Securing the Internet of Things is a phrase that is on everyone’s lips these days, but what exactly will it take? And why should device manufacturers care?
Here are some of the major concerns:
- Ensuring that only legitimate devices can enroll with your service, to prevent fraudulent or over-produced devices abusing your web services, generating false data, or ruining your reputation with your customers.
- Protecting the sensitive IP on the devices from theft by other parties in the production chain
- Securing the storage and transmission of data from trusted devices to trusted services.
- Enabling simple and secure enrollment to cloud services, without requiring expensive key provisioning in OEM factories.
Everyone knows that devices need security services to support various use cases, but it is often very hard to achieve. One of the main goals at Trustonic is to embed security at the silicon level, thereby making security simple to enable for device manufacturers. We aim to democratize security such that everyone can benefit from it without being security experts themselves.
Here is one option:
Imagine the life of an IoT device. Though the final device may be created by one OEM, it is common to use standard parts, or outsourced production, to make modules used in the final solution. The outsourcing is a great way of reducing costs, but it adds risk – theft of IP, overproduction of parts and other fraud. For example, a device may move from a MPU form a silicon provider (SiP) to a hardware module maker, to a second subcontractor who adds software or performs testing. Eventually, the module ends up with the OEM who packages it all up, adds a nice form-factor around it and ships the final product to the end user. In this example, there are four links in the chain, but there are often even more.
When the device eventually wishes to attest itself as genuine when enrolling with the OEM cloud (e.g. product registration for warranty benefits), how does the OEM or other interested party differentiate between a fully-genuine device, and one which travelled only part way along the chain before being diverted for fraudulent purposes.
To address the problem of proving whether devices are genuine or not, we’ve come up with a solution that we call Digital Holograms™. Think of credit cards and remember how they all have holograms on them which shine in nice colors when tilted – to show you that these are genuine and not counterfeit. Our digital holograms are similar, just in a digital representation.
Now, before the chip leaves the SiP we embed a Root of Trust and software to enable further steps to be securely recorded and replayed. For each additional notable step, a Digital Hologram can be added to attest that the device passed a particular milestone. So, by the time it reaches the OEM for final assembly, the device will contain a Root of Trust (RoT) and several Digital Holograms. These holograms are all linked together in a Blockchain, to prevent any tampering along the way.
So, when the device attempts to enroll to a service (in the example above; product registration), the RoT and chain of holograms are passed on to the cloud service which can then call a Trustonic service to validate that the message came from a device enabled with our technology, and to enable Trustonic to report on the device’s lifecycle so far. We know the origin and meaning of each hologram so can provide a digital trace on the device’s manufacture. Much like their real-world analog, our holograms are hard to clone, and impossible to remove without destroying them. That means we can detect fraud of many different forms – fraudsters creating devices without holograms are easily spotted, and attempts to clone or manipulate holograms either in factory or on the device are protected by our patent-pending algorithms and active monitoring. If fraud does take place, we can point the finger as to the location - acting both as a deterrent and as evidence for redress.
Everyone in the IoT space knows they ‘must do better’ with security. With Digital Holograms™, Trustonic is demonstrating clear business benefits from adopting a secure approach to manufacture. We have built this solution as part of our Kinibi-M solution, which offers many other benefits, such as IP Protection for code modules (preventing others in the supply chain from extracting code or secret keys), secure cloud onboarding and small, simple cryptography – all on the smallest of ARM MPUs.
Edited by Ken Briodagh
BACK TO Industrial IoT Evolution