Last week, Rambus Sr. Director of Security Products Asaf Ashkenazi gave a presentation about enabling cost effective connected device security at IoT World 2017 in Santa Clara. According to Ashkenazi, there are a number of reasons why IoT device OEMs currently skimp on security.
“These include low profit margins, limited CPU and memory resources combined with strict power constraints, a fragmented IoT market and a complicated supply chain with multiple hardware and software components providers,” he told conference attendees.
“Nevertheless, there is still much we can do to improve IoT security, such as leveraging security hardware provided by the chipset vendor, as well utilizing, when available, on-chip pre-provisioning of unique keys and ID.”
OEMs, says Ashkenazi, should also prioritize based on a thorough security analysis.
“There is no point in trying to fix absolutely everything, so OEMs should focus on the most important issues and find the most appropriate levels of security based on plausible risks and attack vectors,” he explained. “A complete and scalable security solution can help here, as it allows both OEMs and services to minimize in-field device setup and customization.”
As Ashkenazi notes, Rambus recently launched its CryptoManager IoT Device Management, a turnkey device-to-cloud solution that provides seamless end-to-end secure connectivity throughout all stages of the device life-cycle.
Specific features include device identification and mutual authentication, disaster recovery and key management, device verification and decommissioning and re-assignment of keys to better manage devices and mitigate various attacks, such as Distributed Denial of Service (DDoS).
“The CryptoManager IoT Device Management solution comprises multiple software modules that are pre-integrated with the device and the selected cloud Platform as a Service (PaaS) via their relevant SDKs,” he stated. “When a device is powered up and connected to the internet, it automatically connects to the IoT Device Management service, seamlessly authenticates and provisions relevant security credentials.”
Ashkenazi also emphasized that the CryptoManager IoT Device Management security layer is transparent to the service provider and does not require any changes to the service. Moreover, since CryptoManager IoT Device Management Client SDK is pre-integrated with the chipset provider’s SDK and a service provider’s selected cloud PaaS, OEMs are not required to develop additional software. Similarly, service providers are freed from spending resources and time on cloud integration.
“In select chipset products, IoT Device Management utilizes Rambus CryptoManager hardware IP and pre-provisioned keys, which are already integrated in billions of chipsets, helping to improve time to market,” he added.
As we’ve previously discussed, the Rambus CryptoManager IoT Device Management client can be pre-integrated in three primary device architectures for IoT devices: a CryptoManager Security Engine with pre-provisioned keys, a third-party secure hardware and a ‘no security’ hardware scenario. For the first option, IoT Device Management utilizes Rambus CryptoManager hardware and pre-provisioned keys, which are already integrated in billions of chipsets. Rambus CryptoManager IoT Device Management is available to customers on a Software-as-a-Service (SaaS) subscription basis.
For more information about our IoT Device Management Services, please visit rambus.com/trustedservices.