"Security Solutions In A World Of IoT Devices"
Internet of Things (IoT) devices pose unprecedented levels of risk for exploitation. According to security experts, anything connected to the Internet is potentially hackable. Therefore, securing connected devices is a challenge that electronics manufacturers must focus on to avoid having their devices hacked. Marcel van Loon, senior principal engineer of systems architecture at Rambus, has provided a high-level overview of some of the tried and tested security solutions that can be used to build more secure IoT devices. Connected devices have a wealth of information that attackers want. In order to stage a ransomware attack, malicious actors may want to disable access to a device's functionality or gain access to the device's data. They may use a device as a staging point to gain access to the network to which the device is linked. This staging point can then be used to launch attacks on additional security-sensitive devices. Attackers may also be interested in the processor resources or network bandwidth represented by a specific device. If they gain control of many devices, these resources can be used to launch a Denial-of-Service (DoS) attack. Furthermore, devices that use actuators or sensors, for example, to open doors or turn off electricity, can be attacked, leaving key functions in the home or workplace vulnerable. Implementing a field-proven secure boot mechanism to ensure only trusted software can run on the device is one way to protect an IoT device by design. This can be accomplished by using a Read-Only Memory (ROM)-based code mechanism to authenticate the software, which employs key material that an attacker cannot modify. Using a Root of Trust module to boot the device strengthens the boot process even more. It allows for the secure implementation of other security-sensitive functions such as firmware/software updates, secure debug access control, and boot image confidentiality. Using encryption to protect software confidentiality makes it more difficult for an attacker to find potential vulnerabilities, but it does need the key material used to decrypt the software to be confidential. An attacker could gain code execution on the device after boot in devices that also run a lot of complex software that is vulnerable to logical attacks, meaning the firmware decryption key must never be readable from the device, and its use must be limited to device initialization. This article continues to discuss some security solutions that can be used to develop more secure IoT devices.
SemiEngineering reports "Security Solutions In A World Of IoT Devices"