Securing chips for the IoT
This entry was posted on Tuesday, January 10th, 2017.
Jeff Dorsch of Semiconductor Engineering notes that chips and modules going into Internet of Things (IoT) node devices “must have” cybersecurity features designed and built into them.
“Multiple vendors are responding with products meant to keep the IoT devices protected from the cyberattacks that are becoming more common,” he explained. “While IoT privacy remains a key concern for consumers and homeowners, IoT security has taken on top-of-mind priority for the many companies entering and serving the market.”
As Dorsch points out, hardware vendors have been focused on this issue for some time, often with mixed results.
“[This is] because threat levels—and perceived threat levels—vary greatly from one market to the next, and from one product to the next,” he added.
As Asaf Ashkenazi, senior director of product management in Rambus’ Security Division notes, building hardware that incorporates hardened security features would see devices protected throughout their lifecycle from chip manufacture, to day-to-day deployment, to decommissioning.
“This can be accomplished with a silicon-based hardware root-of-trust that offers a range of robust security options for IoT devices, including secure connectivity between the IoT device and its cloud service,” he told Semiconductor Engineering.
As Ashkenazi tells Rambus Press, the DHS also recommends that device manufacturers promote security updates and vulnerability management. To be sure, even when security is included at the very beginning of the design process, vulnerabilities may be discovered in products after they have been deployed. These flaws can be mitigated through patching, security updates and vulnerability management strategies.
“From our perspective, life-cycle management, which includes over-the-air (OTA) updates and vulnerability management, is essential to maintaining the continued security of IoT devices,” he stated. “Life-cycle management should be implemented utilizing a secure hardware root- of-trust to ensure secure updates of firmware and cryptographic keys.”
In addition, says Ashkenazi, a hardware root- of-trust with a unique cryptographic identifier allows each IoT device to be uniquely and cryptographically verified to determine if it is authorized to connect to a specific cloud service.
“Spoofed or unauthorized devices are easily identified by the service and denied access. This secure connectivity paradigm also helps mitigate the effectiveness (and damage) of DDoS attacks against the IoT service itself, while ensuring the integrity and protection of collected data,” he added. “Preventing malicious actors from manipulating the flow of information to and from network-connected devices is the cornerstone of establishing a secure IoT network.”