Building the right security foundation for connected devices
Strategies for making your product smarter
Connectivity is vital for most modern devices. It’s no longer just for computers, smartphones or tablets. Televisions, baby monitors, thermostats, medical devices, automobiles and even aircraft are all connected today.
The Internet of Things (IoT) market is expected to reach $11 trillion by 2025, according to McKinsey.
With potential like that, it’s easy to see how your business could grow if you added IoT capabilities to your products.
With growing connectivity comes increased security concerns. What security risks await you, and how can you mitigate them?
Security and reliability win in IoT
Connected devices need to establish proof of identity and origin in order to reliably determine appropriate data sharing and control with other devices and service providers — a process defined as authentication.
Authentication is a key aspect of security that ensures robust access to trusted agents and easy identification of suspicious activity. With product-level authentication, clones and suspicious agents aren’t validated so network and device access are denied. This is especially critical in applications for automotive, industrial, healthcare and aviation, where human and environmental safety are paramount.
With any connected device, serious security planning must be factored into the early stages of the design process. Waiting until the end of the design process risks project schedule delays, drives up costs and creates unforeseen vulnerabilities in device security. Well-planned security delivers strong value by helping the device function properly from the start, avoid potentially expensive litigation and the detrimental effects to a company’s brand image caused by hacking.
Secure programming vs. secure provisioning: the right solution
What are the best ways to protect devices and software from intellectual property (IP) theft, cloning and malicious system hacking?
Two primary solutions are associated with device security: secure programming and secure provisioning. Which option is best for your application? While both solutions provide security solutions, you’ll find key differences.
First, secure programming requires all data to be generated/obtained outside the device itself, increasing the opportunity for that data to be compromised. Except for certain field programmable gate arrays (FPGAs) and multiprocessor system on a chip (MPSoC), secure programming provides security through software that resides on the device. This can protect firmware on the device but does not provide adequate protection from some cyberattacks like counterfeiting and overbuilding.
Software defects and bugs in programming are vulnerabilities continuously exploited by hackers. Once software-based security is compromised, system recovery becomes nearly impossible.
Secure programming is suitable for low-level applications that don’t require advanced security, or in cases where a malfunction won’t cause injury or harm to a person or property. It’s also suitable for devices specifically designed to provide security without requiring bidirectional communication with the programming system. Secure programming doesn’t rely on additional hardware, which delivers some cost savings at the expense of more robust security.
Secure provisioning employs added hardware in providing the best security protection for the complete lifecycle of the device. While the additional hardware will come at a financial cost, the prices are often very reasonable and can save a company expensive litigation and brand damage resulting from hacking.
Secure provisioning also delivers firmware protection and prevents overbuilding, counterfeiting and protects against software programming vulnerabilities. By having the root of trust anchored to hardware, device software and operations are protected. Hardware-based security also protects against unauthorized code reading and is more resilient to physical attacks. Secure provisioning provides critical protection in devices that, if compromised, could cause harm to a person, property damage, loss of sensitive data or intellectual property.
By partnering with trusted global technology partners like Avnet and ON Semiconductor, valuable resources can be better focused on intellectual property innovation and other areas that deliver a strong competitive edge. We support you through design optimizations that both accelerate your time to market and differentiate your product offering. Ultimately, a partnership with Avnet can improve business outcomes and customer journeys by providing the safe and reliable operation of advanced connected devices.