Internet of Things (IoT) is an umbrella terms for a vast and complex technology market of connected devices, cloud platforms and big data analytics and more. IoT is a major business enabler – allowing both the private and the public sectors to improve operational efficiency and expand in new directions with ease and agility. IoT technology spans across almost all verticals, creating new segments like Smart Homes, Wearables, Connected Cars, Smart Oil & Gas, Smart Cities and Connected Healthcare.
So as business leaders and consumers alike are demanding and adopting these IoT offerings, security and risk management leaders are tasked with ensuring responsible use creating and deploying comprehensive IOT Security best practices into their IT infrastructure and corporate IOT policy frameworks.
A widely agreed upon set of IoT Security best practices for protecting devices connected to an IoT system include:
- Create unique credentials and crypto keys for all connected devices and keep those credentials cryptographically secure.
- Ensure mutual authentication of the network cloud management platform by the IoT device, and of the IoT device by the cloud management platform.
- Encrypt all traffic using industry-standard algorithms
- Secure device credentials and private keys from access by hackers. This is the foundation of end-to-end IoT security.
However, like all advice, these end-to-end best practices for securing IoT devices might be easier said than done.
The reality is that private key protection in IoT is complex and costly.
For each and every device, a unique crypto key must be generated which will be linked to a pre-registered security authority. That unique key must remain secret for the life of that device. The current method for secure storage of keys is to add dedicated security chips to the device. At large volume, this represents a number of challenges:
- Additional bill of material costs
- Layout modifications needed for electronic boards on existing devices
- Multiple designs to support variety of IoT device versions, makes and models
- Building a trusted HSM setup on-site at an overseas, occasionally non-trusted 3rd party manufacturer
So while adding dedicated security chips to IoT devices is a secure solution, it is also a challenging one. To overcome these challenges, many organizations are seeking software-based solutions to securing private keys in IoT devices, as well as software solutions for managing and storing the private keys securely in IoT devices. However, the majority of solutions, such as software obfuscation or white box cryptography, offer only limited protection against hackers.
For vendors looking for a strong key protection, management and storage solution for IoT devices but are unwilling to choose between strong security (usually only achieved via dedicated security chips) or flexibility and usability (via software) – the choice is Unbound Tech.
Unbound is the only lightweight software key protection solution that enables every IoT device to have an embedded root of trust, where private keys can be stored securely with a trust level comparable to dedicated secure hardware – creating a consistent level of security among all connected devices regardless of their underlying security posture.
Based on Unbound’s vHSM technology, the cryptographic key exists as two random shares, one located on the IoT device and the other located on a well-segregated central server. Key shares are never combined, and it is a mathematically guarantee that the key material will never available in the clear at any point in time.
Unbound allows either physical and remote provisioning and be rapidly deployed to all respective devices – providing excellent security with minimal operational hassle and at extremely short time to market.