Today’s IoT is all around us—from smart cities to industries, homes and more. It is an everyday reality and the number of connected devices is rising rapidly.
But the rapid increase of connected devices also may cause a weak spot: security. Connected devices are potential targets for those seeking unauthorized access to the network and to the device cloud, malicious control of the device or theft of IoT-collected data. As there are so many ways to potentially cause damage in the IoT, the connection of devices to each other and to clouds requires scalable and easy to use security solutions. For example, integrators of industrial systems need to strongly authenticate the origin of devices before allowing them to connect and interact with other components of an infrastructure, such as a factory automation system or a smart grid network.
The IoT device identity must be strong, meaning remain unique and tamper resistant; The software implementing its functionality must be integrity protected. Because there are so many ways to potentially damage in the IoT, connected devices need a comprehensive set of protections. Adding protection at the silicon level is one of the best ways to arm a device with necessary defenses. Here’s why:
1. Silicon is the heart of the device and therefore a strong foundation on which to build. The protection of
device identities in IoT requires specific hardware support in order to isolate them from the multiple software
layers. These layers keep changing during multiple software updates to prevent remote extraction or local leakage
independently from the device software, or counter un-authorized modifications by a compromised software. Keys used
to verify software executed on an IoT device must be securely provisioned onto the hardware and integrity-protected,
independently from the software it is supposed to verify and loaded at different stages of the device lifecycle, at
manufacturing or over-the-air in the field.
2. Silicon is trustworthy as it’s highly stable and resistant to change. The starting point for
this hierarchy of security, that is, the base that supports the layers of abstraction, is known as the root of
trust. The root of trust is something that is inherently trustworthy. The right root of trust creates a firm
foundation for security. While lines of code, data stored in memories, operating systems and user interfaces are
relatively easy to alter or damage, physically isolated programs and data in silicon or programs and data kept safe
in immutable silicon are highly stable and resistant to change.
3. Third party evaluations certify implementations for compliance with security claims.
Effective security solutions are the result of a strict development process with clearly defined design
rules, multiple iterations of careful review and full control over the many sub-components. Developing security
requires system-level thinking, so as to identify a more comprehensive risk profile and benefits from multi-layer
mitigation strategies and validation procedures to strengthen the defense. What’s more, as consumers and
service providers seek greater assurance that IoT products are adequately protected, it becomes increasingly
important to have third-party evaluations that certify implementations for compliance with security claims.
At NXP, we believe strong security doesn’t have to be hard to work with. We’re taking a fresh look at the IoT security and create new ways for developers. Our silicon-based security solutions are designed to provide a safe, self-contained environment for staging and executing the authentication tasks that are essential to safe operation in the IoT.
Our ‘Plug and Trust’ approach for the A71CH Secure Element has proven successful by simplifying the implementation of strong security mechanisms in today’s IoT devices. With NXP’s upcoming SE050 product family of ‘Plug and Trust’ devices, we offer enhanced CC EAL 6+ based security for unprecedented protection against the latest attack scenarios. This ready-to-use secure element for IoT devices provides a root of trust at the IC level and delivers real end-to-end security, from sensor to cloud, without the need to write security code. Additionally, the turnkey solution includes a complete product support package that simplifies design-in and reduces time to market.
To learn more about NXP’s innovative solutions for IoT security, visit our ‘Secure the Edge’ webpage. And don’t miss to join us at this week’s Embedded World (booth #4A-220) in Nuremberg to experience our latest security solutions to protect the IoT.
Philippe is the General Manager of IoT Security, Smart Mobility and Retail. He has been with NXP for more than 7 years, developing new markets for security and contactless products. Philippe has more than 20 years of experience in the semiconductor industry. Philippe holds a Master Degree in Science from the Institut Supérieur d'Electronique de Paris (ISEP) and a Master in Business Administration from Caen University.
