Fill This Form To Receive Instant Help
Fill This Form To Receive Instant Help
Homework answers / question archive / The challenging concept of ensuring security over the new IoT device and technology implementation at the corporation is now the next task which must be briefed and understood by management
The challenging concept of ensuring security over the new IoT device and technology implementation at the corporation is now the next task which must be briefed and understood by management. Corporate sensitive information, personally identifiable information, financial records and more will be within the IoT sphere therefore a meeting is required to discuss the security infrastructure needed for effective IoT implementation. Management would like a 3-5 page concept paper put together bringing depth to the critical security concepts needed for the IoT asset tracking implementation and strong device identity protection. Identify the core IoT security requirements for the following:
Answer:
By 2020, it is estimated that the number of connected devices is expected to grow exponentially to 50 billion. The main driver for this growth is not the human population; rather, the fact that devices we use every day. So, there should be a strong infrastructure for the same to support. In this to achieve the answers to asked questions are as follows.
Trust in IOT security refers to an expectation of integrity that a system is operating as designed. Software trusts that hardware is operating properly. Applications trust that the operating system is not corrupting data. Remote systems trust in the device’s identity to which it’s connected.
The process of establishing trust is authentication. A system’s root-of-trust is the point where authentication starts and then extends through each software layer. High-assurance solutions support a root-of-trust in hardware or immutable memory so that it can’t be modified.
Using cryptography, IoT developers can create systems of trustworthy interconnected devices over untrusted public networks. Implementing an end-to-end security strategy requires a platform that includes a cryptographic module, network security protocols, key protection, and secure boot. After all the man-hours securing the device, the investment is still at risk if CA and software signing keys are ever compromised.
Compromise of root PKI keys impacts every device manufactured. And with access to the root key, an attacker can sign malicious software and create fake certificates. Attackers then have the ability to masquerade as valid systems, with the ability to collect data and issue commands at will. Weighing the impact (one device vs. all), protecting the root keys is the most critical function of the entire system and must be prioritized accordingly.
Developing an end-to-end security strategy
Integrity Security Services (ISS), a subsidiary of Green Hills Software, supports the IoT revolution by helping clients build trust in their devices through end-to-end embedded security design. Starting with threat assessments to analyze the impact of unauthorized events, organizations can architect a security strategy addressing the ISS Five Rules of Embedded Security.
End-to-end security protects during all lifecycle phases throughout manufacturing, operation, and maintenance. An attack doesn’t just occur after the product is sold. Employees, partners, and counterfeiters are also threat candidates, which is why a zero-exposure key management infrastructure is critical.
Unlike production test stations, the security architecture and infrastructure can be reused across multiple product lines. By developing the infrastructure solution first, organizations can incorporate use of the system into multiple products, thereby reducing per unit cost. The cost of security can be further reduced by value-added features, such as remote software update, feature control, and “in-app” purchases. Leveraging the trusted platform and digital identities, developers have the ability to securely communicate and distribute uniquely encrypted files.
