The rise of Internet of Things malware illustrates the real-world risks associated with deploying unsecured IoT devices. Indeed, nearly every device is a potential target for cyber criminals with malicious intent. As such, it is important to understand that reducing the IoT attack surface starts with adequately protecting both services and endpoints. To be sure, an attacker cannot compromise an endpoint without first establishing an unauthorized communication channel.
An IoT security solution should therefore only allow legitimate, verified cloud services to ‘talk’ with each device by thwarting unauthorized communication attempts and quarantining infected endpoints. In addition, IoT devices should be uniquely and cryptographically verified to determine if they are authorized to connect, thereby reducing the attack surface of the service by preventing remote attacker access directly or via malicious or compromised endpoints. Perhaps most importantly, IoT security solutions should be ready out of the box: simple, affordable and easy to use. One effective method of simplifying security and reducing costs is to deploy IoT devices with tamper-proof pre-provisioned keys and identifiers. This model allows service providers to bolster security for a wide range of connected ’things.’
This is precisely why Rambus’ CryptoManager IoT Device Management is a turnkey device-to-cloud solution that provides seamless end-to-end secure connectivity throughout all stages of the device life-cycle. Specific features include device identification and mutual authentication, disaster recovery and key management, device verification, and decommissioning and re-assignment of keys to better manage devices and mitigate various attacks.
The CryptoManager IoT Device Management solution comprises multiple software modules that are pre-integrated with the device and the selected cloud Platform as a Service (PaaS) via their relevant SDKs. When a device is powered up and connected to the internet, it automatically connects to the IoT Device Management service, seamlessly authenticates and provisions relevant security credentials.
It should be noted that the security layer is transparent to the service provider and does not require any changes to the service. Moreover, since CryptoManager IoT Device Management Client SDK is pre-integrated with the chipset provider’s SDK and a service provider’s selected cloud PaaS, OEMs are not required to develop additional software. Similarly, service providers are freed from spending resources and time on cloud integration.
The Rambus CryptoManager IoT Device Management client can be pre-integrated in three primary device architectures for IoT devices: a CryptoManager Security Engine with pre-provisioned keys, a third-party secure hardware and a ‘no security’ hardware scenario. For the first option, IoT Device Management utilizes Rambus CryptoManager hardware and pre-provisioned keys, which are already integrated in billions of chipsets. Rambus CryptoManager IoT Device Management is available to customers on a Software-as-a-Service (SaaS) subscription basis.
For more information about our IoT Device Management Services, please visit rambus.com/trustedservices and download our eBook below.