The creator and industry pioneer of machine identity management, Venafi, declared that VMware has integrated its Tanzu Service Mesh with Venafi’s machine identity control plane. With the Venafi integration, Tanzu customers can implement bilateral Transport Layer Security (mTLS) across Kubernetes clusters by integrating their Service Mesh with a trustworthy certificate authority (CA) of their choice.
In terms of machine identity management, Venafi is the market leader in cybersecurity. Venafi products manage and safeguard identities for all sorts of machines from the ground up, including IoT and physical devices as well as software programs, APIs, and containers. For all machine identity types, as well as the security and dependability issues related to them, Venafi offers global visibility, lifecycle automation, and actionable intelligence. Using Kubernetes and OpenShift, Jetstack, a Venafi company, provides enterprises with cloud-native solutions and strategic advice.
“It’s exciting to see VMware simplify customers’ cloud native journey, while still ensuring enterprise-grade security,” comments Kevin Bocek, VP of Security Strategy and Threat Intelligence at Venafi. “Other service mesh – such as Istio – only support self-signedmachine identities out-of-the-box, which fall outside of companies’ existing machine identity management infrastructure and trust chains. It’s great to see VMWare is addressing this security gap by tapping into the control plane for machine identity management in a frictionless way and security-team approved,” he adds.
Through sophisticated security and end-to-end connectivity, VMware Tanzu Service Mesh offers security and connection for application domains across cloud-native Kubernetes systems, allowing conformity with data protection and privacy laws and Service Level Objectives (SLOs). It accomplishes this by assisting in the regulation of east-west traffic across application workloads, APIs, and data as well as north-south traffic from clients at the application edge via mesh egress and ingress. By enabling businesses to automate the administration of the machine identity lifecycles as a part of their preexisting CA trust chains, the Venafi integration improves the Tanzu Service Mesh. By doing so, compliance in regulated businesses is ensured while observability and control are increased.
Customers can:
automate the creation and restoration of machine identities using Venafi’s control plane, which enables developers to work quickly and securely.
Instead of depending on self-signed mTLS identities, users can create identities from more than 40 trusted certificate authorities (CAs) that are compatible with their organization’s trust chain.
Gain unrivaled control over machine identity management with unrestricted observability, consistency, reliability, and flexibility of choice, ensuring legal compliance.
With enterprise control over digital innovation, California-based company VMware is a top provider of multi-cloud solutions for all apps. VMware software provides businesses with the adaptability and options they need to create the future as a dependable basis to accelerate innovation.
Vice president and chief technology officer at VMware, Pere Monclus says, “We are thrilled about the integration with Venafi, enabling our customers to use Tanzu Service Mesh in their own enterprise CA trust chain and use their own registry system.”
MediaTek is a leading fabless semiconductor company, it provides tightly integrated, power-efficient systems-on-chip (SoC) for mobile devices, home entertainment, network and connectivity, automated driving, and IoT. MediaTek announced the latest chipset in the Genio platform for IoT devices, the octa-core Genio 700 is specially designed for smart home, smart retail, and industrial IoT products.
Richard Lu, Vice President of MediaTek IoT Business Unit stated, “When we launched the Genio family of IoT products last year, we designed the platform with the scalability and development support that brands need, paving the way for opportunities to continue expanding. With a focus on industrial and smart home products, the Genio 700 is a perfect natural addition to the lineup to ensure we can provide the widest range of support possible to our customers.”
The MediaTek Genio 700 is an N6 (6nm) IoT chipset with a 4.0 TOPs AI accelerator, two 2.2GHz ARM A78 cores, and six 2.0GHz ARM A55 cores. Its main concern is power effectiveness. It supports FHD60+4K60 displays and has an ISP for better images.
Designers can alter products using Yocto Linux, Ubuntu, and Android thanks to the Genio 700 SDK. Regardless of the type of application, customers can easily and quickly develop their own products with this support.
Numerous features of the MediaTek Genio 700 include support for fast interfaces like PCIe 2.0, USB 3.2 Gen1, and MIPI-CSI for cameras. FHD60+4K60 dual displays with AV1, VP9, H.265 and H.264 (video decode) support. Support for a wide temperature range and a 10-year lifespan. ARM SystemReady certification for offering a standardized and simple platform integration method. certification from ARM PSA for greater security.
