Silicon Labs
|
Silicon Labs Community Silicon Labs Community
  • Products
    1. 8-bit MCU
    2. 32-bit MCU
    3. Bluetooth
    4. Proprietary
    5. Wi-Fi
    6. Zigbee & Thread
    7. Z-Wave
    8. Interface
    9. Isolation
    10. Power
    11. Sensors
    12. Timing
  • Development Tools
    1. Simplicity Studio
    2. Third Party Tools
  • Expert's Corner
    1. Announcements
    2. Blog
    3. General Interest
    4. Projects
How to Buy
English
  • English
  • 简体中文
  • 日本語
//
Community // Blog

Eight Principles of IoT Security

11/310/2020 | 05:49 PM
Jackie Padgett
Employee

Level 5


There are many challenges facing embedded development engineers tasked with implementing effective security measures. Knowledge of what is being protected, the threat landscape, and specific attack vectors to be protected against is necessary. Not to mention the added urgency that comes with overreported, high-profile breaches.

Securing embedded devices is no longer optional. As more products became connected, the primary perceived attack vectors originated from internet traffic, but now entire embedded systems are subject to constant and varied threats.

There are several techniques that developers can employ to make the task of securing systems much easier. Silicon Labs is a founding member of the ioXt Alliance, an industry-led initiative that, with partner collaboration, has led to the creation of eight key principles.

Click here to access the whitepaper.

Principle 1 – No Universal Passwords

Often, high-volume consumer devices are all shipped with the same default password. Typically, users want to deploy their new device quickly, so many do not take the simple step of changing the default password to a new one. Shipping each new device with a unique factory-programmed password is a simple first step in making it more difficult for adversaries to gain access to or take control of, potentially, hundreds of deployed devices.

Principle 2 – Secured Interfaces

Any microcontroller-based device has a multitude of interfaces and ports that can be accessed either locally or remotely. The primary application will use some of these ports during operation and for communications. However, the rest (particularly any that function as external communication interfaces) must be secured. Likewise, any IC-to-IC interfaces (e.g., between the microcontroller and a display controller) must be secured. It is recommended that all interfaces be encrypted and authenticated during use.

Principle 3 – Proven Cryptography

In a world of open and interoperable technologies, the use of industry-recognized, open, and proven cryptographic standards is essential. The use of closed, proprietary cryptographic algorithms is not recommended. The use of open cryptographic standards encourages participation by all developers, engineers and stakeholders so that they can be continually evaluated for potential vulnerabilities against new security threats.

Principle 4 – Security by Default

It is essential that when a consumer purchases a new device, it is already set for the highest possible levels of security. Shipping a product with no or minimal security options configured is liable to pave the way for adversaries to take advantage. The consumer out-of-box security experience should be that all possible security measures are enabled. Developers should not leave a consumer unprotected by default.

Principle 5 – Signed Software Updates

With the increasing number of consumer smart home devices that can update themselves automatically over the air being shipped, the priority is that every update should be signed cryptographically. In this way, hackers are prevented from attempting to update a device with malicious code.

Principle 6 – Software Updates Applied Automatically

Consumers shouldn't have to become administrators of their own devices, faced with the choice of whether or not to update a product's software image. If an update needs to be made, it should be deployed and implemented automatically. Moreover, updates should be applied at times when they will not compromise the device's operation. For example, a smart connected washing machine should not be updated while the machine is in use.

Principle 7 – Vulnerability Reporting Scheme

Often, consumers who experience a problem with their embedded smart home device are unsure who to contact. Has it been compromised? Is there a new vulnerability that should be reported? This principle pledges that product manufacturers will create a means for customers to report problems and communicate their concerns regarding product security.

Principle 8 – Security Expiration Date

As with product warranties, which have an expiration date after purchase, the period during which security updates are available should also be defined and communicated to the consumer. Continuing to support a product with security updates involves continued engineering costs, so consumers need to be able to make informed decisions at the time of purchase. Manufacturers also have the option to offer extended warranties to offset ongoing security updates.

The detailed explanation of the way we embrace these principles can be found in the Silicon Labs – IoT Endpoint Security Fundamentals document.

Security in the Smart Home

We already have far more control over our homes than we could imagine a few years ago, thanks to the IoT, and that is not slowing down. This means preparing for the next generation of cyber criminals will be a challenge we solve as an industry. Our state-of-the-art Secure Vault, has been design to help connected device manufacturers address these evolving threats by protecting from unauthorized access and guaranteeing chip authenticity. Through over-the-air updates, Secure Vault strengthens product security, future proofing, and addresses security regulation without adding cost or complexity.

