search.noResults

search.searching

dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
FEATURE THE INTERNET OF THINGS


Overcoming the complexity of IoT device security with SESIP


Gil Bernabeu, technical director of GlobalPlatform,explains why a flexible and efficient security evaluation methodology is needed to address the complexities and challenges of the evolving IoT ecosystem


T


he volume and complexity of connected devices, combined with


varying regulations and certification frameworks, is creating challenges for IoT stakeholders to validate the security of their products. And this problem is only getting worse. As the IoT ecosystem evolves and


secure components are used to power more use cases - healthcare, smart homes, and connected cars - there will be a growing number of risks and regulations to answer to. Certification is critical to ensuring trustworthy solutions are deployed, however, evaluation must happen in a uniform way to ensure consistency. For device makers that are security experts, introducing more security schemes could make it challenging to identify the right requirements and evaluation approaches for their products. The good news is that today’s


connected products are designed on platforms developed by only a few providers. The issue to solve, is how to help device manufacturer use platform parts correctly and answer to the security needs of different market verticals. While there is an opportunity to achieve good results quickly, it requires a consistent


26 DECEMBER/JANUARY 2021 | ELECTRONICS


methodology and collaboration across the IoT ecosystem to implement it.


SESIP - A SIMPLE APPROACH FOR CERTIFYING IOT COMPONENTS The Security Evaluation Standard for IoT Platforms (SESIP) addresses the scale and complexity of security certification for the IoT. It offers an optimised approach to security evaluation designed specifically for IoT platforms and their parts. What’s more, it enables composite evaluation of IoT products, meaning components that have been certified for one particular use case can be reused to answer the requirements of another market. This optimises the process and reduces the cost and time of security evaluation. Additionally, by mapping to other security requirements like NIST, ISO 64443 and ETSI/CEN, SESIP defines assurance levels that are mutually recognisable


and can be reused across multiple market-specific schemes, therefore achieving scale.


I WANT TO USE SESIP TO CERTIFY MY IOT DEVICE… SESIP focuses on the main features and functionalities of IoT devices, making it easier to certify by combining certifications for constituent parts to achieve an overall device certification. The methodology has been created to answer many of the existing global, regional, and vertical requirements. Device makers can use the methodology to identify the certification level that best aligns with their use cases, and understand the security requirements of achieving a higher security certification. While SESIP is responding to the


needs of the evolving IoT ecosystem, it can only be used efficiently if it is understandable and accessible to all stakeholders. Device makers must be able to validate their solutions and meet required levels of assurance. Certification Bodies and large technology providers need support in establishing certification schemes and onboarding authorised labs. And end- users must be able to clearly understand what has been certified so that they can trust the products they are using.


INDUSTRY COLLABORATION Building on its work to secure the IoT, the technical standards organisation GlobalPlatform is working to provide device makers and Certification Bodies with the guidelines they need to adopt SESIP. The organisation offers documents, sample Protection Profiles and approaches on establishing schemes that support the methodology. The goal is to create a network of SESIP laboratories, SESIP Certification Bodies and device makers, and facilitate collaboration between them, to ensure the methodology is accessible, maintained and consistently applied. In summary, SESIP provides a


“While SESIP is responding to the


needs of the evolving IoT ecosystem, it can only be used efficiently if it is


understandable and accessible to all stakeholders.”


common and optimised approach for evaluating the security of connected products that meets the specific compliance, security, privacy and scalability challenges of the evolving IoT ecosystem. It provides an ideal foundation to deliver trust to the IoT sector and GlobalPlatform calls on industry bodies, Certification Schemes and security laboratories to engage with us to drive this work forward.


GlobalPlatform www.globalplatform.org


/ ELECTRONICS


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46