MediaTek is a market leader in several key technology areas, including highly power-efficient mobile technologies, automotive solutions, and a wide range of advanced multimedia products such as smartphones, Chromebooks, smart TVs, Voice Assistant Devices (VAD), smart home connectivity, and AIoT. In Q2 2023, the Genio 700 will be made commercially available.
InsurTech and IoT companies Pepper and Notion have teamed up to develop an IoT and smart home platform company that will provide insurance carriers with specialized and interconnected services.
Pepper provides businesses with the tools they need to create, distribute, and monetize secure connected products and services for customers using long-term business models. Notion is a do-it-yourself smart property monitoring sensor system and software that enables home and small company owners to prevent costly property problems by keeping track of them in advance and taking preventative measures. The previous owner of Notion, Comcast, has invested in the Pepper/Notion partnership.
Scott Ford, CEO of Pepper, said, “We believe connected insurance tech is the next frontier of innovation in consumer IoT. Combining Notion’s leading smart property monitoring sensor system with Pepper’s full-featured platform and service offerings will provide insurance carriers a customized suite of connected solutions through a seamless white-label approach. This acquisition will allow us to leverage Notion’s leadership as an InsurTech solution supplier while expanding the offering to include popular smart home and security services.”
Insurers can save money on insurance by proactively monitoring for water leaks, fires, carbon monoxide, mildew, open doors and windows, severe temperature fluctuations, and other events by combining next-generation IoT and smart home technologies, while homeowners, property owners, and small business owners can save up to 20% on insurance.
Thomas Fad, vice president and general manager of Notion, said, “Partnering with a trusted, next-generation consumer IoT platform like Pepper aligns perfectly with Notion’s mission to deliver innovative, smart insurance and home security offerings. By joining Pepper, we will be able to further accelerate in a high-growth market and expand into new product offerings, all while continuing to deliver the best in InsurTech for our customers.”
Through its consumer IoT platform, Pepper-powered products will give carriers and customers access to real-time, actionable data. The carrier and its clients will have ownership and control over the data produced by these programs. The union of Pepper and Notion will enable the selling of additional insurance products and provide alluring recurring revenue streams, in addition to enhancing critical carrier business KPIs like underwriting and claims reduction.
The growing deployment of connected health devices is speeding up cyberattacks, according to Capterras medical IoT survey of health IT professionals. The IoT device relays data about patients to a software app, where healthcare providers and patients can view it. A significant challenge for remote patient monitoring is to ensure that the highly private data these IoT devices gather is safe.
Also, the Cynerio and Ponemon Institute reviewed the ongoing effects of cyberattacks against healthcare facilities and Internet-connected IoT devices and medical devices, finding several troubling trends. Patients who wear an IoT device for collecting health data may contain questions about who has access to the data and how it’s used.
IoMT (Internet of Medical Things) has numerous weaknesses, yet it is possible to protect healthcare equipment from attacks without compromising patient confidentiality. A new study conducted by Medigate and CrowdStrike has highlighted the degree to which healthcare Internet of Things (IoT) devices are being targeted by threat actors and warned of a concerning state of IoT security within the healthcare sector.
The survey additionally found that 67% of attention to IT cyberattacks affect patient information and 48% affect patient care, suggesting that the growing industry’s security risks are having serious implications for patient privacy and outcomes. The Medical web of Things (IoT) helps build healthcare additional affordable, effective, and patient-centric.
However, connected devices that contain IoT sensors (e.g. glucose monitors, insulin pumps, defibrillators) typically have unsecured security vulnerabilities, which can put healthcare facilities or patients at risk. Healthcare practices connect over 70% of devices and are 24% more likely to be attacked by cyberattacks than alternative practices with 50% or fewer connected devices. Zach Capers, a senior security analyst for Capterra, commented: “As a healthcare organization adds more medical devices to their network, their attack surface increases.” Connected medical devices are typically not monitored for security vulnerabilities, and since they operate across a broad range of software and hardware platforms, they are hard to monitor using just one tool. This means many connected devices to medical equipment are left wide open to cyberattacks. Alarmingly, 57% did not always change their default usernames and passwords for every newly connected medical device they used. In addition, 82% are running connected medical devices on older Windows systems.
