Strong identity for devices tackles hidden costs in IoT security

Eustace Asanghanwa, Microchip Technology Inc.
embedded.com (September 27, 2016)

Developers of Internet of Things (IoT) products know the importance of security to protect personal or industrial data, and typically employ encryption technologies to address that. But with the enormous volume of communication from these products to cloud-based services, a new security challenge has emerged. Cloud service providers are requiring a two-way trust model based on strong identity to ensure that only authorized devices are accessing their services—and they’re considering charging risk premiums for connections made by devices without this capability. Strong identity is a digital certificate based on a non-readable private key that is generated internally in tamper-resistant, secure hardware. By building a strong identity certificate into their devices, IoT developers can address this new security challenge while also improving manufacturing logistics, reducing costs, and improving customer satisfaction.

IoT presents new security challenges
Internet security using keys and certificates for online transactions is well-established. When consumers shop online, for instance, they can confidently submit payment information based on trust that the information is going to the intended site and not a different domain spoofing that website. This is because relevant digital certificates that enable verification of the domains are embedded in web browsers. The browser makers themselves don’t have to interact with every domain owner, but go through Certificate Authorities (CAs) to obtain certificates that will vouch for the website. The website owners then register their domains with the CAs who verify them. This one-way trust model protects consumers so they can interact with websites for e-commerce, banking, etc. with confidence.

To read the full article, click here