IoT Security for the Future of IoT Devices & Data

The world is becoming increasingly connected, not just through smartphones and wearables, but also through connected devices in cars, homes and cities. This opens up many new and exciting opportunities but also introduces challenges around how we protect and secure devices, users and services.

IoT Device Security

Devices need to be designed, developed and built on a proven foundation of hardware-backed IoT security that will provide robust protection long into the future. It will also be vitally important to be able to distinguish between ‘trustworthy’ and ‘untrustworthy’ devices.

Trustonic’s hardware-backed IoT security solutions and IoT Root of Trust foundation form the basis upon which a secure and trusted IoT infrastructure should be built.

Trustonic has developed two versions of its secure TEE operating system; Kinibi and Kinibi-M.

Kinibi is the operating system that is used to protect application-level processors, such as the ARM Cortex-A range. These processors are used in most smartphones and higher-end IoT devices.

Kinibi-M, on the other hand, is used to secure low-power, low-cost microcontroller class processors (MCUs), which are mainly used in sensors and other dedicated-use IoT devices. Processors in these devices are typically those from ARM’s Cortex-M series. In partnership with Trustonic, Microchip was the first manufacturer to embedded Kinibi-M into high volume commercial microcontrollers with the launch of the SAM L11 range of MCUs.

Connected IoT Devices Interact Throughout the Day

  • 05:00 Thermostat

    Thermostat needs to start early

    A connected thermostat identifies a colder than average temperature outside and turns on the heating earlier than normal

  • 08:00 Unlock the car

    Unlock the car

    Using biometric authentication on a smartphone to unlock your car as you approach

  • 08:45 Car pays Toll

    Car pays toll payment

    The car automatically pays a road toll booth as it travels past

  • 14:00

    Smart appliances

    Your washing machine detects a build of scale and orders a descaler

  • 17:00 Secure chat to doctor

    Secured webcam

    You have a private remote consultation with your doctor through a secured webcam link

  • 21:00 Smart drug delivery

    Smart drug delivery

    Your connected insulin pump alters the dose based on biometric data analysis and an update following from the consultation with your doctor

Connected IoT Devices Interact Throughout the Day

IoT Security Issues

The fundamental requirements of IoT are that connected devices can be proven to be legitimate and trustworthy and that the associated services and applications, including any sensitive data and communications, are protected at all times.

To protect IoT devices, they need to be proven to be legitimate, identifiable and manageable. What’s also important to remember is that, unlike mobile phones which are typically manufactured by one company, IoT devices are often built on top of a module manufactured by another supplier. The device lifecycle can be complex and legitimacy and identity need to be managed throughout the manufacturing process, as well as after delivery to a user. In the case of a consumer device, there is also the possibility of device recycling, so solutions need to cater for a change in device ownership, whereby the new owner can be assured that the previous owner no longer has access or control.

IoT Security Technology

IoT Security Technology

Trustonic’s TEE is unique and open, it has been designed to support multiple separate applications, each potentially with a different owner. These separate applications are individually isolated and unable to eavesdrop on each other.

Secure IoT Device Lifecycle Management

Secure IoT Device Lifecycle Management

By embedding a Root of Trust (RoT) into each device during manufacture, the legitimacy of the device can be guaranteed by any connected services. Trustonic’s Digital Holograms for IoT build on the Root of Trust, enabling manufacturing and lifecycle stages to be securely recorded and proven during the lifecycle of the device.

IoT Secure Cryptography

The TEE has the ability to secure data, communications and cryptographic operations. Encryption keys can be stored, managed and used within the secure environment, with no opportunity for eavesdropping. To enable small devices to be highly secure, Trustonic has developed compact and secure implementations of many standard cryptographic algorithms.

IoT Application Security

Sensitive parts of any application can be executed inside the TEE, ensuring that applications and services are immune from both malware and software-based attacks at all times. In addition, any IP in the application can be protected from theft. It is worth remembering that the IP is often worth a lot more than the device it is embedded into.

IoT Security Solutions PDF Downloads

Microchip SAM L11 MCUs with Trustonic Kinibi-M™

Microchip SAM L11 MCUs with Trustonic Kinibi-M™

Microchip and Trustonic have partnered to bring advanced hardware-based security to the SAM L11 microcontroller family. IoT developers and embedded systems developers can now build the most secure solutions with the easy to use toolkit.

Secure IoT device lifecycle management & IoT supply chain protection

Digital Holograms™

Secure IoT device lifecycle management & IoT supply chain protection. Digital Holograms™ are an innovative mechanism from Trustonic which enable web services to securely determine the lifecycle of an IoT device.

IoT Cloud Security, Device Authentication & Enrollment

Automatic Cloud Enrollment

Secure automatic IoT device cloud enrollment, Enable IoT devices to securely identify themselves in the field with secured IoT device auto-enrollment.

