Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

What you need for IoT security (Part 3): IoT devices security

Manoj Kumar Rai, Head of M2M Solutions, South Asia & Japan, Gemalto | Aug. 15, 2016
Gemalto's Manoj Kumar talks about securing IoT devices from both the hardware and software aspects.

With the same security infrastructure, update sites should be authenticated and firmware/software updates should be digitally signed.  Both the site and the device should mutually authenticate each other so that the trust can be maintained.  Digitally signed software is effective for detecting tampering and rouge software.  However, depending on the application and the value of intelligent property that is part of the software higher security measures might be needed.  Higher security measures for software include, protection against reverse engineering, execution on a rouge device, and use of an unauthorized copy.

Although the above security technologies are proven, in reality it may be cost prohibitive for a company to create the whole security infrastructure and protection mechanisms just for its own use.  Furthermore, IoT device engineers may not be experts in IT security and implementing security features is not their main job function.  IoT devices might have many features but the business model may be subscription based on features that are used by the customer.  Thus, in addition to just securing the software for the device, businesses may require a flexible but secure means to protect the use of each feature in the device in a flexible manner.  Development of a single system with multiple features that are licensed separately can also reduce the manufacturing and management cost of the system compared to building and maintaining multiple systems with different features.

To solve such issues, professional software license and entitlement management solutions offer off the shelf protection of the software against unauthorized modification and updating, pirating, and unauthorized use and also provide a flexible mechanism for companies to provide granular licensing of features of the device so that companies can protect their investment in their IoT infrastructure.  Such solutions also may provide real time monitoring capabilities that will also help with the effective maintenance of devices and systems and provide real time market intelligence.  Software license and entitlement management solutions can also be a basis of providing authorization for access control.  For example, they can effectively manage and control "who is authorized to access what and when?"

Protect data that your devices and masters manage and share with encryption:
Device manufacturers and service providers would like to have data access in order to monitor device health, track statistics, and provide support to their customers. This data may be collected and shared in many different places. It is important that all sensitive data at rest on your device, or in motion as it travels between your device, the cloud and applications, be encrypted. That way, even if the data is intercepted, vital information is obscured and essentially rendered useless to the hackers. Encryption is also needed at the back end infrastructure of manufacturers, cloud service providers, and IoT solution providers.  The encryption keys for in-device encryption should be stored securely in the secure element.

 

Previous Page  1  2  3  4  Next Page 

Sign up for CIO Asia eNewsletters.