Building Security Into IoT Devices
2015-01-29 Terry Gaul
The U.S. Federal Trade Commission recently released an in-depth report entitled, The Internet of Things: Privacy & Security in a Connected World, which included a long list of considerations and recommendations on how manufacturers should secure IoT devices.
To emphasize the magnitude of the IoT, the FTC noted that six years ago, for the first time, the number of “things” connected to the Internet surpassed the number of people. And experts estimate that, as of this year, there will be 25 billion connected devices and by 2020, 50 billion. And, this is not taking into consideration devices sold in a business-to-business context, nor does it address broader machine-to-machine communications.
The report recognized the numerous benefits the IoT presents to consumers and the potential to change the ways that consumers fundamentally interact with technology. In the future, they said, the Internet of Things is likely to meld the virtual and physical worlds together in ways that are currently difficult to comprehend. From a security and privacy perspective, the predicted pervasive introduction of sensors and devices into currently intimate spaces–such as the home, the car, and with wearables and ingestibles, even the body –pose particular challenges.
The FTC outlined a variety of potential security risks that could be exploited in the IoT to harm consumers by: (1) enabling unauthorized access and misuse of personal information; (2) facilitating attacks on other systems; and (3) creating risks to personal safety. The security risks associated with IoT devices are not only limited to the compromise of Personal information, but can involve broader health and safety concerns. For example, if a pacemaker is not properly secured, the concern is not merely that health information could be compromised, but also that a person wearing it could be seriously harmed. Similarly, a criminal who hacks into a car’s network could cause an accident.
Among the many best practices for IoT device manufacturers recommended by the FTC staff, this one stands out the most – “companies should build security into their devices at the outset, rather than as an afterthought.”
Of course, none of this is startling news to us here at Wibu-Systems. We have been protecting software for more than 25 years and experienced with securing embedded systems found at the core of IoT devices. With our CodeMeter protection platform, IoT device manufacturers can ensure the integrity of embedded systems through the use of cryptographic methods. CodeMeter offers different secure storage options for keys and state information: smartcard chip, TPM and software container. CodeMeter supports common operating systems like Windows, OSX, and Linux as well as Windows Embedded, Real Time Linux, VxWorks, Android, QNX and PLCs like CODESYS, B&R and others. It contains a fast and reliable implementation of symmetric and asymmetric encryption methods (AES, RSA, ECC) as well as hash functions (SHA-256), functions for signature validation (ECDSA) and a random number generator.
CodeMeter includes all the available tools needed to implement integrity protection, software protection and the prevention of code tampering. CodeMeter also includes tools for creation, management and delivery of keys and digital rights.
To see how easy it is to build security into your software and embedded systems, request a fully functional CodeMeter Evaluation System and try it out.
Contributor
Terry Gaul
Vice President Sales USA
Terry Gaul is a sales and business development professional with extensive experience in the software and technology sectors. He has been involved with software protection and licensing technologies for more than 20 years and currently serves as Vice President of Sales at Wibu-Systems USA. When he is not helping customers with software licensing, Terry typically can be found coaching his daughters' soccer teams or camping with his family on the Maine coast.