Global Sources
EE Times-Asia
Stay in touch with EE Times Asia
EE Times-Asia > RF/Microwave

Industry experts exchange thoughts on IoT security

Posted: 16 Nov 2015 ?? ?Print Version ?Bookmark and Share

Keywords:ARM? IoT? Wi-Fi? Bluetooth? Thread?

At the recent panel discussion at ARM TechCon, industry experts discussed the challenges of securing millions of devices. The timing couldn't be any better since the market of Internet of Things (IoT) devices just keeps on expanding.

Kevin Krewell, principal analyst at Tirias Research, said he was stunned by the number of connected device startups at this year's Consumer Electronics Show in Las Vegas. Many companies had good ideas, but had put no thought into securing their devices from attacks.

"There is no pure security. There are levels of insecurity but no guarantee of 100 per cent security," said Krewell, who moderated the panel.

The semiconductor industry didn't have a good understanding of different embedded segments until recently because communication buses were proprietary and there wasn't much of an attack surface, said Zach Shelby, VP of marketing for ARM's IoT group.

"Now we've just exposed hundreds of millions or billions of devices to the Internet," he said. "I believe we need to do a little bit of a reset in what our expectations are...with those devices."

More connected devices create more targets with more information for attackers, said Paul Kocher, chief scientist of cryptography research at Rambus. Vulnerabilities are being created far faster than they're being fixed.

ARM TechCon

(From left) Moderator Kevin Krewell, Rambus' Paul Kocher, Freescale's Eduardo Montanez, and Zach Shelby from ARM

Moderator: There's more of an attack surface, there's the complexity of the interconnect, there are so many verticals. Does each have enough security?

Shelby: There are multiple levels of security problems in communications. A lot of people think of security as what do we do about authentication and encryption over the air for things like Wi-Fi, Bluetooth and Thread. While that sounds important, I think it's a much smaller problem.

The issue is when we build really, really large systems connected to the cloud using protocols.

Eduardo Montanez, global systems and architecture manager for Freescale microcontrollers: It's not just about addressing security challenges, but not making [security] over-complex.

Moderator: Who's going to pay for more secure devices, protocols and cloud? The consumer certainly won't.

Montanez: I really do think that the developer needs to contribute, either form having someone steal their IP or for implementing security that their product needs. I think it's almost a no-brainer. They have to ensure their investment, which is their end product.

Kocher: People will say they want security but won't actually pay for it when it comes time. A lot of what we've had to wait for was for Moore's Law to make transistors cheap enough to build security in. The other way to look at the cost question is: what are your losses if you screw up?

Shelby: Whether you pay for it now or pay for it later, it's good. But in the hardware's gotta be in there. For example, ARM is bringing TrustZone into all MCUs; MCUs have been kind of a forgotten space but at the same time it's been a huge volume.

Montanez: We've had that in our devices for some time.

Shelby: We can't randomly add things in; it has to be part of the computing architecture. In embedded industry we've shot ourselves in the foot, we've nickled and dimed our vendors to death [for security add-ons].

1???2?Next Page?Last Page

Article Comments - Industry experts exchange thoughts o...
*? You can enter [0] more charecters.
*Verify code:


Visit Asia Webinars to learn about the latest in technology and get practical design tips.

Back to Top