Secure Vault features include:

  • Secure Device Identity certificate, similar to a birth certificate, for each individual silicon die, enabling post-deployment security, authenticity and attestation-based health checks, guaranteeing the authenticity of the chip for its lifetime.  
  • Advanced Tamper Detection that enables developers to set-up appropriate response actions when the device experiences of unexpected behaviors, such as extreme voltage, frequency, and temperature variations, which could indicate a vulnerability
  •  Secure Key Management and Storage, a central component to protect against direct access to an IoT device and its data by encrypting and isolating the keys from the application code and using a master key encryption key (KEK) generated from physically unclonable function (PUF) hardware

To learn more about how cyber threats are evolving and how industry regelation is taking shape, check out our whitepaper, Preparing for Next-Generation Cyber Attacks on IoT.

  • Blog Posts

Tags

  • Wireless
  • High Performance Jitter Attenuators
  • EFR32FG22 Series 2 SoCs
  • EFR32MG21 Series 2 SoCs
  • Security
  • Bluegiga Legacy Modules
  • Zigbee SDK
  • ZigBee and Thread
  • EFR32BG13 Series 1 Modules
  • Internet Infrastructure
  • Sensors
  • Wireless Xpress BGX13
  • Blue Gecko Bluetooth Low Energy SoCs
  • Z-Wave
  • Micrium OS
  • Blog Posts
  • Low Jitter Clock Generators
  • Bluetooth Classic
  • Makers
  • Flex SDK
  • Tips and Tricks
  • timing
  • Smart Cities
  • Smart Homes
  • IoT Heroes
  • Reviews
  • RAIL
  • Simplicity Studio
  • Tiny Gecko
  • EFR32MG22 Series 2 SoCs
  • Mighty Gecko SoCs
  • Timing
  • Temperature Sensors
  • Blue Gecko Bluetooth Low Energy Modules
  • Ultra Low Jitter Clock Generators
  • General Purpose Clock Generators
  • EFR32BG22 Series 2 SoCs
  • Industry 4.0
  • Giant Gecko
  • 32-bit MCUs
  • Bluetooth Low Energy
  • 32-bit MCU SDK
  • Gecko
  • Microcontrollers
  • Jitter Attenuators
  • EFR32BG21 Series 2 SoCs
  • News and Events
  • Wi-Fi
  • Bluetooth SDK
  • Community Spotlight
  • Clock Generators
  • Biometric Sensors
  • General Purpose Jitter Attenuators
  • Giant Gecko S1
  • WF200
  • Flex Gecko
  • Internet of Things
  • 8-bit MCUs
  • Wireless Jitter Attenuators
  • Isolation
  • Powered Devices
  • Power

Top Authors

  • Avatar image Siliconlabs
  • Avatar image Jackie Padgett
  • Avatar image Nari Shin
  • Avatar image lynchtron
  • Avatar image deirdrewalsh
  • Avatar image Lance Looper
  • Avatar image lethawicker

Archives

  • 2016 February
  • 2016 March
  • 2016 April
  • 2016 May
  • 2016 June
  • 2016 July
  • 2016 August
  • 2016 September
  • 2016 October
  • 2016 November
  • 2016 December
  • 2017 January
  • 2017 February
  • 2017 March
  • 2017 April
  • 2017 May
  • 2017 June
  • 2017 July
  • 2017 August
  • 2017 September
  • 2017 October
  • 2017 November
  • 2017 December
  • 2018 January
  • 2018 February
  • 2018 March
  • 2018 April
  • 2018 May
  • 2018 June
  • 2018 July
  • 2018 August
  • 2018 September
  • 2018 October
  • 2018 November
  • 2018 December
  • 2019 January
  • 2019 February
  • 2019 March
  • 2019 April
  • 2019 May
  • 2019 June
  • 2019 July
  • 2019 August
  • 2019 September
  • 2019 October
  • 2019 November
  • 2019 December
  • 2020 January
  • 2020 February
  • 2020 March
  • 2020 April
  • 2020 May
  • 2020 June
  • 2020 July
  • 2020 August
  • 2020 September
  • 2020 October
  • 2020 November
  • 2020 December
  • 2021 January
  • 2021 February
Silicon Labs
Stay Connected With Us
Plug into the latest on Silicon Labs products, including product releases and resources, documentation updates, PCN notifications, upcoming events, and more.
  • About Us
  • Careers
  • Community
  • Contact Us
  • Corporate Responsibility
  • Privacy and Terms
  • Press Room
  • Investor Relations
  • Site Feedback
  • Cookies
Copyright © Silicon Laboratories. All rights reserved.
粤ICP备15107361号
Also of Interest:
  • Bring Your IoT Designs to Life with Smart,...
  • A Guide to IoT Protocols at Works With...
  • IoT Hero Rainus Enhances the In-Store Shopping...