on security for the Internet of Things (IoT). In Part 1 we describe how to identify and then assess the security risks for a connected electronic device. We explain how the best, proven security is designed into electronic devices. Our focus is on countermeasures, specifically public key-based algorithms.
In Part 2 we focus on the importance of a secure boot and the “root of trust", which are the cornerstones of an electronic device’s trustworthiness. We will demonstrate how device security can be implemented conveniently and how devices can be updated in the field. DeepCover secure microcontrollers will serve as example trust-enabling components to secure the IoT.
The connected world reaches out
Our lives are increasingly surrounded by interconnected electronic devices in what is now called the IoT or even the Internet of Everything. The IoT and all secure portable devices as well as industrial and medical equipment have software running within the hardware. They ease our days, answer our needs, control electrical functions in our households, protect our lives in medical equipment, and provide us utility services (water, gas, electricity) through smart grids or by controlling power plants.
Secure personal devices and the IoT have altered personal behavior for many of us. The technology extends our arms, our wills, and our minds beyond our bodies to help us communicate and consume. Manufacturers and many industries are embracing the IoT for business efficiencies and data tracking (i.e., Industry 4.0). Energy and water utilities are realizing the efficiencies and intelligence that they will gather with data management and data mining from remote access to smart meters [1] on an IoT network. Banks and payment processors now enable fast transactions with smart cards, at any time and any place, using free (or almost free), colorful, touch terminals. Home health with the IoT—ECG monitoring, glucose dispensers, or insulin pumps—is improving lives and saving time and money for both patients and medical facilities. Projections estimate that there will be 88M mobile POS connections in 2018 [2]. Clearly, the connected electronic devices have definite value, but they have definite vulnerabilities too.
Click here to read more ...