End-to-End IoT Security for your Solution
by Exosite, on August 24, 2016
When thoroughly developed and implemented properly, an IoT solution allows companies to optimize new revenue streams and increase efficiency. Crafting an effective and appropriate IoT security strategy is one of the most important things an OEM must do. In addition to using the standard IoT platform security features identified in the previous blog segment of our Security in IoT Systems white paper, there are additional security aspects that should be considered:
SECURE KEY STORAGE
Exosite CIKs are used to identify devices within the Exosite cloud. Because of the way Exosite has designed its security instruments, if a device CIK is compromised, an attacker would only have access to that one device and not to other devices in the system. It is highly recommended that these CIKs be stored in a secure EEPROM or flash memory that ensures an attacker can- not gain access.
Sensor data, customer private data, or anything else that is deemed to be private or secure data should be stored in a secure area of flash/memory.
For some applications, it is important to be able to identify when a user begins tampering with a system and disable the device or securely remove the security keys. Some microcontrollers/microprocessors on the market provide tamper protection, but not all IoT applications require it.
SECURE RF COMMUNICATIONS
IoT solutions often include short-range RF communications (e.g., Wi-Fi, Bluetooth, 802.15.4, or sub-GHz communications). Care should be taken to understand the security implications in this environment. What could a hacker sniff? What would the implications be if a security incident occurred?
Exosite recommends a comprehensive security review from a reputable third-party security firm as part of any serious IoT deployment.
For a full description of Exosite's security offerings, download the full white paper below or CONTACT us directly to ensure your IoT security today.