Intelligent Security for Connected Device Ecosystems
The Internet of Things (IoT) is your new frontier. You’re empowering your customers and creating new and innovative products. But there are dangers in any new frontier, and the IoT introduces vulnerabilities throughout the network. Whether it’s the connected appliances in your home, or a vast network of devices accessed by cloud services over the internet, you want to be able to control what and who can gain access to your network ecosystem. But how do you know which devices are authorized to be a part of your ecosystem and access the benefits of your network? How do you know if a network node is a device at all and not someone pretending to be a device so they can enter your network? Your home, your car, your office building, your product and its branded accessories are all ecosystems where you need explicit control over membership for security and a consistently positive user experience.
So how can you protect your customers—and your business? Controlling membership of an ecosystem is no trivial task especially since software and firmware is nearly impossible to track and can be easily worked around. A network of thousands of device manufacturers, each with dozens of product lines, and each of those products with numerous software revisions makes consistent ecosystem control an unmanageable task very quickly.
But, by building smart security into your networks and devices from the beginning, you can simplify this process in a secure and highly-scalable method by uniquely identifying each approved device. Authentication is so fast it is invisible to the user, and it can provide the seemless user experience your customers seek.
Protect your everything from the threats that lurk throughout the IoT ecosystem
- Device Spoofing lets hackers gain access to a network using software that mimics an IoT device
- Network On-Boarding opens vulnerabilities and back-door access into consumers’ or OEMs’ networks
- Device Identification is a complex, multistep process with vulnerabilities at each stage
- Remote Updates offer opportunities for malicious software to be uploaded into the system
- Brand/IP Counterfeiting endangers consumers and your company’s reputation via cloned accessories that are insecure or low quality
If you’re developing health or medical devices, you know how important security is to protect consumers and their personal information. But why would hackers be interested in the data on less-critical IoT devices such as thermostats or light bulbs? In many cases, the actual target is access to the network the device is connected to. (This was the case with the well-publicized 2014 Home Depot breach.)
Device spoofing and “man-in-the-middle” (MITM) attacks are designed to gain access to a network using software that mimics an IoT device. Networks and devices that lack authentication can be tricked into giving up access credentials or executing malicious code. Even networks with weak authentication are subject to MITM attacks in which the attacker eavesdrops on transmissions and steals access credentials.
Protect your device and network from spoofing or MITM attacks
Secret keys serve as part of a unique, verifiable identification tag to make sure every device on your network should be there, and use authentication to make encryption effective. These technologies help you:
- Protect the data that’s sent over wireless networks to and from edge node devices
- Prevent manipulation of networked devices through unauthorized network access
- Make sure IoT devices can’t be used as backdoor entries into user or manufacturer networks
» Learn more about Atmel Security Solutions to prevent spoofing and MITM attacks.
On-boarding is the process of bringing a new device onto your network simply and securely. This can be especially challenging for IoT devices that have limited or no user interface, such as a light bulb or some industrial applications. And in many cases, consumer demands for convenience require bulk on-boarding of many devices at once. The process becomes more complicated by the number of wireless protocols that must be supported, including 6LowPAN, Wi-Fi, Bluetooth, and other new and proprietary technologies.
Lock down your network on-boarding process
Whether your market is home or industrial automation, it’s your responsibility to maintain the security of your customers’ network. Ensuring that access credentials are securely transmitted prevents unauthorized devices from on-boarding to your network and protects the data sent over the network. It also prevents your network device from communicating with an unauthorized device, being manipulated through unauthorized network access, or becoming a backdoor entry into your or your customer’s network.
» Learn more about Atmel Security solutions to prevent Network On-Boarding.
Edge node devices are the most vulnerable points in the IoT, especially in cost-sensitive markets where omitting security might be seen as a viable way to cut costs. But headlines continue to highlight the risks to consumers and businesses when edge nodes are used as backdoor entries to critical networks. (The 2014 Home Depot breach is a prime example.) Manufacturers need proven edge node security that is cost-effective and manageable for large or small volumes.
Secure IoT edge nodes with device provisioning and commissioning
Device identification through provisioning and commissioning ensures that only legitimate, trustworthy devices can connect to each other and to the network. The basis for device identification is provisioning, which takes a raw device and gives it an identity for security purposes. This involves loading a unique private key and any other certificates or artifacts that establish the device as legitimate and trustworthy. Commissioning transforms the device from generic to one associated with a specific user on a specific network. It typically involves an account with the network provider and validation steps such as passwords delivered by cell phone.
Securely provisioning a new device with your certificates and keys in production involves:
- Generating key pairs
- Generating certificates
- Digitally signing devices
- Securely programming devices
- Securely storing private keys and access credentials in your device
- Doing it simply and inexpensively
» Learn more about Atmel Security solutions to prevent Edge Node vulnerability.
Updating software or firmware for devices in the field opens new security vulnerabilities. Security planning includes processes that prevent malware from installing itself on your device and detect file corruption during an update. Secure download protocols prevent code from being altered in transit and secure boot and code execution allows only authorized code to run on the device.
Maintain security in the field for the life of your device
Software controls built into your device will help protect it through field updates over time—securing the network and maintaining consumer satisfaction. These controls ensure that access points and the system as a whole run only verified code. Security protocols also ensures verified firmware uploads so malware or viruses aren’t introduced to corrupt the system.
» Learn more about Atmel Security solutions for secure boot of software.
Brand and IP counterfeiting endanger consumers and your company’s reputation by the availability of cloned accessories that are insecure or low quality. This can be especially important for applications with accessory ecosystems. Without security at this level, consumers have no protection from counterfeit devices that might corrupt the larger system or detract from their experience. The result? Dissatisfied customers, brand devaluation, and lost revenue to counterfeiters.
Protect customers, protect yourself
Security protocols protect against counterfeit devices and save money for both OEMs and consumers. This level of security prevents cloning of your design and code, ensures interoperability across your approved ecosystem, and ensures that devices function as designed.
» Learn more about Atmel Security solutions to prevent counterfeiting.