The industrial, home, health and transportation industries may be rushing to embrace the Internet of Things, but without a coherent security strategy in place those billions of connected devices could represent a security nightmare.
Now, some of the world’s biggest companies have joined forces to address this security issue, most notably the lack of standards in IoT devices. Led by Symantec and ARM, the group has created the Open Trust Protocol (OTrP).
The group says OTrP combines a secure architecture with trusted code management and uses security technologies that are already well established in the banking industry as well as in applications available for smartphones and tablets that manage sensitive data. The protocol is available for download from the IETF website, the group said.
According to the group, OTrP is a high level management protocol that works with security products such as ARM’s TrustZone-based Trusted Execution Environments and others that are designed to protect mobile devices from security threats.
The protocol reuses the security architecture that is already well-established in the ecommerce industry, which removes the need for a centralized database. The use of Public Key Infrastructure (PKI) and Certificate Authority-based trust architectures means service providers, app developers and OEMs can use their own keys to secure and manage both IoT-related hardware and software.
The OTrP can be added to existing Trusted Execution Environments or to microcontroller-based platforms capable of RSA cryptography, the group said.
As well as Symantec and ARM, Intercede, Solacia, Beanpod, Sequitur Labs, Sprint, Thundersoft, Trustkernel and Verimatrix are members of the group.
“In an internet-connected world, it is imperative to establish trust between all devices and service providers,” said Marc Canel, Vice President of Security Systems, ARM. “Operators need to trust devices their systems interact with and OTrP achieves this in a simple way. It brings ecommerce trust architectures together with a high-level protocol that can be easily integrated with any existing platform.”
“With new technologies come increased security risks,” said Brian Witten, Senior Director, Internet of Things (IoT) Security, Symantec. “The IoT and smart mobile technologies are moving into a range of diverse applications and it is important to create an open protocol to ease and accelerate adoption of hardware-backed security that is designed to protect on-board encryption-keys.”
“Posting OTrP as an IETF informational for public review is an important step in providing universal digital trust from silicon to services for mobile and IoT connected devices, said Richard Parris, CEO of Intercede. “It provides network operators and app developers the control they need over their selection of hardware security module and cryptographic key provider for reasons of interoperability, policy and cost while maintaining a common management platform across mixed fleets of devices."
Photo © monicaodo