IoT Design

IOT DesignGuide 2020

Issue link:

Contents of this Issue


Page 27 of 31

Protect IoT devices with Trusted Computing Group standards The explosion of intelligent connected devices, or the Internet of Things (IoT), presents a massive expansion of the "attack surface" hackers can target. Some researchers predict the IoT will reach 50 billion connected devices by the end of 2020. Many of these devices are vulnerable to attacks and the level of risk continues to rise. Failure to secure IoT systems has already led to several costly or dangerous incidents. Every new device that connects to a network is potentially in- stantly exposed to viruses, malware, and other attacks that could result in industrial espionage or safety and security issues. Proper security measures must be taken to protect against these attacks. Unique IoT device security challenges must be overcome, such as: • An unprecedented number and variety of devices • Many IoT devices lack the computing power or memory capacity to support even basic security authentication and authorization • Demanding real-time applications, such as in manufacturing and automobiles and other transportation systems • Devices that will likely be in operation for decades and might be manufactured by vendors who provide infrequent or no updates Given the high level of interest in IoT, more security breaches that cause financial damage, compromise personal information or even physical damage will inevitably arise in the next few years, resulting in disproportionate attention and financial and brand damage to those involved. Ensuring the identity and integrity of IoT devices, as well as the security of their data storage and communications, will allow organizations and consumers to get the maximum benefit from the IoT with the least risk. IoT Architects Guide Trusted Computing Group +1.503.619.0562 @TrustedComputin Security FEATURES Ą How to reduce IoT security risks The IoT Security Architects Guide from Trusted Computing Group (TCG) identifies steps for IoT architects to take in order to develop appropriate security controls to manage or reduce the risks. Ą Firstly, protect data with encryption To avoid eavesdroppers on data in transit, use end-to-end encryption to avoid unauthorized decryption. The self-encrypting drive (SED) standards from TCG enable stored data to be protected with encryption built into the drive. The SED standard is available in a wide variety of interoperable products. Ą Protect limited devices with overlay networks Many IoT systems include limited devices such as tiny, battery-operated sensors or legacy devices such as decades-old hydroelectric generators. These devices cannot be upgraded to include built-in security capabilities. However, they cannot be left unprotected on a potentially hostile network. Ą Plan to protect IoT devices The full IoT Architects Guide from TCG provides a step-by-step process to identify an appropri- ate planned response to deal with security challenges and avoid subsequent consequences. The guide shows IoT architects how to gauge the security risks unique to them as they define their business goals and develop appropriate security controls to manage. Ą TCG and its members continue to work on implementing options of existing TCG standards and technologies to address rising IoT challeng- es as the numbers of deployed devices continue to surge. To find out more about this work and to stay up to date with TCG's latest recom- mendations to reduce security risks, please visit TPM One powerful tool for integrity protection is the Trusted Platform Module (TPM). The TPM is a standard micro- controller that combines robust cryptographic identity with remote security management features such as remote attestation. Because the TPM is defined by open standards, designers can choose from a variety of TPM products from different vendors. IoT Design Guide 28 IoT Design Guide 2020

Articles in this issue

Links on this page

view archives of IoT Design - IOT DesignGuide 2020