But how then does this apply to the Internet of Things, this much vaunted new frontier of connected living? Can it be that we don’t consider the things to be important? Or that we don’t know what they are yet? Or perhaps in this vast exciting new area nobody wants to be tied down to specifics lest they be held to deliver or pigeon-holed into an uncomfortable or unattractive niche?
I suspect there’s a mix of all three (and many more) in the world at large. After all, as the old saying goes, “ask 10 people to define IoT and you’ll have 11 answers”. So be it, that’s great for innovation and I personally love to play with new things, but how can we hope to secure our IoT systems if we don’t know from one day to the next what they’re made up of? In mature markets with well known devices, goals and adversaries then security is best achieved with specialised solutions that are built to understand every detail and nuance of its use case, but in the chaos of IoT any attempt to build such solutions is a fool’s errand: you can never keep up. Instead in a market is evolving so quickly we should take a lesson from the wonderful creatures of Earth: adapt to survive.
When you’re not sure what’s coming next it’s best not to be too highly specialised at first. Develop spikes on your back and sooner or later someone will attack from underneath. Or put a shark on land and see how scary it is then: a simple change in environment can render the best adaptations useless. Instead what you need is a powerful but flexible platform that can change rapidly when needed, and this is what TEE provides. A strong base of security (the TEE with strong Root of Trust and Attestation services) along with the opportunity to rapidly adjust defences when needed (securely downloadable Trusted Applications). Adapt and thrive.
Sure, the Internet of Things is vast, and many approaches to security will be valid and will have to find a way to work together, but TEE is certainly not just for phones.