Organizations should patch devices or update the firmware as soon as security vulnerabilities are discovered. Unfortunately, 68% of healthcare organizations are not frequently updating their connected devices when patches are available. However, vulnerabilities and associated patches aren’t always well-publicized, implying that healthcare IoT device security personnel in the IT sector must be kept up to date on new security threats.
Healthcare facilities will advance in the coming years as IoMT technologies will improve, providing better patient outcomes, richer visitor experiences, and improved working conditions for professionals. Medical IoT security requires active, continuous monitoring. Healthcare facilities must perform regular vulnerability assessments before connecting medical devices to the IT network. They should also maintain up-to-date, accurate inventories of all connected devices associated with software and firmware and employ software to monitor those devices.
AEI is a B2B engineering solutions and services provider in the area of industrial IoT and automation. We consult, train, create/integrate & maintain digitization solutions for OEMs, silicon vendors, MES/ERP providers, smart factories, etc. A number of our off-the-shelf solutions target
Considering our solutions help bridge the OT and IT systems in an enterprise, we have to take into account the cyber security vulnerabilities of a traditional apparatus typical of any industry; and build a designed approach to bridge the security gaps along with the information gap; so as to speak, greater proliferation of digitization across the industries will always go hand in hand or drive demand for greater addressal of the cyber security facets.
Chidrupaya has over ten years of experience in responsible product and solution design, life-cycle management, and engineering consulting in IoT, automation, Industrial networking, smart sensor networks, low-power devices, mission – critical systems, industrial safety, and security systems. He has provided engineering consultation, technology training, and product design to clients in India, the EU, and the United States in the fields of silicon manufacturing, OEMs, and IT solution providers.
Why Now?
Now, this realization isn’t something that has become apparent only in the last few years; rather security considerations have always been part of any design decision, although the importance of it has varied across different industries, due to their inherent nature. For example, imagine a vertical manufacturing management system or any IoT platform you are familiar with. Typically, the edge nodes (or field-devices) directly interacting with the environment via sensors/actuators, are connected to computer platforms (or gateways, brokers) which then connect to the IT platforms, to exchange information. Depending on the type of industry, only a part of this entire network is exposed to the outside world e.g., via public infrastructure and wireless networks; and while designing such systems, more common than not, only these exposed components were taken into consideration for security development lifecycle practices. Although a potential security loophole can be exploited at any point of a networked system, due to the inherent disintegrated nature, most deployments get away without a penalty for this oversight.
That has changed in today’s scenario, especially with the aggressive digitization of any and all industries, driving in deeper with each passing year. This has increased the demand for more and more closely connected components which allow granular access to process-level information across all deployment geographies and which provide flexibility in configuration and integration for a highly scalable system; as well as methods to aggregate, digest, and represent this data in the IT platform. This has increased the likelihood or probability of any single component in the entire system, being vulnerable to security threats.
Now you may think, “is it going to affect me”? Well, that depends on which industry is under consideration, and finally, you would have to decide that for yourself. But it is more likely that the current digitization revolution (or industry 4.0) is going to affect (positively in my opinion) eventually every part of this huge machinery and it is an examination of not if but when. So, the real question we are posed with is whether we want to be ahead of the curve, in this evolution. There is no doubt that, there has been a fundamental shift in our perception of how we visualize, and access information as users, managers, and administrators, and it is only going to evolve further; it would be akin to swimming against the tide to hold back.
So how to get started?
First, we need to recognize that the days of fractured integrations and disparate components are brief; it is going to be a world of highly integrated accessible machines that will bring in its own sets of advantages and drawbacks. Future (if it can be called that any longer) systems are going to make information access seamless, reliable, and platforms dynamic/scalable; at the same time adding to the complexity and overhead of configuration and security. Adapting to this change is going to be a challenging task, although it may be more so for some geographies than others. An encouraging factor in all this is that there has been already a large amount of collective effort, to bridge this gap and help every sector of the ecosystem adapt as smoothly as possible; this is in terms of, but not limited to, standardization of information exchange format, protocols, configuration, security & encryption, hardware support, etc. There has been an ongoing effort to make these available to the community, via Open-source or easily accessible third-party options. But more importantly, to get started there has to be an adaptation in how we approach design decisions.
Now, as we progress on this digitization journey, there is going to be a need to address a number of design facets including the aforementioned communication, information representation, compliance, and security; and all of these would play critical roles in how well suited the design would be for future market demands. While usability obligation is going to be the primary driving factor, for this article, we will anchor our conversation on the security aspects of OT and OT-IT intermediates.
