Getting serious about IoT security

Why tomorrow’s IoT devices must be secure-by-design

Getting serious about IoT security

Why tomorrow’s IoT devices must be secure-by-design

Connected devices – how Criotive’s software solution ‘plugs the hole’.


Historically, device manufacturers have not prioritized security until after a breach or a device outage. Still today, devices are often sold with just a single certificate (the means by which they can be authenticated) and that certificate might be valid for up to 20 years – giving hackers plenty of time to figure out a way in! Worse still, some devices are sold with certificates that have already expired.


But all this is starting to change, as hardware manufacturers, operators and device users all gain an understanding of the potential impact of security breaches. Device manufacturers in particular are being forced to look more closely at this problem, since they have the potential to factor in security early on in device design and production.

It’s therefore likely that tomorrow’s devices will be made ‘secure by design’ - including secure production, the secure provisioning of root keys and certificates during manufacturing, secure mastering, and a foundation for secure updates. This is where Criotive IoT provisioning comes in.

In a recent interview with Mia Rolf at Ideon Science park, Sony’s Markus Knigin describes how Criotive’s IoT provisioning solution – originally used for access management purposes – is now being proposed as a solution for device security.

Unlike the IoT-SAFE standard which is being developed by operators for use in devices (such as mobile phones) that have a SIM card, the Criotive solution works directly with the device’s Secure Element – a kind of secure vault built embedded in the hardware. This means it can be used even in the absence of a SIM card, which is great news for all the industries that depend on IoT devices to control and monitor manufacturing processes, for example.

 

The role of authenticity, confidentiality and integrity


Markus explains how Criotive’s solution covers the three bases of authenticity, confidentiality and integrity to ensure that devices are always correctly identified, that the communication channel is secured and that the device itself (with secret information embedded) is tamper proof.

Working with B2B partners such as manufacturers of IoT devices or IoT management platforms and with service providers in this area, the Criotive team expects to see its solution implemented on a broad scale in the coming months and years – as more and more devices become part of the Internet of Things, and security risks grow apace.

 

 


Learn more about how Criotive’s IoT provisioning solution could work for your business

*source: article in September 15th edition of Information week, IT network