How can Embedded Security be Managed in the IoT World?

  • Integrity: Are you sure the data you are receiving is coming from a trusted place and is authentic?
  • Confidentiality: How do you safeguard your essential data, intellectual property and safety mechanisms (keys) for those secrets?
  • Counterfeiting- This covers both unauthorized duplicates and the overwriting of product firmware with a new illegal firmware image.
  • DDoS attacks- Distributed denial of service is one of the most common attacks in which device and IP address are hijacked to then flood other network servers to force temporary shut down.
  • Tampering- This could be defined as an attempt to extract keys or yield desired results like incorrect meter readings through physical tampering. In fact, some devices radiate electromagnetic radiation that can unlock specific models of electronic door locks.
  • Revise code for security issues, such as buffer overflows and unregulated input data
  • Lock debug interfaces
  • Use built-in protocol security
  • Use third parties to test your device
  • Unlocked debug port- This one could turn out to be risky so never go for it. An unlocked debug port is prone to attacks as it offers low-level security.
  • Permanent lock- It is considered as good security, but its failure analysis (FA) is complicated.
  • Memory erases upon unlock- This security protects data but could not safeguard the device from the new/fake malware.
  • Lock with global password- This lock is highly secure until the password is not disclosed lest the entire IoT device fleet is compromised.
  • Lock with a unique device password- This is also counted as good security, but it’s quite challenging to manufacture it.
  • Lock with asymmetric key- This security port provides the highest security and most flexibility for FA.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store