Standardization and compliance
In the digitization evolution, there is going to be less and less space, if not none, for fractured components inside a connected system. The future of infrastructure is based on information consistency, device congruency, indefinite scalability, and flexibility. Standardization is unavoidable in achieving interoperability, and in addition, modern standards inherently address the security aspects of such a scalable system, at each layer. So, it is imperative that the first step towards the design goes through the choice of the right standard, not just in terms of product architecture design but also in the development practices as well.
Data Security
The first and foremost of the challenges would be to ensure data security and not just the data over the air but also the data at rest, on any component. This would involve choosing the right encryption (e.g., SSL/TLS), with authorized access-control systems in place, via reliable third-party validation. Using any mode of name-sake encryption or validation will expose the vulnerable points in the network, and it is especially true for gateway devices and low-footprint IoT nodes which typically do not include the necessary hardware support for higher-level security. It is critical to choose a standard and hardware which will provide this support.
Identification
The next step is to ensure identification authentication for each component or device in the network. In an ever-dynamic, scalable system, it is critical to ensure that each component’s identity is authenticated and verified before and during the operational life cycle i.e., configuration and data exchange. This may involve issuing unique digital certificates or SKS key-pair. This is vital for edge nodes (or field devices) and gateways (or data brokers) in both client-server and talker-listener arrangements. This would need careful assessment of the associated hardware support and performance penalties.
Legacy support
While designing the system, it is a practical consideration to address the integration and how to support legacy systems and components. Now, to the possible extent supported by their hardware, the legacy devices should be updated to the latest standards. But wherever required, there would be a need to create bridges between legacy and current systems where the gateways handle the interoperability and security aspect of the brown-field components and ensure compliance; in these scenarios, accessibility and scalability would need to be sacrificed in favour of security.
The following are two examples describing each of these cases. OPC UA is one of the industry standards which provides a framework for consistent information exchange between IT, and OT systems, from field devices to compute nodes and ERPs; and avoids information fragmentation between multiple vendor systems running on existing protocols such as Profinet, EtherCAT, Ethernet POWERLINK, etc. There are multiple compliant third-party and Open-source OPC UA stacks available for system designers. From its original form to the current, these have progressively included security provisions to address the afore-mentioned aspects in a real-world system. So, in deployments, over the years we have had to update and adapt its integration strategy, starting from early adopters to the early majority.
Example-I, for a smart factory early adopter, we had to create an IT-OT bridge from the factory to the ERP system, where the OT system included legacy components as well as we had to deploy newer infrastructure to the recently commissioned machinery. Our solution was to create a real-time live data aggregator gateway service on secure hardware, which acted as a data broker between the legacy OT components and the IT platform over SSL, without exposing any of the legacy OT components to public network (i.e., sacrificing accessibility in favour of security); at the same time latest OT components adherent to the security standards, were made accessible directly from the IT system, via the same gateway service. The gateway hardware itself supported the current-gen security which acted as a firewall between the public network and the legacy OT hardware components without compromising compliance with standards.
Example-II, Early adopters of remote maintenance software providers typically used MQTT brokers to access field networks and device information that had OPC UA servers. When there were no ready-to-use secure OPC UA talker-listener components, our gateway service allowed the MQTT brokers to collect data from OPC UA servers, via client-server service over SSL; which then published it to other MQTT nodes. The start-up, configuration, key exchange, and information exchange, have to be secured while adding a marginal performance penalty.
And as systems and software evolved, so did the integration approach. In time, Open-source OPC UA stack S2OPC, which targets addressing safety and security compliance over OPC UA, provided secure talker-listener components which could now be deployed to achieve better performance balance.
Ensuring availability
Apart from data security, there is also a need to ensure that the system and its components are always available, especially for mission-critical systems. A common form of security challenge would be the denial of service (or DOS) attacks and the system has to include preventive mechanisms to ensure that critical components are always accessible and able to share information/data. This will also include preventing identity theft of any of the components by an outside attacker who can potentially manipulate the traffic volume without needing access to encryption, as well as immediately identifying and isolating originating sources of such attacks.
