The need to create efficient IoT security has never been greater. We know from news reports that data breaches, malware, viruses, and other online misconduct are already frequent.
Why are hackers so targeted on the Internet of Things? When any device is connected to other devices or the cloud, it has the potential to be an entry point for attackers, allowing them to steal data, manipulate operations, or gain unauthorized access to the cloud.
The harsh reality we need to face is that all IoT assets are exposed and vulnerable to attack at any time during the life cycle of an IoT device. To limit exposure and thus minimize risk, we must ensure that IoT connections are secure, that is, every connection operation, including every transfer, update, and download, needs to be protected.
The good news is that we have the ability to create the continuous and long-lasting protection that IoT devices need.
Two key areas of concern
A robust IoT Protection Center addresses the two biggest vulnerabilities of IoT devices – device access and ongoing credential maintenance.
· Device access
Device access refers to the act of connecting a device to a cloud service. To make access more secure, an authentication process must be used. To log into the cloud, a device needs to confirm (or authenticate) its identity, showing authorization to allow it by presenting security credentials. Security credentials are sensitive assets and must be protected at all times, so their validity can be trusted when presented to the cloud. Device access ensures that only authorized entities can communicate with each other, protects access to devices, and enforces protection during device data storage and transmission.
· Ongoing credential maintenance
As new threats continue to emerge, security is the active goal. As long as the device is still in the field, it needs to be updated in a private, protected way, adding new security mechanisms to the device. Security credential maintenance helps ensure that the appropriate level of security is always implemented. Updates used to refresh and extend device protection must be performed in a secure manner that does not give hackers the opportunity to tamper with any part of the device’s operation, cause harm, or steal information.
EdgeLock 2GO – A Flexible Approach to IoT Security
The NXP EdgeLock 2GO platform is designed to provide the high level of protection necessary to protect IoT devices from production to retirement. The platform combines dedicated hardware and services to establish a chip-based root of trust. A chip-based root of trust ensures trusted access activities and builds a secure infrastructure for secure credential management, so connections are always trusted for the lifetime of the device.
· EdgeLock SE050 security chip
With the EdgeLock 2GO platform, IoT device protection begins with a solid foundation inside, and the EdgeLock SE050 security chip provides the root of trust and securely stores security credentials. By using the EdgeLock SE050 in IoT devices, developers can be confident that their designs are protected against emerging attack scenarios with a level of security comparable to the protection of high-value confidential information by governments and financial institutions.
· EdgeLock 2GO Cloud Service
Based on the comprehensive security mechanisms provided by the EdgeLock SE050 security chip, the EdgeLock 2GO cloud service is a secure, fully automated deployment and maintenance service designed to work the way customers do. Customers can choose the level of support that suits their specific situation from three flexible service options. Pre-configured device options to connect directly, or create your own configuration with as many keys, certificates and data types as needed. Customers simply tell NXP which services they want to connect to, and NXP configures the necessary device keys and certificates, and even registers their device identity with the cloud service of the customer’s choice.
Not only IoT security, but IoT flexibility
Not only does the EdgeLock 2GO cloud service ensure secure access and security credential maintenance, it also provides a whole new level of flexibility in how devices interact with the cloud, when device provisioning takes place, and the number of real-world use cases supported.
NXP’s EdgeLock 2GO supports customer deployments and can help reduce time-to-market and the day-to-day operating costs of IoT deployments while ensuring customers’ devices are protected by advanced security.
Download the white paper
A new white paper, Delivering Trustworthy IoT Connectivity with the EdgeLock 2GO Platform, explores the issue in detail, showing how NXP’s approach to IoT protection creates a comprehensive approach to security risks facing the IoT.
About the Author:
Julien Delplancke is a Senior Product Manager at NXP Semiconductors. As part of the IoT Security team, he is driving NXP’s security services offerings for IoT products and working with device manufacturers, service providers and cloud providers to help NXP customers secure their devices and services.