Thales Blog

Use cases of secure IoT deployment

June 1, 2021

Dave Madden Dave Madden | Senior Director of Business Development More About This Author >

In our previous blog post, we discussed the challenges for securing IoT deployments, and how businesses and consumers benefit from authenticating and validating IoT software and firmware updates. In this article, we are going to present four use cases that demonstrate how businesses can secure devices, identities, data and software in their IoT deployments.

Use case 1: Fortune 500 Healthcare Company

A Fortune 500 Biotech Company recognized the need to protect its pacemaker customers, by assuring that the data transferred between patients’ devices and the back-end networks was consistently secure and would remain authenticated throughout the communication. This secure connection needed to be accessible under every circumstance – regardless of the patient’s location. Requirements also included that the firmware was to be signed by the manufacturer and verified by the pacemaker.

Recognizing this critical requirement, Thales teamed with industry security leaders to develop an offering that delivers secure code signing to software vendors, mobile app developers, enterprise IT organizations, and manufacturers of medical IoT devices. Thales Luna Hardware Security Modules (HSMs) enable enterprises and IoT-based manufacturers to produce and provide continual support to secure pacemakers with a scalable key management system, whether using in-cloud or in client-hosted environments.

The solution allows the manufacturer to create an innovative process that maintains data safety throughout every communication. The data encryption public key and root of trust were installed in the pacemaker; the pacemaker then verifies the signed firmware against its root of trust. The pacemaker protected patient data with encryption and then the protected data could flow through Microsoft Azure, allowing for global data access reach. The encrypted data could only be decrypted inside the manufacturer’s data center, leveraging the cryptographic mechanisms provided by Thales Luna HSMs.

Use case 2: Automobiles

Cars are getting smarter and more connected every day. However, these “computer systems on wheels” may soon become a prime target for cyber criminals and hackers. Thales has teamed up with a global automotive manufacturer, to develop a methodology for identifying these risks and the measures that need to be taken to keep vehicles safe and secure.

Vehicles today rely on onboard computers called ECUs, or electronic control units, which manage not just the in-car infotainment systems but also critical functions such as fuel injection and braking. Additionally, the growing number of vehicles fitted with driving and parking aids means the steering can also be controlled.

Another potential vulnerability is the web applications that send data between the vehicle and the manufacturer’s information system. If the authentication process isn’t secure enough, hackers could gain access to the user’s account and, from there, get their hands on the vehicle.

To protect the safe and reliable operation of connected vehicles, the following requirements must be met:

  • Internal components must incorporate authentication mechanisms using a robust cryptographic scheme, such as a MAC algorithm. This solution makes it impossible to modify an ECU with malevolent code.
  • The software and other applications on the ECUs must be electronically signed, combined with an HSM (Hardware Security Module) to protect the private key.
  • The most sensitive data, particularly the vehicle’s secret data and the user’s private data, should be encrypted using a robust algorithm.

The solution implemented by Thales and the car manufacturer employed the use of Thales Luna Hardware Security Modules (HSMs) for credential management and the protection of associated private keys to address data protection, authentication between electronic components and protection of the operating system and the code embedded in components.

Use case 3: Smart meter manufacturer

Managing IoT Field Area Networks (FAN) for thousands or millions of connected devices is a challenging task for deployments at scale. Such smart meters find a wide range of applicability, from utilities and oil and gas companies to traffic management and smart cities. Smart meters benefit operations teams by managing large scale FAN lifecycles across changing environmental conditions and network constraints, providing rapid scaling, enhanced security, and increased reliability.

A critical component of reliable IoT FAN deployments is the ability to secure firmware upgrades at scale. A global smart meter manufacturer partnered with Thales to protect the credentials and private keys required for code signing software and firmware. The solution integrates cloud-based Luna Cloud HSMs from Data Protection on Demand (DPoD) with the IoT field area network application server to ensure that software updates are validated and to prevent tampering.

Use case 4: A large gaming operator in Asia

Gaming operators store and process large amounts of functional data to optimize operations and user experience. The gaming operator must be able to discover data wherever it resides and classify it. This data can be in many forms, and it can exist across storage on-premises, in the cloud, or even across country borders.

Once the operator knows where its sensitive data is located, protective measures such as encryption or tokenization must be applied to successfully secure sensitive data, and render personal data unidentifiable to satisfy data sovereignty regulations. In addition, the corresponding cryptographic keys must be secured, managed and controlled to protect the privacy of its customers and satisfy privacy legislation requirements.

Finally, the organization needs to control access to its data and centralize key management. Every data security regulation and mandate requires organizations to be able to monitor, detect, control and report on authorized and unauthorized access to data and encryption keys.

The gaming operator in Asia partnered with Thales to deploy CipherTrust Data Security Platform, which simplifies protection of sensitive data through anonymization to accelerate regulatory compliance and secure cloud migration.

Thales IoT security solutions can help you defend against attacks and data loss, reduce operational costs, and protect revenue and reputation. Implementing a root of trust for connected devices and edge-to-cloud data protection is crucial for protecting your IOT deployment from compromise. Thales and our channel partners look forward to reviewing your architecture and providing best practices guidance to secure your vital digital assets and IoT data.

My thanks go to my colleague Welland Chu for his valuable input into this blog.