Continuous Improvement
The design approach to building components also needs to include a continuous improvement of the components, in the design, production, or deployment stage; for the definition and requirements of the system, security is continuously evolving. As we see more and more digitization, there will be increased instances of cyber-attacks; and as the majority of the future battles are expected to be in cyberspace, it will give rise to consistently playing catch-up to the rapidly evolving demands. It would be a good design strategy to plan the development in increments, from a business standpoint as well as considering the evolving scenarios, such that continuous upgrades and patches are rolled out to each layer of the system, to remain protected. This will include firmware authentication for over-the-air updates, especially on edge nodes, to prevent any malicious updates from third-party.
With these general guidelines in mind, there also has to be a realization and subsequent acceptance, to underscore security facets as one of the primary aspects of product and system design. With progress, the number and dimensions of the challenges will go up and the designers have to level up to play the probabilities game. The probabilities of risk will play differently across the ecosystem depending on the industry type (e.g., there will be higher challenges for the telecom sector than the manufacturing sector) and their criticality to the economic function (e.g., power distribution system), and on the vulnerability of different economies, but as digitization drives to unify the automation backbone across the globe, so will it do for the security threats irrespective of geography.
T-Mobile US announced the release of an IoT developer kit to jump-start innovation on its wireless network, claiming that the action removes administrative barriers to connectivity and relevant experts. The kit is available through a self-service developer platform that was launched in March and provides access to a variety of certified equipment.
Rob Roy, T-Mobile’s senior vice president of Emerging Products, said, “T-Mobile is opening doors for innovators of all kinds, making building for wireless simple and easy…the way it should be. As an Un-carrier, we empower developers, no matter their size or stage of the development process they’re in, to create innovative connected solutions. Our IoT Developer Group, a fully functional group that seamlessly connects to our leading network, is our next big step in driving This innovation forward.
The IoT starter kit from T-Mobile costs $99. It has a CAT-M IoT SIM with 500MB of data storage and data rates up to 375Kb/s, an SDK for integrating with cloud services, embedded sensors, and radios, programming debugging tools, and access to open APIs. By encouraging the creation of pertinent goods and services, T-DevEdge Mobile’s platform seeks to pique interest in topics other than just 5G’s faster data rates.
Phosphorus partnered with Dewpoint to provide value-added reseller (VAR) services for Phosphorus in the US. Dewpoint, an IT, and security solutions provider will jointly deliver a new generation of xIoT security solutions in the US to meet growing enterprise demand for xIoT attack surface management and remediation capabilities.
Kal Gajera, Director of North America Channels at Phosphorus commented, “xIoT security is a critical need for today’s enterprises, and these risks are left unaddressed by traditional IT security solutions. We look forward to working with Dewpoint to help expand our US sales channels and bring the world’s most advanced xIoT security platform to more organizations.”
The Extended Enterprise xIoT Security Platform from Phosphorus is an automated security platform that can provide xIoT Attack Surface Management, xIoT Hardening, and Remediation, and xIoT Detection and Response for the entire range of IoT, OT, and Network-connected devices, including both new and legacy devices.
This enables big businesses to scale xIoT technologies (which can result in millions of devices per organization) without having to hire more staff to locate, maintain, and keep an eye on them.
Phosphorus Cybersecurity® is xTended Security of ThingsTM platform created to protect the rapidly expanding and frequently unmonitored Things throughout the enterprise xIoT landscape. Its extended enterprise xIoT Security Platform offers attack surface management, hardening & remediation, and detection & response to extend enterprise xIoT security to all cyber-physical things in your enterprise environment. Phosphorus automates the remediation of the largest IoT, OT, and network device vulnerabilities, including unknown and inaccurate asset inventories, outdated firmware, default credentials, risky configurations, and out-of-date certificates.
Phosphorus announced a collaboration with EverSec Group to expand IoT attack surface management. In order to fulfill the growing enterprise need for xIoT attack surface management and remediation capabilities, the two companies will jointly deploy a new generation of xIoT security solutions in the United States under the new alliance.
“This exciting collaboration with a proven solution provider will allow us to expand our footprint and deliver cutting-edge xIoT security to more companies across the U.S.,” said Obbe Knoop, Chief Revenue Officer of Phosphorus. “EverSec’s proven expertise in the emerging security landscape is of great value to us as we gear up for record growth this year.”
