Trust and IoT Devices
Using ECC to Create Trust with IoT Devices
Connected devices are now a part of everyday life. While not everyone may fully understand the exact definition of “the Internet of Things”, the term is well known. In fact, as Google CEO Eric Schmidt told the World Economic Forum in Davos Switzerland last January, people will no longer marvel at the connectivity. “There will be so many sensors, so many devices, that you won’t even sense it, it will be all around you,” Schmidt said.
Focus on Security
The recent “Emerging Cyber Threats Report” presented by the Institute for Information Security & Privacy at the Georgia Tech Cyber Security Summit 2015 looked at how the proliferation of these new devices will increase security threats.
The report reviewed the most dominant emerging cyber threats:
- Privacy breaches as companies collect more and more of our data
- The risk of not having a sufficient number of security workers
- Trust problems with connected devices and systems
- Information theft and cyber espionage
Increase in Devices Equals an Increase in Hacks
As the number of devices grows, it's inevitable that those devices will be hacked. From data being stolen to hacks where the device can be taken over and operated for malicious purposes, it's all been done before and it will happen again.
Trust is a critical stumbling block in the fight for security. Historically, industrial systems operated on private networks, so access to the network usually required physical access to the systems. As a result, good locks and security guards could protect against most common attacks. This no longer holds true as devices and systems communicate with each other without involving humans.
The added challenge to trust comes when manufacturers take shortcuts when it comes to security. The report specifically points out that some practices are eroding trust:
“In the physical world, (supply chain) activities have to be audited to ensure only trusted parties are handling the device or data. In the digital world, trust is established through digital certificates, encryption and other information security technologies. Yet, weaknesses in this infrastructure are apparent. About 4.4% of all malware is signed using developer certificates as a way to circumvent and domain registrars have often been fooled into issuing fake online certificates.”
Physical Risk Increases Threat from Hacks
The explosive growth in the number of connected devices does not just provide more targets to attack. Many of the new and proposed connected devices can directly control physical systems, dramatically raising the potential risk. Online threats can now have a direct impact on personal safety and the protection of property and equipment.
The report calls this practice out as a “yet to be solved issue”. In fact, there is a solution.
Certificates and authentication offer an excellent security solution. Problems arise when the right governing protocols and processes are not in place.
The creation and management of secure systems requires excellent technology and expertise in how to apply it effectively. This is not always the easiest route to take. It will go a long way to solve the trust problem when manufacturers of IoT devices take the time to build products from the ground up with security in mind. That includes selecting and working with partners like TrustPoint Innovation, who have the expertise to use the right protocols and processes. That's how you build a trustworthy reputation.
Contact us today to learn why Elliptic Curve Cryptography (ECC) is the right choice for developing secure solutions.