Silicon Labs
|
Silicon Labs Community Silicon Labs Community
  • Products
    1. 8-bit MCU
    2. 32-bit MCU
    3. Bluetooth
    4. Proprietary
    5. Wi-Fi
    6. Zigbee & Thread
    7. Z-Wave
    8. Interface
    9. Isolation
    10. Power
    11. Sensors
    12. Timing
  • Development Tools
    1. Simplicity Studio
    2. Third Party Tools
  • Expert's Corner
    1. Announcements
    2. Blog
    3. General Interest
    4. Projects
How to Buy
English
  • English
  • 简体中文
  • 日本語
//
Community // Blog

IoT Device Security: What Designers Need to Know

10/279/2017 | 03:42 PM
Lance Looper
Employee

Level 5


As the number of IoT devices hitting the market continues to explode, the pace of security threats mounting grows right alongside it. If security isn’t addressed seriously by embedded designers, the vulnerabilities of connected products could significantly stall or halt IoT market growth. That being said, security is a serious priority, not an afterthought.

Fortunately, designers have many options on the best way to build security into connected product designs. Yet the process of building a highly secure IoT device is complicated and requires critical trade-offs by product designers. The trick is weighing the needs of the user and the limitations and strengths of the hardware and wireless infrastructure.

Lars Lydersen, Senior Director of Product Security at Silicon Labs, just released a whitepaper titled, “Security Tradeoffs and Commissioning Methods for Wireless IoT Protocols,” which provides solid recommendations and guidance on the often perplexing task of commissioning wireless devices onto a network.

City_Banner.png

The whitepaper provides a snapshot of some of the key lurking security threats that are relentlessly calculating new ways to hack into connected devices. Several examples mentioned include the passive listeners, who don’t block traffic, but instead listen for valuable data, or the Man-in-the-Middle (MITM) active attacker, who intercepts all traffic while maintaining a disguise to prevent the other communicator or device from knowing it’s talking to an adversary.

In order for devices to combat these cunning and ever-shifting tactics successfully, a number of scenarios and trade-offs need to be taken into consideration by the embedded designer. For example, when securing wireless or wired links, a secret key must be provided between the devices. During this commissioning phase, strong authentication action must be made by the user, infrastructure or operations on the device side in order to avoid MITM attacks. But this approach can place unforeseen requirements on the device interface or online connectivity for the end device.

This is just one example of the complexity involved in commissioning - the paper provides specific guidance on a variety of secure IoT approaches. Typically, three different types of commissioning schemes are available for designers. The whitepaper explores the details of these schemes, including permissive, which happens without authentication; a shared key, which allows the commissioning device and onboarding device to authenticate using a shared identical key; and the certificate-based commissioning scheme; which authenticates the key exchange using public key cryptography primitives.

Today’s most popular IoT protocols include Wi-Fi, Bluetooth Low Energy, Zigbee and Thread. All of the protocols support out-of-band commissioning. Lydersen’s paper provides several specific recommendations for out-of-band commissioning, such as Near-Field Communication or details on how to derive a key from another standard.

Overall, if you need a quick and informative review of commissioning wireless scheme options and the different levels of security available – this read is a must.

New IoT security threats are a constant. Therefore, educating ourselves on the best security approaches to safeguard IoT must be, as well. Enjoy the whitepaper!

  • Blog Posts
  • Internet of Things
  • DanilBorchevkin

    Level 5


    Replied Dec 01 2017, 10:39 PM
    Thanlks for the whitepaper!
    0

Tags

  • Wireless
  • High Performance Jitter Attenuators
  • EFR32FG22 Series 2 SoCs
  • EFR32MG21 Series 2 SoCs
  • Security
  • Bluegiga Legacy Modules
  • Zigbee SDK
  • ZigBee and Thread
  • EFR32BG13 Series 1 Modules
  • Internet Infrastructure
  • Sensors
  • Wireless Xpress BGX13
  • Blue Gecko Bluetooth Low Energy SoCs
  • Z-Wave
  • Micrium OS
  • Blog Posts
  • Low Jitter Clock Generators
  • Bluetooth Classic
  • Makers
  • Flex SDK
  • Tips and Tricks
  • timing
  • Smart Cities
  • Smart Homes
  • IoT Heroes
  • Reviews
  • RAIL
  • Simplicity Studio
  • Tiny Gecko
  • EFR32MG22 Series 2 SoCs
  • Mighty Gecko SoCs
  • Timing
  • Temperature Sensors
  • Blue Gecko Bluetooth Low Energy Modules
  • Ultra Low Jitter Clock Generators
  • General Purpose Clock Generators
  • EFR32BG22 Series 2 SoCs
  • Industry 4.0
  • Giant Gecko
  • 32-bit MCUs
  • Bluetooth Low Energy
  • 32-bit MCU SDK
  • Gecko
  • Microcontrollers
  • Jitter Attenuators
  • EFR32BG21 Series 2 SoCs
  • News and Events
  • Wi-Fi
  • Bluetooth SDK
  • Community Spotlight
  • Clock Generators
  • Biometric Sensors
  • General Purpose Jitter Attenuators
  • Giant Gecko S1
  • WF200
  • Flex Gecko
  • Internet of Things
  • 8-bit MCUs
  • Wireless Jitter Attenuators
  • Isolation
  • Powered Devices
  • Power

Top Authors

  • Avatar image Siliconlabs
  • Avatar image Jackie Padgett
  • Avatar image Nari Shin
  • Avatar image lynchtron
  • Avatar image deirdrewalsh
  • Avatar image Lance Looper
  • Avatar image lethawicker

Archives

  • 2016 March
  • 2016 April
  • 2016 May
  • 2016 June
  • 2016 July
  • 2016 August
  • 2016 September
  • 2016 October
  • 2016 November
  • 2016 December
  • 2017 January
  • 2017 February
  • 2017 March
  • 2017 April
  • 2017 May
  • 2017 June
  • 2017 July
  • 2017 August
  • 2017 September
  • 2017 October
  • 2017 November
  • 2017 December
  • 2018 January
  • 2018 February
  • 2018 March
  • 2018 April
  • 2018 May
  • 2018 June
  • 2018 July
  • 2018 August
  • 2018 September
  • 2018 October
  • 2018 November
  • 2018 December
  • 2019 January
  • 2019 February
  • 2019 March
  • 2019 April
  • 2019 May
  • 2019 June
  • 2019 July
  • 2019 August
  • 2019 September
  • 2019 October
  • 2019 November
  • 2019 December
  • 2020 January
  • 2020 February
  • 2020 March
  • 2020 April
  • 2020 May
  • 2020 June
  • 2020 July
  • 2020 August
  • 2020 September
  • 2020 October
  • 2020 November
  • 2020 December
  • 2021 January
  • 2021 February
Silicon Labs
Stay Connected With Us
Plug into the latest on Silicon Labs products, including product releases and resources, documentation updates, PCN notifications, upcoming events, and more.
  • About Us
  • Careers
  • Community
  • Contact Us
  • Corporate Responsibility
  • Privacy and Terms
  • Press Room
  • Investor Relations
  • Site Feedback
  • Cookies
Copyright © Silicon Laboratories. All rights reserved.
粤ICP备15107361号
Also of Interest:
  • Bring Your IoT Designs to Life with Smart,...
  • A Guide to IoT Protocols at Works With...
  • IoT Hero Rainus Enhances the In-Store Shopping...