IoT Security Challenges

There are three main challenges in IoT and cybersecurity:

  1. You need to trust your devices
    Ensure only legitimate devices can connect to services
    Prevent hackers, counterfeits, ODM overproduction and IP theft
  2. You need to protect the data
    Secure IoT data both in transit between servers and in devices at rest
    Enable commercial grade security on low-end IoT devices
  3. You need to protect your code
    Develop applications using simple but secure APIs
    Protect code IP against theft and devices against OSS vulnerabilities
Kinibi Solution for Application Class Processors

Kinibi Solution for Application Class Processors

Trustonic’s Kinibi® solution addresses the needs of IoT devices running on application class processors. These devices include routers, industrial robots, and in-vehicle infotainment (IVI) hardware.

  • Full TEE-OS for Application Class Processors
  • Global Platform APIs
  • Flexible cryptography
  • Secure code separation…
  • Deployed on over 1.7 billion devices
Kinibi-M™ Solution for Microcontrollers

Kinibi-M™ Solution for Microcontrollers

Trustonic’s Kinibi-M™ solution addresses the needs of IoT devices running on microcontrollers. These devices include sensors, wearables and other dedicated-use devices.

  • Micro-TEE for microcontroller class processors
  • Global Platform inspired APIs
  • Flexible cryptography optimised for microcontrollers
  • Modules to ensure device provenance
  • Supply chain protection
  • Software isolation and IP protection
  • Available on Microchip SAM L11 microcontrollers
  • Download Developer SDK

IoT Training Videos, Trustonic IoT Security Solutions

To help customers, partners & researchers to understand Trustonic’s suite of IoT security solutions, see our IoT training videos, explaining the high-level concepts and practical examples of deployment.

IoT Training Videos

Frost & Sullivan IoT Award

“Trustonic possesses a unique business model in the connected devices IoT security market, As the only company to offer open, scalable access to hardware device features for multiple value chain participants. Frost & Sullivan’s analysis indicates that competing TEE products are limited in functionality and support a smaller number of application use cases.”

Vikrant Gandhi, Industry Director with Frost & Sullivan.
Download the analyst report here

Trustonic’s solution for constrained microcontroller devices consists of a number of components

Kinibi-M

A new, modular, hardware-secured operating environment specially designed for size-constrained IoT chipsets. The platform is adapted from Trustonic’s existing technology that is already embedded into more than 1.7 billion connected devices, such as smartphones and wearables.

Key Provisioning

Enabling a ‘Root of Trust’ (RoT) to attest that devices were securely manufactured, determine the device type and identity, ensure applications and secrets can be securely delivered and identify rogue or counterfeit devices.

Digital Holograms™ – Secure IoT Device Lifecycle Management

A Trustonic technology for IoT device attestation that leverages blockchain technology. Digital holograms allow secure IoT device lifecycle management – any authorized party in the device manufacturing chain can attest securely and irreversibly to a stage of manufacture. The Digital Holograms are cryptographically superior to digital certificates as they cannot be copied and used across multiple devices (for more info download the Digital Hologram datasheet here). They are stored on-device using blockchain IoT technology to prevent tampering.

IoT Developer Tools & SDK

Enabling developers to create secure IoT devices and applications easily. Trustonic delivers simple-to-use GlobalPlatorm standards-based APIs, so module developers don’t need to be security experts. Download IoT Development Kit from Microchip & Trustonic.

IoT Security Solutions

IoT Security Solutions

Security for the Future of IoT Devices & Data

Device Attestation & Data Provenance

Secure IoT Device Lifecycle Management - Digital Holograms

Trust in the provenance of the device and its data. Manufacturing and lifecycle stages can be securely recorded using Trustonic’s Digital Holograms. At any future stage in the device lifecycle, Trustonic’s device attestation service can enable proof of secure manufacture or proof of legitimate deployment. For example, upon device registration, cloud services can leverage this capability to automatically onboard attested devices and reject counterfeits.

Supply Chain Protection

IoT Supply Chain Protection - Digital Holograms

Prevent opportunities for fraud & counterfeiting. Together, the Kinibi-M trusted OS and Digital Holograms prevent individual devices from being cloned, IP or keys from being removed from a device, or devices from being over-produced. Any attempt to create counterfeit devices can be detected in-factory or in-field using Trustonic attestation services and the fraudulent production step can be highlighted.

Automatic Cloud Enrollment

IoT Cloud Security, Device Authentication & Enrollment

Enable devices to securely identify themselves in the field. Due to the relatively limited memory and processing capacity of MCUs, they are not capable of running a full TLS stack. Trustonic has developed a cloud-connector enabling secure automatic cloud enrollment to multiple cloud service providers. The solution currently supports Amazon Web Services and Google Cloud, with more cloud service providers on the roadmap. This enables simple and secure automatic cloud enrollment from resource-constrained microcontrollers. It integrates with the Trustonic device attestation service to give developers a way to automatically enroll their devices into cloud platforms and to securely validate their identity.

Software Isolation & IP Protection

Risk and error protection through secure sandboxing & defense of intellectual property Code modules are isolated from each other, reducing both the risks associated with errors elsewhere on the device and the potential for firmware updates to invalidate assumptions made during certification. This enables others further down the device’s production chain to add additional software or customization in a safe and secure way. Additionally, IP protection ensures that sensitive code and data cannot be extracted, copied, removed, modified or tampered with. This is essential, as the IP in software is often of far greater value than the device itself.

Talk to one of our experts for a consultation

  • This field is for validation purposes and should be left unchanged.