July 24, 2018
|By: Kristopher Ardis
Executive Director, Micros & Security Business Unit, Maxim Integrated
For the internet of things (IoT) to really begin to thrive, we need to design devices that we trust enough to manufacture and that people feel comfortable enough to buy, install, and use.
We are surrounded by an invisible intelligence. Yet, freeing that intelligence comes with risks because any security flaws can expose your IP and your valuable data to attackers for their use, while also turning public sentiment against connected devices. But it isn’t all about fear, uncertainty, and doubt. We can also think of security as an enabler: enabling new business models, enabling innovative applications, and enabling invisibly intelligent products to become trusted parts of a new economy based on data.
The concept of 'invisible intelligence' rests on three key principles:
Now, let's take a look at how these principles relate to IoT security.
Protecting mobile devices and other IoT products from security breaches can be as straightforward as integrating a security IC into the design.
For all of the talk that we hear about IoT security, the industry remains slow to adopt protective measures. Many believe that implementing security is too expensive or complicated, or feel that it is something they’ll do later (especially when they’re under time-to-market pressures). True, hardware that can efficiently generate and process digital signatures isn’t free. But, the per-unit cost for security technology isn’t unreasonable, as the technology is integrated into microcontrollers or in standalone coprocessor ICs. Security is also a complex topic—the algorithms are difficult to implement, the math is hard to understand, and there is no perfect answer. Here, semiconductor products can assist with the math and implementation, so you don’t need to be a number theory expert to use elliptic curve cryptography to secure your application. As for the do-it-later mindset? What we need is a way to integrate security from the beginning without hampering rapid application development.
But what if we begin to think about security as a way to create new opportunities? For example, security can support lower cost manufacturing. Some companies choose more expensive but local manufacturing because they believe they will have more control over their IP and manufacturing runs. Using microcontrollers with secure bootload capabilities can enable these companies to move manufacturing to the most cost-effective and efficient locations available. A secure bootloader can be customized for a particular customer, and it would allow the designers to send encrypted firmware—which can’t be copied or reverse-engineered—to the manufacturer. Unique identification numbers in the microcontrollers could be used to ensure that only the intended number of devices are manufactured. This is just one example of how security can bring new opportunities.
While encryption might readily come to mind when considering security for embedded devices, also important are techniques such as authenticity, confidentiality, and integrity. Hashing and signatures are also important tools in the security toolbox. In my white paper, "Securing the Next Generation of Smart Devices," I discuss each of these techniques in greater detail and highlight the types of security ICs that are available. Read the paper to learn ways that you can protect your next IoT design.