Media Relations for a Connected World

Icon Labs featured in ECN Magazine Brainstorm: Meeting The Demands Of IoT And Smart Home Automation
02.05.2017 20:17
By David West, Director of Professional Services, Icon Labs
IoT devices are predominantly price-sensitive and deployed outside of a secure perimeter with a very long life cycle. In most cases, cost, more than any other factor, drives security component selection.
When choosing between hardware or software, the best solution is to build security into the device and not depend upon the perimeter. Typically, on-device security is an order-of-magnitude lower cost. Addressing basic security needs like an embedded firewall and secure boot cost-effectively protect the device from both inside and outside attacks.
Likely candidates for hardware solutions include Physically Unclonable Functions (PUF), Trusted Platform Module (TPM), and TrustZone.
PUF uses random patterns in the silicon to differentiate chips from each other and to create a unique random number. The generated random number is used to seed a strong device ID and cryptographic keys creating a hardware root of trust.
Security co-processors are physically separate chips offering true isolation of private keys. A TPM offers isolation along with crypto functionality, key generation, and secure storage. However, its cost usually moves it to higher end IoT devices.
Trust Zone is another single chip solution that segregates execution space into secure and insecure worlds. Unsecure apps can’t access security-critical assets. Those same security critical assets are isolated from tampering. Like a TPM, cost moves it to higher end devices.
Software security provides a layer of protection at a much lower cost while offering a broader range of options compared to hardware. Frequent candidates for software security include a firewall blocking unwanted packets, TLS/SSH for secure communication, intrusion detection, and management functions. Compared to hardware solutions, software may consume more power.
Ultimately, some combination of hardware and software will be required. Only the system designer will be able to make that determination based upon costs and likely attack vectors.