5 (nearly) universal IoT security problems
Can you solve your Internet of Things dilemma for a couple bucks? Just maybe.
By Guillaume Crinon
Are there security use cases in the Internet of Things that apply to basically any business? Where 100% of people would end up falling in to one or more categories?
While IoT is chock full of customization, there are security measures that thread through nearly all deployments. These are the five biggest we see.
Brand protection comes via authenticators
Your brand is real currency in the market. We all know that people go to Starbucks because it’s Starbucks, because the green mermaid on the side of your cup means something in the market. No matter where your business fits into IoT, maintaining the authenticity of your brand is just as important. Yet, it can be more challenging to ensure each customer has a great experience with your IoT solution—especially if they’re using non-authorized accessories or consumables.
Off-spec additions can infiltrate a carefully constructed ecosystem. But how do you to ensure customers purchase consumables from you and not a cheap competitor? How would they know the difference between an original device or board and a fake copy?
The answer is simpler than it might seem: an authenticator chip that costs only a few dollar dimes can help ensure non-authorized duplicates or accessories aren’t plugged into your scheme, keeping your product and your bottom line safer along the way.
Control features and usage with authenticators, too
Sure, brand control is nice. Feature control is critical, too. Preventing overuse is important for your own security and uptime reasons, but it could come down to the health and safety of consumers, for example, if you’re working on a special medical IoT deployment.
With another simple solution, you can prevent overuse to stem the tide of damage to your device, limit DIY retrofitting to ensure proper functionality or impose more control. Just look for an additional feature on your authenticator chip: a protected counter that allows for control from brand to usage.
Protect assets with a safe bootloader
From smart light bulbs to security systems or fitness wearables, there will always be next generations of hardware or software updates pushed to systems.
How can you make sure that only authorized firmware is downloaded once devices are deployed in the field? Or that no one reprograms them to change, control or unlock functions?
When it comes to firmware, the complications mount more. How can you make sure no one can duplicate your production even if they have you firmware publicly available on the web? Or that no one impersonates your firmware with an infected pseudo-official version?
Here’s another quick solution: include enhanced cryptography on that authenticator chip. For just under a dollar you can ensure protection of your assets through an upgraded safe bootloader building its process on a rock-solid root of trust which you control.
Ensure offline local network security standards
Deploying paired devices can get complex and expensive. From central units, remote controls and peripherals, field pairing needs specialized installers to make sure it goes right. Once it’s installed, look out for extra costs incurred through logistics or further installations and upgrades. It’s a lot of overhead to stomach, but it’ll cost your reputation if it goes awry.
The right partner with state-of-the-art mechanisms can simplify pairing in the field with keys that can be regularly renewed easily at will through secure elements that incorporate higher cryptography—and for under a dollar each part with the option of personalization services in our secure logistics facilities able to register each part produced into your database in real time.
Connect devices to the right remote servers
Much like with offline local network standards, deploying connected devices can incur complexity and expense as well. Central units, remote controls, peripherals and remote servers all need to be paired together at some point. Along with costly field pairings and installers, device deployments can be stringent and expensive in the factory if bundles need to be pre-programmed and pre-packed together. They’ll also need to consistently be monitored because security is weak if secret pairing keys are never renewed during the life of a product.
Connectivity to the Internet also brings exposure to these devices and requires truly end-to-end security from the device itself to the server it is connecting to.
Similar state-of-the-art mechanisms make field pairing easy and can also be regularly renewed without always having to go back into the field to do it. Again, make sure to use personalization and security component bundles with a dollar or two and secure elements with enhanced cryptography. Each secure element manufactured in our personalization facility comes with a customizable unique ID, unique keys and certificates signed by Avnet or partner Certification Authorities which we can whitelist in the file format of your choice so as to ease their provisioning on any system, private or public cloud.
Navigate these use cases with the right team
All of these use cases point to the necessity for a solid team to help you deploy IoT. Whether you decide to build infrastructure via an internal team or buy it through the right strategic partner, ensuring you have a point person guiding your IoT project through each development phase is crucial to success in deployment and beyond.