The world’s first and only automated security platform, Phosphorus’ Extended Enterprise xIoT Security Platform offers xIoT Attack Surface Management, xIoT Hardening and Remediation, and xIoT Detection and Response to the full spectrum of IoT, OT, and Network-connected devices, including both new and legacy devices. This makes it possible for big businesses to scale xIoT technologies—often millions of devices per business—without needing to hire more staff to safeguard them.
About Phosphorus and EverSec Group!
Phosphorus Cybersecurity, the foremost xTended Security of ThingsTM platform was created to secure the constantly expanding and frequently unmonitored Things across the enterprise xIoT environment. In order to provide enterprise xIoT security to every cyber-physical Thing in the company environment, the Extended Enterprise xIoT Security Platform offers Attack Surface Management, Hardening & Remediation, and Detection & Response.
Around 200 clients wherein most of them are the biggest brand names in the world, rely on EverSec Group as their trusted security expert. To secure the security of its targeted environments, EverSec assists the Network/Infrastructure Security, Cyber, IR, InfoSec, and Security Operations Center teams across those customers.
In an Internet of Things (IoT) ecosystem, multiple devices can be connected to the internet and each other to process data and send it over a network. But no one can discuss the IoT without considering how to keep it safe and secure. This is where the idea of IoT security comes in. IoT security is the practice of ensuring that IoT devices and connections are secure. Organizations can do this in several ways, such as keeping software up to date, using good password practice, or buying vulnerability management tools.
In this blog, we will talk in-depth about IoT security, its meaning, the challenges, and what tools can be used to protect it.
IoT security challenges
Organizations are finding it more challenging to keep devices secure as the number of connected devices grows. IoT devices are enticing targets for fraudsters because they are fraught with vulnerabilities and offer an attack surface ripe for security breaches. When managing, monitoring, and safeguarding the connected IoT settings, no matter how established an organization’s IoT network is, all confront the same difficulties.
Cyberthreats have become a significant issue for IoT systems; the need for IoT security is imminent. We have already discussed concerns about IoT security in our last blog, “Major concerns of IoT security.” IoT threats can have both virtual and physical impacts, especially in the industrial internet of things (IIoT) field, where previous cyberattacks have already demonstrated cascading effects on both devices and the stored data.
Standardization
The IoT market is rapidly expanding, and while the majority of IoT solution providers are building all components of the stack, there is a lack of consistency and standards across the services used by various IoT solutions.
Retrofitted legacy devices
Many Organizations rely on legacy equipment to function properly. Nonetheless, with rapid advances in automated and connected technologies, managing both new and old equipment simultaneously can be challenging.
Legacy devices that do not connect to the internet have little or no security. As a result, even if the additional sensors provide some level of security, the device opens new avenues for malicious parties to infiltrate the sensor.
Unauthorized firmware
Unsigned firmware on peripheral devices can expose IoT systems to attacks, allowing hackers to install stealthy and persistent malware, steal valuable data, or take control of a computer.
Devices with unsigned firmware are an easy target for malicious actors to install their firmware on and abuse it for various purposes.
Hardcoded passwords
Hardcoded passwords are risky because they are easy targets for password guessing exploits, which allow hackers and malware to hijack firmware, devices, systems, and software. The same hardcoded password, or a subset, is frequently used across all applications or devices. As a result, if a hacker knows the default password, they may be able to access all similar devices or application instances.
Unprotected and shared keys
Many IoT devices employ symmetric encryption, which employs a single key to encrypt and decrypt data. Data encryption adds an extra security layer over hardcoded or defaults passwords, but sharing and storing the encryption key introduces risk. Because a malicious party can use the key to encrypt and decrypt data, access the entire system, and share data if it intercepts it.
Weak cryptography
Encryption provides impenetrable security, but only when done correctly. The encryption strength is determined by the algorithm used to generate the public/private keys. To generate encryption keys, many IoT devices use weak algorithms that do not adhere to these standards. When this happens, it’s easier for malicious parties to determine the private key, allowing them to compromise the device.
Need of security standards
The advanced IoT devices have made their way into all industries, making it more convenient and efficient while also increasing the amount of data that is shared.
If IoT devices aren’t correctly secured, consumers, businesses, and government entities can all be at risk from cyberattacks. The manufacturer must ensure that the products they sell are as secure as possible at the point of sale. However, the importance of security measures varies naturally among businesses.
Until minimum IoT security standards and a code of practice for consumer IoT security are established and regularly updated to reflect emerging threats, we cannot assume that every IoT device is secure.
