【Technical dry goods】 Internet of things security analysis

Much of what we use daily is becoming intelligent and connected to the Internet. The Internet of Things (IoT) will improve our lives by helping us meet our health and fitness goals, reduce resource consumption, increase productivity, and track and secure assets. Many embedded developers are aware of the potential benefits of IoT and are actively developing applications ranging from home connected devices to wearable and home security systems. However, risks and benefits coexist. No one wants to design the application vulnerable to attack or data vulnerable to theft. Striking hacking can have a serious impact on the brand image and lose customer trust, and, worst of all, it slows or permanently reduces people's use of IoT.

IoT is often called an industrial revolution. The number of connectable devices will grow rapidly in the coming years. If there is any dispute between IoT analysts, there will be billions of connectable devices. The economic value of the Internet of Things is estimated at 4 to 11 trillion U.S. dollars. In accelerating the time-to-market for connectable device products, it can be cumbersome to implement proper security measures because it increases component costs, development effort, and design complexity.

At the same time, appropriate security measures are not crucial to some industries. However, taking appropriate security measures is the key to avoiding being attacked. Once a vendor's product is compromised, major security and privacy issues and negative reporting can slow down people's use of IoT temporarily or permanently. Even for simple devices at home and in everyday life, many consumers are skeptical of connection security, and some researchers and industry watchers believe the IoT security disaster is bound to happen. In fact, there have been a lot of recent high-profile attacks that have caught the attention of many, so some people think the disaster has come. Please click "Read the original" to view the complete "IoT Security Analysis" article.

Quantum cryptography attack

The current IoT security situation is similar to quantum cryptography, which usually refers to quantum key distribution. Unlike other key distribution schemes, quantum cryptography promises absolute security based on the laws of physics. In contrast, most key distribution schemes rely on the assumption of large computational complexity of factorization or discrete logarithm problems. Although quantum cryptography was discovered in 1984, commercial encryption systems were not introduced into the market until 2000. Quantum cryptography depends on a single photon, building quantum cryptography is complex, but time to market is an essential issue. In 2010, the first security breach to completely break the quantum cryptography system was made public. In theory, quantum cryptography can not be destroyed, but in fact, did not consider the side of the system design process and vulnerability.

In addition, it is interesting to note that no loopholes were discovered until a dedicated team was formed to destroy these systems. Before the panel was formed, the industry as a whole focused on how to make quantum cryptography systems more robust and how to get these systems to market. Similar events in quantum cryptography have given us an important lesson. Most notably, it shows that security is a continuous process of development that requires multidisciplinary programs to predict potential attacks. When engineering teams try to make something as complex as quantum cryptography, they may not understand how attackers invaded the system. The whole process is contradictory. Therefore, quality assurance and safety teams need to be separated from engineering teams that build safety systems.

Another key point is that attacks on quantum cryptography will surely reduce, temporarily (if not permanently) the market acceptance of the technology and its trust in the technology. So, if the industry can invest more in safety in the early stages, ultimately this will go a long way, albeit more time-to-market and more costly.

IoT Security Analysis

Currently, the necessary technology for IoT security already exists. But the lack of knowledge of how to implement this technology is often the root cause of most security breaches. However, a "safe" IoT device does not ensure a secure system. Nonetheless, developers should at least be aware of the following types of security.

Hardware safety

Safety IoT devices have many security features. First, it uses a symmetric password to perform secure boot and secure boot or over the air (OTA) firmware updates. Secure IoT devices also use hardware cryptographic accelerators, which are faster, more energy efficient, and less susceptible to edge channel analysis attacks.

In secure IoT devices, the debug port is disabled. If you need to reopen the debug port at some point (for example, remote memory access or for any other reason), you are going through a certification challenge response scheme that uses public key authentication. Although secure boot and bootloading prevent attackers from modifying program memory, secure IoT devices can further limit read access to program memory. This usually means that the device has internal memory or built-in flash memory. In the case of using external memory, this also means that the contents of the external memory need to be signed and encrypted.

Software security

To ensure that software running on secure IoT devices further enhances security, it must be hardware-based at key points. This means it can prevent skipping a single instruction. For example, Safe Start signature check or password signature check. This approach ensures that even if the attacker can make the processor skip an instruction, then there will be no key security consequences. In addition, ARMv8M's TrustZone can be used to partition different libraries in order to avoid system-wide access to security issues in the code or to third-party libraries.

Plastic Bucket

Plastic Bucket,Metal Pail,Paint Container,5 Gallon Plastic Bucket

Guangzhou Futen Plastic & Metal Products Co.,Ltd , https://www.futencan.com