Global Sources
EE Times-Asia
Stay in touch with EE Times Asia
EE Times-Asia > Embedded

How to secure the Internet of Things (Part 1)

Posted: 23 Jan 2015 ?? ?Print Version ?Bookmark and Share

Keywords:Internet of Things? IoT? cyclic redundancy check? CRC? public key cryptography?

In today's interconnected world of the Internet of Things (IoT), security is of prime importance. Electronic devices range from smart connected refrigerators to uranium centrifuge control systems. When the security of a device is compromised we can no longer rely on the device for secure data exchange, processing, or storage. If electronic transactions, critical systems such as nuclear plants, or implantable medical devices are hacked, then the global trust would be impacted dramatically.

This is the first article in a two-part series on security for the Internet of Things (IoT). In Part 1 we describe how to identify and then assess the security risks for a connected electronic device. We explain how the best, proven security is designed into electronic devices. Our focus is on countermeasures, specifically public key-based algorithms.

In Part 2 we focus on the importance of a secure boot and the "root of trust", which are the cornerstones of an electronic device's trustworthiness. We will demonstrate how device security can be implemented conveniently and how devices can be updated in the field. DeepCover secure microcontrollers will serve as example trust-enabling components to secure the IoT.

The connected world reaches out
Our lives are increasingly surrounded by interconnected electronic devices in what is now called the IoT or even the Internet of Everything. The IoT and all secure portable devices as well as industrial and medical equipment have software running within the hardware. They ease our days, answer our needs, control electrical functions in our households, protect our lives in medical equipment, and provide us utility services (water, gas, electricity) through smart grids or by controlling power plants.

Secure personal devices and the IoT have altered personal behaviour for many of us. The technology extends our arms, our wills, and our minds beyond our bodies to help us communicate and consume. Manufacturers and many industries are embracing the IoT for business efficiencies and data tracking (i.e., Industry 4.0). Energy and water utilities are realising the efficiencies and intelligence that they will gather with data management and data mining from remote access to smart meters [1] on an IoT network. Banks and payment processors now enable fast transactions with smart cards, at any time and any place, using free (or almost free), colourful, touch terminals. Home health with the IoTECG monitoring, glucose dispensers, or insulin pumpsis improving lives and saving time and money for both patients and medical facilities. Projections estimate that there will be 88M mobile POS connections in 2018 [2]. Clearly, the connected electronic devices have definite value, but they have definite vulnerabilities too.

Recognise the security risks
It has become so easy, so comfortable surfing on the web from almost everywhere with our smartphones that we have forgotten about our old 56k modem. But today's connected devices and the instant accessibility to a bright world also give us a misguided sense of confidence. We should remember a sad but simple truth: the investments, connections, and transactions over the Internet or IoT whet the appetite of hackers.

The security risks come from competitors, lone predators, and criminal organisations. Competitors are more inclined to duplicate/clone technologythe magical smartphones or the ink cartridgesoften saving them years of R&D efforts, The others will be more interested in stealing payment cards, PIN codes, keys in payment terminals, or in blackmailing individuals, perhaps by sabotaging an account or remotely shutting down a portable medical device. We can also imagine terrorist threats by remote hacking of energy smart meters for energy distribution at industrial plants or hospitals [3]. There is no need for more examples here. Suffice it to say that the security risks are all around us.

The risks to the stakeholders are numerous:
???Loss of reputation. "The battery that you (manufacturer 'x') claimed as genuine has exploded in my laptop."
???Loss of IP. "The terrific algorithm I've developed in my video decoder during the last five years has been copied and duplicated. And I did not patent it to avoid disclosure of my tricks!"
???Loss of money. "Tens of payment terminals are hacked in my retail chain store, so fake transactions are performed and/or cardholder sensitive data are stolen. Customers are going to blame me and I will need to identify the hackers."
???Loss of goods. "I just read about the hack of an energy meter published on the web and already thousands of dishonest subscribers are implementing it to pay a lower bill."
???Loss of health. "My insulin pump does not dispense any more, or it dispenses too much. Who ordered a change in delivery times?"
???Loss of control of vital infrastructures. "Who turned the lights off in the whole city?

1???2???3???4???5?Next Page?Last Page

Article Comments - How to secure the Internet of Things...
*? You can enter [0] more charecters.
*Verify code:


Visit Asia Webinars to learn about the latest in technology and get practical design tips.

Back to Top