IoT devices worldwide will remain vulnerable to security breaches without industry-wide security standards and best practices.
IoT systems face numerous challenges, but these obstacles can only be overcome with a consistent and committed approach to IoT security at all process stages. Organizations must prioritize the creation of trusted device identity, data confidentiality, and the integrity of the data and firmware running on each device. These goals require critical security components such as authentication, encryption, and code signing.
Unique credentials for each device
Sending secure data is a critical function of any IoT device. To be effective, users and manufacturers should trust that the data they receive is genuine and intended for them. The best way to accomplish this goal is to provide each IoT device with unique credentials in the form of digital certificates.
Giving each device a unique digital certificate improves authentication and provides significantly more security than the current practice of using default passwords or even shared keys for symmetric encryption. This is due to the high risk of password compromise and symmetric encryption keys while providing more protection than default passwords.
Code signing to validate firmware and software updates
Hackers can easily push malicious software updates to connected devices; manufacturers can mitigate the risk by requiring devices to validate the authenticity of new firmware or software before installing it.
Development teams can sign their code with a digital signature, which can be accomplished using a public/private key pair. Each connected device would need a public key corresponding to a private key held by the manufacturer’s development team. If the developers “sign” their code with the private key, any device with the public key can confirm that the update was sent from the manufacturer and that it was not modified in transit.
Organization-specific Root of Trust (RoT) map
The root of Trust (RoT) contains encryption keys and aids initial identity validation when new keys or digital certificates are issued. By implementing an organization-specific RoT, manufacturers can gain complete control over identity validation for any device or person to issue an encryption key. Instead of using a shared root and trusting third party’s trust model and operations, keeping the RoT organization-specific allows manufacturers to set their standards for identity verification to create a robust chain of trust.
Monitor and Maintain
All these initiatives necessitate ongoing lifecycle management; any static system is inherently insecure. Without proper lifecycle management, the digital certificates, key pairs, and RoT will deteriorate over time. Organizations need to map everything in use to keep an accurate inventory of what is created and required. They should monitor all certificates, keys, and the RoT to identify potential threats and to ensure quick adjustments. They should regularly maintain the security’s health by regularly updating certificates, keys, and the RoT and revoking any certificates and keys when the relevant devices are no longer in use.
The security concerns provided by IoT hardware and software must be addressed by businesses to reap the benefits of IoT devices. They must also try to safeguard their devices, networks, and data.
These processes involve appropriate discovery and classification of all IoT devices on a network, continuous tracking of device behavior, risk assessment, and segmentation of susceptible and mission-critical devices from other IoT components.
MediaTek recently join hands with Intel to make chips utilizing Intel Foundry Services’ (IFS) process technologies. The partnership is intended to assist MediaTek in building a supply chain by adding a new foundry partner with capacity in the US and Europe.
Randhir Thakur, President, IFS, stated, “As one of the world’s leading fabless chip designers powering more than 2 billion devices a year, MediaTek is a terrific partner for IFS as we enter our next phase of growth. We have the right combination of advanced process technology and geographically diverse capacity to help MediaTek deliver the next billion connected devices across a range of applications.”
MediaTek utilizes Intel process technologies to build numerous chips that can be used in a variety of smart edge devices. IFS provides a manufacturing platform based on technologies that are optimised for high performance, low power, and always-on connectivity and that are built on a roadmap that extends from next-generation technological advancements to production-proven three-dimensional FinFET transistors.
To address the demand for semiconductor production capacity around the world, IFS established its roots in 2021. With a combination of process and packaging technology, an IP portfolio, and capacity in the US and Europe, IFS sets itself apart from other foundry solutions. The benefits of Intel’s plant expansions at current locations as well as its plans for additional investments in greenfield sites in Germany and Ohio will be felt by IFS customers.
NS Tsai, Corporate Senior Vice president of Platform Technology & Manufacturing Operations at MediaTek, commented, “MediaTek has long adopted a multi-sourcing strategy. We have an existing 5G data card business partnership with Intel, and now extend our relationship to manufacturing smart edge devices through Intel Foundry Services. With its commitment to major capacity expansions, IFS provides value to MediaTek as we seek to create a more diversified supply chain. We look forward to building a long-term partnership to serve the fast-growing demand for our products from customers across the globe.”