Firmware Architecture

Five Considerations for Developing Secure Devices in the IoT

07.11.14 | Autor / Redakteur: David Kleidermacher * / Franz Graser

Target store in West Hollywood, California: In late 2013, the retail chain became a victim to the biggest retail hack in the history of the United States to date. Malware was installed in the security and payments systems. 40 million credit card data were stolen in the process.
Target store in West Hollywood, California: In late 2013, the retail chain became a victim to the biggest retail hack in the history of the United States to date. Malware was installed in the security and payments systems. 40 million credit card data were stolen in the process. (Image: Wikimedia Commons/CC BY-SA 3.0)

There are several challenges for developers who want to build solutions for the Internet of Things (IoT). It is vital to take a few key considerations into account in order to build systems that are safe and secure.

The vast potential of the Internet of Things is threatened by several imposing challenges, and Thing developers bear the burden of meeting many of them:

1. How can designers properly care for the privacy, safety, and security of the information and functions entrusted to their Things?

2. How can a new breed of Thing developers, many with little or no professional embedded software experience, build reliable, efficient, and secure products?

3. How can even the most experienced embedded developers navigate the technical and business maze involved in integrating their Things into the Cloud?

While the challenges are daunting, Thing developers that navigate them successfully will be handsomely rewarded.

Ergänzendes zum Thema
 
Making the IoT safe and secure
 
Secure software engineering with PHASE

1. Adopt a Zero-Trust Data Privacy Strategy

One of the fallacies in IoT security is that solutions providers can focus their investment on fortifying the cloud data center and essentially ignore the security of the Things on the edge. This is dangerous thinking in the cloud era, and is downright folly in the IoT era. Attackers search for the weakest link, and if Things remain weakly protected, they will be targeted. Once a Thing is commandeered, attackers can use the Thing to gain access to the crown jewels in the data centers.

Another aspect of the fallacy is that there is not much worth protecting out on the edge. Things generate a hoard of valuable and private information – about our health, social activities, our location, etc., and present an incredibly valuable target for hackers.

As the IoT grows in complexity, it is not practical for developers to know or control how data will flow across the web and whether the various systems along the way will be worthy of our trust. As a consequence, Thing developers and their customers must adopt a zero-trust strategy, which divorces data protection responsibilities from devices, communications protocols, and cloud services. IoT data privacy is like the content protection problem for digital media.

Data owners must have the tools that are required to create flexible policies for authorized sharing, distribution, and access control of data, regardless of how it transits the web. For example, a wearable health care device may encrypt information generated locally with a key that is controlled by the device owner and shared out-of-band only with health-care providers that have a need-to-know.

Inhalt des Artikels:

Dieser Beitrag ist urheberrechtlich geschützt. Sie wollen ihn für Ihre Zwecke verwenden? Infos finden Sie unter www.mycontentfactory.de (ID: 43016160 / English)

Info-Dienste für Elektronik-Professionals

Immer aktuell informiert: der EP Tagesspiegel mit aktuellen Branchen-Nachrichten der letzten 24 Stunden oder die wöchentlichen themenspezifischen Newsletter "Fachwissen für Elektronikprofis"  von elektronikpraxis.de. Jetzt kostenlos abonnieren!

Heftarchiv

ELEKTRONIKPRAXIS 12/2016

ELEKTRONIKPRAXIS 12/2016

FPGA-basierte Systeme zeitgemäß entwickeln

Weitere Themen:

Embedded-Software-Strategie
String-PV-Anlagen sicher abschalten

zum ePaper

zum Heftarchiv

ELEKTRONIKPRAXIS 11/2016

ELEKTRONIKPRAXIS 11/2016

Gerätesteckverbinder für das THR- und SMT-Löten

Weitere Themen:

Stabilisierung des Traktionsnetzes
Hall-Sensoren im Automobilbau

zum ePaper

zum Heftarchiv

ELEKTRONIKPRAXIS 10/2016

ELEKTRONIKPRAXIS 10/2016

Tausch von Ladespulen für das drahtlose Laden

Weitere Themen:

Röntgen erhöht Prozesssicherheit
Leistungsintegrität in PCB-Designs

zum ePaper

zum Heftarchiv