This page contains a Flash digital edition of a book.
FEATURE IOT SUPPLEMENT The Internet of SECURE Things


architectures, right down from the secure nodes, avoiding the use of random microcontrollers which can't protect themselves. We must work to embed a deep root of trust that can be relied upon out to the top levels of the Cloud. In truth all of these requirements are


simply implementations or extensions of the best practices identified in the 20 Critical Security Controls by the Council on Cybersecurity, the global NGO tasked with leadership in the IT domain. However as we all know there is a massive gap between best practice and real implementation. We have to assume in the future that


devices will become compromised. They will fail to deny attacks. Although we do need to deny the attacks as strongly as possible, we also need to plan for failure. And we need to make sure we have methods for reset and remediation of those failures when attacks succeed, enabling us to regain control and then build our defences higher. These will be technology requirements for the next generation of silicon, for the next generation of devices. So we have to be able to reset the IoT


Haydn Povey and Jon Howes from Beechams Research explore the need for robust IoT security that transcends prolonged attacks


I


n discussions of the future of the Internet of Things there has been a lot


of justifiably intense attention paid recently to security vulnerabilities and the potential loss of control of personal privacy. However, the options for action are often limited to a reaction of panic or to finding ways to bolt extra security capabilities onto existing IoT architectures. The latter can seem to offer a way to a more secure future, but looking more closely at the threats and the realities of the IoT leads us towards very different conclusions where systems must be made robust in the face of prolonged attacks. The challenge we face is that we have


to change the way we think about security as an industry. Far too often security is something which product developers try to bolt on later on, and you can do it in some ways with things like Secure Elements and SIMs. As the IoT increases in sophistication


the threats are not limited to targeting a single type of connectivity. The new IoT capabilities relate to many connectivity types, and the interactions and the mix of those connectivity types in many networks.


S14 DECEMBER/JANUARY 2015 | ELECTRONICS The IoT has the ability to impact every


level of needs throughout our lives - and to do that extremely rapidly. It's far more costly, disruptive, and it can be practically immediate. Any disruption by a successful attack could leave us close to anarchy.


SECURING OUR IOT FUTURE So the industry really requires some


form of holistic approach. We need to extend beyond the essential encryptions of data at rest and in flight that people are realising are necessary. We need to make sure we have interoperability of identity, of authentication, and of authorisation. But we also need to really go deep. We


need to have a deep root of trust, and secure foundations built around that. The long term life-cycle of IoT systems


is also key. These things are going to go into place and stay there for 10s of years. As well as remote monitoring for anti-


malware, we need to presume that all systems will suffer successful exploits as a result of prolonged and sophisticated attacks.


IoT security needs to be about low cost


Figure 1: To create a secure IoT infrastructure, change is needed before IoT systems are


implemented out in the field without the right levels of security


devices, we have to regain control, and we have to remediate. That has real cost issues down at the silicon level. It means that you have to have very strong identification alongside very strong cryptography. You then have to take an encrypted update package, you have to decrypt it on-the-fly. So you have to have enough memory to do that. You have to have all of the necessary cryptography capability. And then you have to have a multi stage boot with a very strong root of trust to instantiate that. All of these things have a real cost


impact on devices. But it is incredibly valuable from an IoT security perspective to have that, and allows a new set of services to be put in place. We have to deal with these security


issues in the Internet of Things and we have to deal with them now, before it's too late. Change is needed before many of these IoT systems are implemented and out in the field without the right levels of security.and reliability.


Beechams Research www.beechamresearch.com 0845 533 1758


Enter 213 / ELECTRONICS


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56