Protecting customers, company and brand through cryptography
By Dennis Clemente
How do you protect your customers, company and brand? At the IoT Central meetup on security at General Assembly last March 12, Atmel’s Dan Ujvari put it this way: it’s all about the CIA. Well, not the intelligence agency but this: “confidentiality of messages, integrity of transmissions and authentication of messages.”
Atmel is developing what could be the Security of Things: innovative technologies that fuel machine-to-machine (M2M) communication and the “industrial Internet.” It’s not new to the tech world but it is trying to address the new demand for Internet of Things.
Founded in 1984, Atmel designs and manufactures microcontrollers, capacitive touch solutions, advanced logic, mixed-signal, nonvolatile memory and radio frequency (RF) components. Atmel provides the electronics industry with system solutions focused on industrial, consumer, security, communications, computing and automotive markets.
Ujvari said three things that crypto-authentication and crypto-communication should be able to address: confidentiality, integrity and authentication.
Ujvari said it should “ensure one can read the message except the intended receiver” (confidentiality), assure the received message was not altered in any way (integrity) and “it should prove something what it is declared to be (authentication).”
Why do we need crypto-authentication? You will want to prove components and disposables are genuine; ensure clearance level and control delivered services.
With a “shared security key,” Atmel sees how it can do the following:
• Assure code is genuine before booting
• Downloads are from genuine source and unmodified
• Secure your messages today and tomorrow with its “perfect-forward” security
• Protection from cloners
In terms of ecosystem control, Atmel claims it can prove components and disposables are genuine, while also ensuring client clearance- and access- level and control delivered services.
Crypto-authentication is clearly needed when a study by HP points to 70 percent of IoT devices being vulnerable to attacks. It was also found in another report that here are security flaws in embeddable systems, even in simple USB firmware.
Put it simply, Ujvari said your device is going to be in the hand of somebody else. “They can easily replace parts (to assess it),” he said.
With its shared secret key (a combo of private and public keys), he said digital signatures and certificates will create a circle of trust.
Barton LLC also provided a legal perspective on IoT Security.