This article was published in the June 2015 issue of Maximum PC. For more trusted reviews and feature stories, subscribe here.
As the Internet of Things progresses, so must its security features
Now that the Internet of Things is spawning devices that share our workplaces, homes, vehicles, clothes, and bodies, the industry is mulling over security. Hmm, what if a cyber criminal intercepts the device? Or seizes control of it? Maybe we’d better do something about that!
Security, like ease of use, is often an afterthought. Making a secure product takes more time, requires more expertise, and costs more money. But if a breach is severe enough to clobber sales and force a company to take expensive remedial action, poor security can cost more money in the long run.
It’s bad enough when a phishing email plants a keylogger on your PC that grabs your banking password and raids your account. Or when a network intruder pwns a webcam or baby monitor and spies on your household. But what if someone hijacks your car’s cruise control or feeds false input to an implanted medical device?
Fortunately, the companies that make micro-controllers and IoT processors realize they’re the first line of defense. Their role is vital. No system can be truly secure without first securing the processor. Also, many IoT products are coming from start-up companies that typically lack the resources to build secure systems on their own.
Security may not be sexy, but your life could soon depend on it.
The two main threats are intercepted communications and system intrusions. Good authentication and cryptography can keep communications secure. Strong crypto usually requires hardware assistance, but a full-featured crypto engine inflates the chip’s cost and power consumption. That’s why CPU architectures are sprouting new instructions that can accelerate crypto software while adding only a little hardware.
System intrusions are a bigger threat. Injecting malicious code into an automobile or medical device could actually kill someone. And the compromised system needn’t be a critical controller. What if your dashboard GPS advises a wrong-way turn onto a busy one-way street? That’s why most processors include hardware that protects vital software. Some systems run two identical processors and constantly compare their outputs—an expensive safeguard that’s becoming cheaper.
Another important technology is secure boot, which ensures a system can restart from a known good image of the OS and firmware. This capability is vital for field upgrades that remotely install firmware patches. No matter how carefully a system is designed, hackers may eventually find a hole. Also, evolving security standards require updates. Secure boot enables a networked device to reliably install patches and reboot into a clean state.
Tamper proofing is another rising technology. Processors in mission-critical systems can detect when someone tampers with their enclosure, then take defensive measures. Sometimes those measures include silicon suicide, when the chip blows its own circuits to destroy secrets or foil a takeover. This may be too extreme for a consumer product, but maybe not for a smartcard that’s the key to your bank account.
Often the tech industry gets too much credit. Remember, this is the industry that’s taken almost 20 years to figure out a reversible USB connector is a good idea. But sometimes the white hats outsmart the black hats, at least for a while.
Tom Halfhill was formerly a senior editor for Byte magazine and is now an analyst for Microprocessor Report.
From maximumpc
from http://bit.ly/1IIBvyP
