Protecting the Internet of Things
Connect with anyone, anywhere, and anything, at any time? In 2016, this is basically a reality and is something both consumers and businesses need to be aware of and address. The Internet of Things (IoT), is a new-age, colloquial term used to describe the rapidly growing network of smart devices capable of connecting to the internet. Only 10 years ago, integrated internet capabilities were almost exclusively limited to cell phones and computers. Today, virtually anything can be digitally connected and both consumers and industry have embraced this ideal.
People like their gadgets. Whether it be a watch, a kitchen appliance, vending machines, vehicles, lightbulbs, or cameras—consumers and businesses alike are benefiting from the streamlined convenience that accompanies this type of data sharing, data management, and smart technology. The true challenge comes from implementing and establishing a company infrastructure that can protect your percentage of the 6.4 billion devices being used worldwide.* This risk can be mitigated before a product even hits the store shelves:
- Establish the validity of software and data within a smart device by using a Public Key Infrastructure. Before a device is deployed in the field, a manufacturer can inject encryption keys using a compliant and secure hardware security module (HSM). This establishes a framework for encryption and authentication that restricts access only to authorized individuals.
- Ask any software engineer, they are always hard at work, fixing software bugs, and protecting device security. Unfortunately, a wide majority of consumers do not make a concerted effort to actively update the software on their connected devices, making devices susceptible to hacks and malicious outside activity. Manufacturers can protect both their technology and their consumers with cryptographically secure, over-the-air software updates. A robust certificate authority, in conjunction with a PKI, verifies that the connection is from a trusted source. If an unauthorized connection is attempted, it will be rejected because it does not have the appropriate encryption keys to establish trust. Don’t let your engineer’s hard work go to waste!
- Hardware-based cryptographic solutions protect data regardless of the implementation by industry or consumers. Digital signatures protect the authenticity of intellectual property and help combat the sale of counterfeit devices. Car batteries, for example, can be digitally signed on the manufacturing floor. This signature cannot be replicated, protecting the brand from counterfeits and protecting consumers from inadvertently purchasing unsafe equipment.
- There are three methods of identifying a user: something users know, something users have, or something users are. A password or PIN code represents something you know, a smart card something you have, and a fingerprint something you are. Multifactor authentication, using a mixture of those methods mentioned above, adds a protective layer between malicious hackers and consumers’ sensitive data. None but the end user should have access to the data within the device.
The process and benefits of a public key infrastructure and mutual authentication apply to all Internet of Things devices. Being an industry expert in both public key infrastructures and mutual authentication, Futurex can be the experienced partner you need to help implement these technologies into your smart devices. To learn more about PKI, visit our Resource Library. To learn about how Futurex HSMs can secure IoT devices during production, visit our Manufacturing Solutions page. And as always, you can reach out directly to a Futurex Solutions Architect. We await your call.
*Statistics from Gartner, Inc.