Organisations have only just begun discovering and benefiting from the opportunities provided by the Internet of Things. The ability to capture and analyse data from distributed connected devices offers the potential to optimise processes, create new revenue streams and improve customer service. However, the IoT also exposes organisations to new security vulnerabilities introduced by increased network connectivity and devices that are not secured by design. And advanced attackers have demonstrated the ability to pivot to other systems by leveraging vulnerabilities in IoT devices.
Our IoT security solutions provide data encryption for IoT data and management of encryption keys for IoT devices.
Once connected devices are deployed in the field, they become attractive targets for criminal actors seeking to:
Sophisticated cybercriminals or insiders with privileged access can take advantage of unsecured manufacturing processes to produce counterfeits and clones, resulting in decreased revenues and damaged brand reputation. This is particularly relevant at remote or third-party facilities, where the device vendor has no physical presence.
Malicious actors may seek opportunities to inject unauthorised code during the manufacturing process or when device code is updated, e.g., when the manufacturer needs to update the firmware to provide additional functionality or patch a vulnerability.
IoT devices will collect large volumes of data, some of which will require protection based on sensitivity or compliance requirements. IoT data protection solutions must span edge to cloud, provide scalable encryption and key management and not impede data analysis.
Using Thales HSMs and a supporting security application to create and protect the underlying keys, each IoT device can be manufactured with a unique, cryptographically-based identity that is authenticated when a connection to gateway or central server is attempted. With this unique ID in place, you can track each device throughout its lifecycle, communicate securely with it and prevent it from executing harmful processes. If a device exhibits unexpected behaviour, you can simply revoke its privileges.
Thales HSMs, used in conjunction with security software, enable manufacturers to secure their production processes. For example, Microsemi, a leading provider of semiconductor solutions, uses HSMs in combination with security software to generate unique codes that can only be decrypted by the device for which each was generated. By controlling the number of authorisation codes generated, they can also limit the number of systems built.
Establishing strong authentication is just one part of the puzzle. The IoT demands large scale management and protection of digital certificates and the underlying keys and support for multiple public key algorithms including Elliptic Curve Crypto (ECC) whose shorter key lengths and less intensive computational power are well suited to constrained IoT devices, all supported by a well-designed public key infrastructure (PKI). The accepted PKI best practise to secure your most sensitive keys and business processes is to use an HSM. Whether you work with one of our industry-leading PKI partners or tap into our Advanced Services Group’s knowledge and expertise, Thales HSMs will provide a high-assurance, independently-certified root of trust for your PKI, regardless of complexity or scale.
Limiting access to protected systems and data to only authorised devices and users enables you to defend against many of the potential threats associated with the IoT, such as APTs and data breaches, as well as protect data confidentiality and privacy. By using cryptographically-based identification underpinned by HSMs – a recognised best practice – for authentication, and code signing to ensure authenticity and integrity of device firmware updates and patches, you can create a secure network of trusted IoT devices.
Through secure control and monitoring of geographically-dispersed devices, organisations can lower the cost of device maintenance and updates. The cost savings extend to the removal of untrusted devices; if a device exhibits unexpected behaviour, instead of deploying a technician to physically inspect and take it offline, you can simply revoke its privileges remotely.
By securing the process of manufacturing devices, organisations can protect against lost revenues and brand damage resulting from the sale of unauthorised black market units. Secure connected devices also provide opportunities for new revenue streams, as companies can use their connectivity to deliver functional upgrades or to serve up premium content and services.