search.noResults

search.searching

dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
THE IOT AND WIRELESS DEVICES FEATURE


PROTECTING IOT DEVICES FROM CYBERATTACKS


Alan Grau, VP of IoT/embedded solutions at SectigoSectigo discusses securing IoT devices


I


oT devices are now everywhere. Smart homes, connected cars, industry 4.0-


powered factories and connected medical devices that rely on IoT components are all becoming more automated and connected. In turn, use cases are also growing. IoT devices are used for an array of functions, from powering industrial systems to optimising manufacturing efficiency, or even monitoring of critical systems where failure can cause physical damage to property or worse, human life. Unfortunately, for many devices,


manufacturers have focused on simple connectivity and functionality, rather than ensuring that the devices were secure from hackers and cyber criminals. As a result, insecure IoT devices, from smart home cameras and routers, to medical devices with hard-coded passwords to industrial devices using insecure legacy protocols, are commonplace and easily hacked. However, security need not be an


overwhelming challenge for IoT device manufactures. By including a few basic security capabilities, OEMs can develop IoT devices with essential security protections.


SECURITY CONSIDERATIONS FOR IOT DEVICES Building security into IOT devices presents a unique challenge. IoT devices are special-purpose devices, and most are built using low-cost platforms running a small and highly specialised operating system. The large, sophisticated security solutions built for PCs simply won’t run on these devices. OEMs must use specialised security solutions developed specifically for IoT Platforms with limited resources. Even though these devices are


resource-constrained, essential security capabilities can still be included during manufacturing.


THE FOUR ESSENTIAL COMPONENTS OF A SECURE DEVICE Secure boot utilises cryptographic code signing techniques to ensure the device only executes code that was produced by


the device OEM or other trusted party. In a device with secure boot capability, the bootloader computes a cryptographically secure hash on the firmware image prior to loading the image. This hash value is then compared with a stored hash value to ensure the image is authentic. Cryptographic signing of the stored hash value prevents malicious third parties from spoofing the software load, ensuing that only software from the OEM is allowed to execute.


SECURE FIRMWARE UPDATE: Secure firmware updates ensure that device firmware can be updated, but only with firmware from the device OEM or another trusted party. Like secure boot, cryptographically secure hash validation is used to verify the firmware before it is stored on the device. In addition,


Figure 1:


In today’s smart cities and smart factories, any device that is connected to the Internet or even to another machine, needs to be protected against cyberattacks


Figure 2: Artificial Intelligence


important that OEMs ensure that all communications are secured. They should use Transport Layer Security (TLS) or Datagram Transport Layer Security (DTLS) when possible. For common wireless protocols, such as ZigBee or BLE, which have encryption built into the protocol, but that have known encryption vulnerabilities, encrypting at the application layer provides additional protections.


DATA PROTECTION Engineers should consider encrypting any sensitive data stored on the device using a Data at Rest (DAR) encryption solution. Many large data breaches have resulted from data recovered from stolen or discarded equipment. Security protocols provide protection for data while it is being transmitted across networks but do not protect the data while it is stored on the device.


Sectigo www.sectigo.com


Figure 3: The four essential components of a secure device


machine-to-machine authentication methods can be used by the IoT device to authenticate the upgrade server before downloading the new firmware image, thereby adding another layer of protection.


SECURE COMMUNICATION IoT devices, by definition, support remote communication with other devices. The communication mechanisms will vary by device but may include wireless protocols ranging from BLE and ZigBee and Thread to WiFi, cellular data, and Ethernet. Regardless of the transport mechanism and communication protocol, it is


/ ELECTRONICS ELECTRONICS | SEPTEMBER 2020 23


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46