Security in IoT products is not optional, yet is often considered as an afterthought, when, in fact, robust security should be designed in from the ground up. There have been several recent high profile hacks where fraudsters have exploited weak security in these devices. One such example was the hack responsible for a huge denial of service attack that took the whole country of Liberia offline.
The Trustonic Secured Platform provides IoT developers with a hardware-backed security platform. It enables them to write applications that securely manage identities, authentication, authorisation and permissions associated with devices and users. It also provides the ability to prove that the device is legitimate, by validating the unique root of trust baked into each device during manufacture.
- Security needs to be embedded in IoT devices at the manufacturing stage, providing a foundation upon which everything else is built.
- Each Trustonic-enabled device has a unique root of trust embedded during device manufacture. Proving the device is the one that it claims to be is challenging and the root of trust can be used to verify that the device is legitimate and trusted.
- The Trusted Execution Environment (TEE) provides a secured boot to prevent firmware modification by users.
- Trustonic's IoT products have been embedded into several processors, including the ARM A and ARM M ranges.
- The TEE provides hardware protection, similar to that provided by a secure element, but with significantly more processing power and no additional component (BOM) costs.
There are several valuable use cases within automotive. For example, the automation of parking or toll payments, to order parts or to book a service. In addition, some car manufacturers are looking to replace conventional keys with a smart phone, thus enabling powerful use cases such as the simple remote lending of keys. The underlying security requirements for all these use cases is to securely identify the vehicle and also to provide end-to-end security.
Healthcare is moving into the home. Patients are often discharged from hospitals with home monitoring equipment. The data gathered by these devices is sensitive in nature and needs to be stored and
transmitted securely. In addition, the source of the data needs to be validated. The root of trust embedded in the devices enables both end-to-end security and data integrity.
Devices in the home, such as washing machines, heating systems and lighting, are becoming increasingly connected. Remote connectivity brings many benefits for users, but also introduces potential risks of attack. For this reason, designing devices with an inherent secured platform reduces risk and increases trust.
One example of this could be a printer that automatically orders a new toner cartridge. In such a scenario, it is essential to validate the identity and ownership of the device before executing the order.