Global Sources
EE Times-Asia
Stay in touch with EE Times Asia
EE Times-Asia > Networks

A guide to securing the Internet of Things

Posted: 06 Apr 2015 ?? ?Print Version ?Bookmark and Share

Keywords:Internet of Things? IoT? Security IP? threat modeling? network?

If you believe the research numbers coming from IDC and Gartner, as well as the news coming out of this year's Consumer Electronics Show regarding the Internet of Things (IoT), you'd think they'd found life on Mars. But if the IoT is to live up to its lofty expectations, such as the ability of multiple device types from different manufacturers to safely communicate with each other, engineers need to step away from the Rover's controls and focus on how we can make these devices more secure.

Here are five steps engineers can take to help the IoT reach its full potential.

Stick to the standards
Following standards is often thought of as a way to guarantee interoperability. However, security greatly benefits from adherence to standard methods as well.

Security mechanisms that are specified in standards are often reviewed by numerous people, many of whom have a background in security engineering. Sticking to standard security methods, especially in the field of cryptography, dramatically decreases the chance for mishaps.

In an ideal world, everyone would rally around a single organization and have the consumer's best interests at heart. But more often than not, we end up with a number of competing standards. Sadly, as of this writing, it looks like IoT standards might be going down that path. This might be bad for interoperability, although from the security perspective products are protected. Following any specification that was authored and signed off by an organization that employs several security engineers greatly reduces the chance that your product will experience security errors.

Use high-level security building blocks
IoT security is a new domain with few standards and, more importantly, fewer industry best practices for building secure products. When IoT engineers design a new device, they are largely on their own when it comes to implementing security.

To overcome this, security providers need to build and release abstract security building blocks to IoT vendors. Security IP providers should be able to foresee what security functionality a vendor may need to implement and provide it as a complete functional block rather than a set of low-level primitives.

For example, instead of providing implementation of raw encryption functions, the security provider should be able to deliver vertical components that provide secure connectivity, secure storage, or secure firmware updates as functional blocks for the IoT vendor to license and plug in or use. The corollary advice to the IoT engineer is to integrate such higher-level implementations into products rather than license low-level primitives that require significant expertise to implement.

Define a comprehensive methodology
It's tempting to focus on functionality and work on security later. But an IoT vendor will gain the most benefit by following traditional security engineering methods that involve threat modeling and thorough enumeration of all applicable attack vectors before carrying out the actual programming of the device.

1???2?Next Page?Last Page

Article Comments - A guide to securing the Internet of ...
*? You can enter [0] more charecters.
*Verify code:


Visit Asia Webinars to learn about the latest in technology and get practical design tips.

Back to Top