A side-channel attack (SCA) is a security exploit that attempts to extract secrets from a chip or a system. This presentation will give an overview of some of the most common types of SCA and highlight the countermeasures that designers can implement to diminish risk in low-power IoT designs.
Search Results for: IoT
Security Solutions for a World of IoT Devices
With the ‘Internet of Things’ (IoT) getting more and more pervasive, an increasing number of connected things around us collect, handle and control sensitive data. The hacking of IoT devices can affect privacy, cause a loss of physical and information security, and impact availability of services. Connected devices significantly increase the attack surface of systems and networks as they potentially provide hackers a local springboard into those systems. Mass-deployed connected devices have been used to mount distributed Denial of Service attacks. IoT devices face a hard security challenge as they face high attack exposure while having limited resources to protect themselves. This session will cover the tools and solutions provided by Rambus to help protect and harden resource constrained devices from network-based attacks.
Preventing a $500 Attack Destroying Your IoT Device
Internet of Things (IoT) smart devices numbering in the billions and connected via the internet are increasingly vital to society and the global economy. However, the very “connectedness” that makes IoT devices so valuable can be turned to an enormous liability if these devices are left unprotected from security-related threats. This paper explores the threat environment faced by, and the concepts and methods for securing, IoT devices.
Kyocera Selects Rambus for IoT Security
Cyberhackers want to maximize their probability of success by attacking the weakest point of defense. With data centers being virtual fortresses both in the physical and digital domains, adversaries have turned their focus to the edge and end points for exploitation. Imagine the data trove that can be mined from a networked office printer: financials, competitive data, business operations, personnel files…it’s all there for the taking if left unsecured.
That’s why Kyocera selected the FIPS 140-2 CMVP-certified Rambus RT-130 Root of Trust, and AES-IP-38 AES Accelerator to secure their multi-function products. Kyocera is passionate about protecting their customers’ business data. They even published an ebook to explain how companies can secure these vital digital assets. FIPS certification is the gold standard for security solutions signaling that Kyocera solutions provide customers with the highest level of data protection.
What about for other kinds of IoT devices? Well, there’s good news. Rambus has a full family of FIPS-certified, powerful but lightweight, Root of Trust solutions. These support secure boot, manage secure firmware upgrades, administer keys and provide cryptographic services with models appropriate for nearly every kind of IoT device. Our broad line of crypto accelerators and protocol engines encrypt and protect data moving over the network. So whatever IoT devices your chip design addresses, Rambus can help provide the highest level of security for your product.
Consumer Privacy and Safety at Risk from Unprotected IoT Devices
Rambus’ Paul Karazuba recently penned an article for Semiconductor Engineering that takes a closer look at how consumer privacy and safety continue to be at risk from unprotected IoT devices. As Karazuba notes, security cameras represent approximately 47 percent of vulnerable devices installed on home networks. Basic attack techniques that target these devices, says Karazuba, include a simple process known as credential stuffing, with attackers accessing accounts using stolen credentials and large-scale automated login requests.
“Camera users who don’t enable the optional two-step authentication, skip setting a unique password, or recycle credentials across multiple online services and are at a greater risk of being hacked,” he explains.
Beyond security cameras, emphasizes Karazuba, a wide range of vulnerable consumer IoT devices are frequently targeted by hackers who actively search for devices with default or weak login credentials such as ‘admin’ usernames and ‘1234’ passwords. These include network-attached storage devices, printers, smart TVs, and IP phones.
Fortunately, says Karazuba, states like California and Oregon are proactively formulating legislation that could help prevent basic attacks against unprotected and vulnerable IoT devices. Indeed, California cybersecurity law SB-327, which went into effect on January 01, 2020, requires manufacturers to equip IoT devices with reasonable security features to prevent unauthorized access, modifications, and data leaks.
Specifically, SB-327 requires manufacturers to implement a unique preprogrammed (default) password for each device. Additionally, manufacturers must ensure that users create a new password the first time a device is activated. Together, explains Karazuba, these steps are expected to help protect California consumers, as hackers are known to routinely target vulnerable devices shipped with generic or default login credentials.
Another example of proactive legislation is Oregon House Bill 2395 which requires manufacturers to equip IoT devices with “reasonable security features.” These include shipping devices with unique preprogrammed passwords, requiring users to create new passwords when a device is first activated, and ensuring manufacturers comply with federal law and regulations that apply to security measures for connected devices.
As Karazuba points out, additional governments around the world are beginning to recognize the real-world risks posed by unprotected IoT devices.
“For example, the United Kingdom (UK) recently announced its intention to introduce new laws requiring security to be built into IoT devices,” he writes. “This would add to the UK government’s 2018 publication of the world’s first IoT code of practice, which outlines guidelines for manufacturers such as prohibiting default passwords and mandating secure credential storage as well as ensuring software integrity.”
According to Karazuba, passing proactive security legislation to prevent basic attacks against unprotected and vulnerable IoT devices is a good first step to protecting consumer privacy and safety. However, there is clearly much more that needs to be done before connected devices are secured against more sophisticated attacks.
“A siloed security co-processor, designed to execute security-centric processes completely independently of the main CPU, can better help protect consumers by preventing unauthorized access and monitoring suspicious system activity,” he elaborates.
Specifically, says Karazuba, a security co-processor can enable secure boot and runtime integrity checking, as well as provide remote authentication and attestation and hardware acceleration for symmetric and asymmetric cryptographic algorithms.
“Put simply, a siloed security co-processor can help thwart determined adversaries and more sophisticated hacking techniques such as side-channel attacks,” he concludes.
AIと5Gにより高まるIoT機器の脅威 (5G and AI Raise Security Risks for IoT Devices)
5G represents a revolution in mobile technology with performance that will rival that of wireline networks. 5G’s Ultra-reliable Low Latency Communication (uRLLC) links will enable a profusion of artificial intelligence (AI)-powered IoT devices from delivery drones to smart cities. The rapid rise in the number of smart IoT devices, coupled with expanded connectivity, will greatly escalate the growth of data and network traffic.
