Security empowers the true potential of IoT

Only a couple of years ago, Internet of Things (IoT) manufacturers were primarily concerned with hardware not software. Today, says Richard Hayton, CISO, Trustonic, IoT appliances have changed drastically, with software taking prominence and growing in terms of consumer-related applications.

Nowadays, the term “IoT” is mainly used for consumer-focused applications: these include connected vehicles, wearable technology and connected health, amongst other applications. According to Statista, forecast figures suggest that the IoT market for end-user solutions will grow to around US$1.6 trillion (€1.31 trillion) by 2025.

However, end-user solutions is not the only market for the Internet of Things. Organisational and industrial applications of IoT devices are also on the rise, especially within the manufacturing and healthcare sectors.

Security and IoT

As the breads of IoT applications expands, there is an increasing need to reuse both hardware and software platforms. Software re-use, while it may have positive aspects, increases the security impact of any vulnerability that can be exploited. A library or subsystem designed for one use case, may be reused in an application the original author had no foresight of.

The industry is learning fast and “secure boot” and “secure software update” are starting to become more commonplace. Whilst these techniques are important, they are not a panacea. Especially for when devices store or enable information of high value to an attacker, such as sensitive personal data, or access credentials to data stored elsewhere.

Secure boot and security updates provide a first level of defence, but from a security perspective it is best to assume that this defence will sometimes be breached. If these are the only defence, then once breached, any data on the device is lost, and the attacker is free to abuse the device to attack elsewhere.

Introducing a trusted execution environment

A broader approach to security is to provide multiple zones or environments for the software on a device to isolate and protect them from attack, and to reduce the impact of a successful attack. Some environments those storing or manipulating sensitive data will be specifically designed with security as the primary aim.

Technologies provided by modern chipsets, such as Arm TrustZone, can provide an isolated zone that is protected by the CPU hardware and secure boot, and that remains secure, even if other parts of the device are compromised. Trusted Execution Environments built using this technology are designed with a “defence in depth” approach, focusing on code that is cryptographically signed, and APIs certified by independent bodies against attack. Software running in such environments can also prove their legitimacy to external cloud servers, making it far harder for an attacker to subvert the broader IoT ecosystem.

Richard Hayton

For an individual, a cyberattack via their devices can be devastating, stealing personal data, and potentially enabling identity theft or broader criminal activity such as abusing payment credentials stored on an IoT device, or using a breached device to attack other devices in a home network.

For a device manufacturer, and for the industry as a whole, attacks can have even larger impact. Once consumer trust in a brand is lost it is very hard to regain, and consumers will rapidly dismiss brands, or entire product segments if the risk/benefit trade-off does not seem reasonable. This statement is even more true of regulated markets, such as medical or commercial IoT, where regulators are quick to act if a product is found lacking.

A way forward

In the past, security was not a buying decision. That is changing. Regulators across the globe are requiring some basic hygiene for Consumer IoT such as secure boot and removal of default passwords. This is a great start, but it is undoubtedly only the first step and, as discussed above, is only one part of a security strategy. The industry can expect future regulation, but really what is needed is a move from security as a tick box to security as an integral feature of the product.

The author is Richard Hayton, CISO, Trustonic.

Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow

RECENT ARTICLES
Background design with neon fingerprint

WISeKey launches SeyID Digital Identity platform in Seychelles

Posted on: April 23, 2024

WISeKey has announced it has the project to deliver a new Digital Identity platform, “SeyID”, by the government of Seychelles. SeyID will be linked with different national initiatives covering eGovernment, eTourism and eHealth.

Read more
white house green cloth assortment

Smart home technology saves money and helps protect the planet

Posted on: April 22, 2024

In the global battle against climate change and to be more sustainable, the quest for energy efficiency has taken centre-stage. The focus on sustainability is an increasing emphasis on humanity’s finite resources and the effect of our energy-consumption habits on the world around us. This heightened awareness is leading to a radical rethinking of how

Read more
FEATURED IoT STORIES
What is IoT answer

What is IoT? A Beginner’s Guide

Posted on: April 5, 2023

What is IoT? IoT, or the Internet of Things, refers to the connection of everyday objects, or “things,” to the internet, allowing them to collect, transmit, and share data. This interconnected network of devices transforms previously “dumb” objects, such as toasters or security cameras, into smart devices that can interact with each other and their

Read more
iot adoption

The IoT Adoption Boom – Everything You Need to Know

Posted on: September 28, 2022

In an age when we seem to go through technology boom after technology boom, it’s hard to imagine one sticking out. However, IoT adoption, or the Internet of Things adoption, is leading the charge to dominate the next decade’s discussion around business IT. Below, we’ll discuss the current boom, what’s driving it, where it’s going,

Read more

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more
IoT Now Enterprise Buyers’ Guide Which IoT Platform 2021

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more
CAT-M1 vs NB-IoT

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more
internet of things isometric illustration of connected things

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, home automation using iot is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more
iot challenges and issues

5 challenges still facing the Internet of Things

Posted on: June 3, 2020

The Internet of Things (IoT) has quickly become a huge part of how people live, communicate and do business. All around the world, web-enabled devices are turning our world into a more switched-on place to live.

Read more