The Internet of Things (IoT) is a system of interrelated computing devices, mechanical and digital machines, objects, animals or people that are provided with unique identifiers and the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction.
There is a lot of fear, uncertainty and doubt generated from IoT security issues. "Some organizations have been embracing this technology, saying, 'What can I do next from a business standpoint?' But there are controls that have been either bypassed, or for whatever reasons, missed during the product release cycle."
A look at recent news stories can reveal just how far hackers are able to go if they manage to exploit IoT security issues. One IoT exploit example includes a smart refrigerator hack. "What we've seen from the cybercriminal ecosystem is [hackers] want the data that is used on the refrigerator,". Hackers don't care about using a smart fridge as a means of a DDoS attack, but target the user information contained on the fridge itself.
One of the most prominent IoT security issues is the problem with individuals using the same login credentials for everything. "My experience has been that most individuals use the same user ID and password for multiple websites,". "Because of that, most individuals would then use the same user ID and password on their IoT devices or their appliances."
1. Securing the Device
Gemalto’s embedded software and hardware solutions for consumer electronics and M2M help Original Equipment Manufacturers (OEMs) and Mobile Network Operators (MNOs) overcome security challenges:
M2M-optimised SIM and embedded SIM (eUICC): both tamper-resistant environments represent a strong authentication token for cellular applications. They encrypt and authenticate data and securely identify devices on global mobile networks.
Cinterion Secure Element: the hardware component, embedded in devices, provides the maximum level of protection at the edge, for the most critical IoT applications. Its tamper-proof environment works as a ´safe´ for secure storage of encryption keys and security credentials. Embedded cryptographic tools ensure high personalization to the IoT object, giving it a strong identity and solid device authentication on networks.
SafeNet Hardware Security Modules (HSMs): HSMs excel in safeguarding the most sensitive IoT devices´ keys which are centrally stored (on servers or other systems). The hardened, tamper-resistant environment act as a trust anchor to protect the cryptographic infrastructure of some of the most security-conscious organizations in the world.
Trusted Key Manager: the new solution authenticates IoT devices and secures data exchanges on both cellular and non-cellular networks, such as LoRa, preventing unauthorized devices and IoT players from joining the network. It enables strong digital security through a simple and trustful mechanism of secure key provisioning, remote credential activation and lifecycle management.
IP Protection: we protect the intellectual property of embedded software applications and data files, preventing reverse engineering or tampering
2. Securing the Cloud
Some major forms of threat come from the enterprise or cloud environment that smart devices are connected to. Gemalto solutions for data encryption and cloud security provide a comprehensive portfolio for cloud service providers and enterprises to secure their enterprise and cloud assets. Our cloud-based licensing and entitlement solution helps technology companies leverage the full potential of the cloud environment, ensuring their intellectual property is secured.
3. IoT Security Life cycle Management
Often overlooked, managing the life cycle of security components across the device and cloud spectrum is a critical element for a robust and long-term digital security strategy. Security is not a one-off activity, but an evolving part of the IoT ecosystem.
Adding new devices, end-of-life device decommissioning, device integration with a new cloud ecosystem, managing secure firmware/software downloads - all these activities necessitate comprehensive management of identities, keys and tokens. Gemalto provides solutions to build a sustainable security lifecycle management infrastructure, to address current and future security threats:
Identity & access management,
Crypto management,
Trusted Services Hub: the hub acts as a central interconnection platform, allowing the secure deployment of new services and security updates towards IoT things already in the field, for complex ecosystems involving many stakeholders.
No comments:
Post a Comment