3 Reasons to go for hardware security in IoT devices

Today’s IoT is all around us – From smart cities to industries, homes and more. It is an everyday reality and the number of connected devices is rising rapidly.

Connectivity creates significant vulnerabilities

But the rapid increase of connected devices also may cause a weak spot: Security. Connected devices are potential targets for those seeking unauthorized access to the network and to the device cloud, malicious control of the device, or theft of IoT-collected data. As there are so many ways to potentially cause damage in the IoT, the connection of devices to each other and to clouds requires scalable and easy to use security solutions. For example integrators of industrial systems need to strongly authenticate the origin of devices before allowing them to connect and interact with other components of an infrastructure, such as a Factory Automation system or a Smart Grid Network.

What’s the best way to implement security?

The IoT device identity must be strong, meaning remain unique and tamper resistant; The software implementing its functionality must be integrity protected. Because there are so many ways to potentially damage in the IoT, connected devices need a comprehensive set of protections. Adding protection at the silicon level is one of the best ways to arm a device with necessary defenses. Here’s why:

1. Silicon is the heart of the device and thus a strong foundation on which to build1. Silicon is the heart of the device and thus a strong foundation on which to build. The protection of device identities in IoT requires specific hardware support in order to isolate them from the multiple software layers which keep changing during multiple software updates, to prevent remote extraction or local leakage independently from the device software, or counter un-authorized modifications by a compromised software. Keys used to verify software executed on an IoT device must be securely provisioned onto the hardware and integrity-protected, independently from the software it is supposed to verify and loaded at different stages of the device lifecycle, at manufacturing or Over-The-Air in the field.2. Silicon is trustworthy as it’s highly stable and resistant to change. The starting point for this hierarchy of security – that is, the base that supports the layers of abstraction – is known as the root of trust. The root of trust is something that is inherently trustworthy. The right root of trust creates a firm foundation for security. While lines of code, data stored in memories, operating systems, and user interfaces are relatively easy to alter or damage, physically isolated programs and data in silicon, or programs and data kept safe in immutable silicon, are highly stable and resistant to change.3. Third party evaluations certify implementations for compliance with security claims. Effective security solutions are the result of a strict development process, with clearly defined design rules, multiple iterations of careful review, and full control over the many sub-components. Developing security requires system-level thinking, so as to identify a more comprehensive risk profile, and benefits from multi-layer mitigation strategies and validation procedures, to strengthen the defense. What’s more, as consumers and service providers seek greater assurance that IoT products are adequately protected, it becomes increasingly important to have third-party evaluations that certify implementations for compliance with security claims.

NXP’s security solution

At NXP, we believe strong security doesn’t have to be hard to work with. We’re taking a fresh look at the IoT security and create new ways for developers. Our silicon-based security solutions are designed to provide a safe, self-contained environment for staging and executing the authentication tasks that are essential to safe operation in the IoT.

Our ‘Plug & Trust’ approach for the A71CH Secure Element has proven successful by simplifying the implementation of strong security mechanisms in today’s IoT devices. With NXP’s upcoming SE050 product family of ‘Plug & Trust’ devices, we offer enhanced CC EAL 6+ based security, for unprecedented protection against the latest attack scenarios. This ready-to-use secure element for IoT devices provides a root of trust at the IC level and delivers real end-to-end security – from sensor to cloud – without the need to write security code. Additionally, the turnkey solution includes a complete product support package that simplifies design-in and reduces time-to-market.

To learn more about NXP’s innovative solutions for IoT security, visit our ‘Secure the Edge’ webpage. And don’t miss to join us at this week’s Embedded World (booth #4A-220) in Nuremberg to experience our latest security solutions to protect the IoT.

Philippe Dubois
Philippe Dubois
Philippe is the General Manager of IoT Security, Smart Mobility and Retail. He has been with NXP for more than 7 years, developing new markets for security and contactless products. Philippe has more than 20 years of experience in the semiconductor industry. Philippe holds a Master Degree in Science from the Institut Supérieur d’Electronique de Paris (ISEP) and a Master in Business Administration from Caen University.

Comments are closed.

Buy now