Search Symmetry

Close
  1. Home
  2. Symmetry Blog
  3. IoT Device Security: What Designers Need to Know - from Silicon Labs

IoT Device Security: What Designers Need to Know - from Silicon Labs

Symmetry Electronics Team in Blogs on October 08, 2017

About Symmetry Electronics Team

Established in 1998, Symmetry Electronics is a focused global distributor of wireless connectivity solutions, sensors, and audio-video technologies. Offering comprehensive design support and available-to-ship inventory, Symmetry is committed to helping engineers accelerate time to market, reduce costs, and offer modern solutions for their IoT designs. Acquired by the Berkshire Hathaway company TTI, Inc. in 2017, Symmetry Electronics is headquartered in Los Angeles with international offices in Mexico, Canada, and China.


As the number of IoT devices hitting the market continues to explode, the pace of security threats mounting grows right alongside it. If security isn’t addressed seriously by embedded designers, the vulnerabilities of connected products could significantly stall or halt IoT market growth. That being said, security is a serious priority, not an afterthought.

Fortunately, designers have many options on the best way to build security into connected product designs. Yet the process of building a highly secure IoT device is complicated and requires critical trade-offs by product designers. The trick is weighing the needs of the user and the limitations and strengths of the hardware and wireless infrastructure.

Lars Lydersen, Senior Director of Product Security at Silicon Labs, just released a whitepaper titled, “Security Tradeoffs and Commissioning Methods for Wireless IoT Protocols,” which provides solid recommendations and guidance on the often perplexing task of commissioning wireless devices onto a network.

The whitepaper provides a snapshot of some of the key lurking security threats that are relentlessly calculating new ways to hack into connected devices. Several examples mentioned include the passive listeners, who don’t block traffic, but instead listen for valuable data, or the Man-in-the-Middle (MITM) active attacker, who intercepts all traffic while maintaining a disguise to prevent the other communicator or device from knowing it’s talking to an adversary.

In order for devices to combat these cunning and ever-shifting tactics successfully, a number of scenarios and trade-offs need to be taken into consideration by the embedded designer. For example, when securing wireless or wired links, a secret key must be provided between the devices. During this commissioning phase, strong authentication action must be made by the user, infrastructure or operations on the device side in order to avoid MITM attacks. But this approach can place unforeseen requirements on the device interface or online connectivity for the end device.

This is just one example of the complexity involved in commissioning - the paper provides specific guidance on a variety of secure IoT approaches. Typically, three different types of commissioning schemes are available for designers. The whitepaper explores the details of these schemes, including permissive, which happens without authentication; a shared key, which allows the commissioning device and onboarding device to authenticate using a shared identical key; and the certificate-based commissioning scheme; which authenticates the key exchange using public key cryptography primitives.

Today’s most popular IoT protocols include Wi-Fi, Bluetooth Low Energy, Zigbee and Thread. All of the protocols support out-of-band commissioning. Lydersen’s paper provides several specific recommendations for out-of-band commissioning, such as Near-Field Communication or details on how to derive a key from another standard.

Overall, if you need a quick and informative review of commissioning wireless scheme options and the different levels of security available – this read is a must.

New IoT security threats are a constant. Therefore, educating ourselves on the best security approaches to safeguard IoT must be, as well. Enjoy the whitepaper!


Source: http://community.silabs.com/t5/Official-Blog-of-Silicon-Labs/IoT-Device-Security-What-Designers-Need-to-Know/ba-p/211704

Share

Symmetry Electronics Team in Blogs on October 08, 2017

About Symmetry Electronics Team

Established in 1998, Symmetry Electronics is a focused global distributor of wireless connectivity solutions, sensors, and audio-video technologies. Offering comprehensive design support and available-to-ship inventory, Symmetry is committed to helping engineers accelerate time to market, reduce costs, and offer modern solutions for their IoT designs. Acquired by the Berkshire Hathaway company TTI, Inc. in 2017, Symmetry Electronics is headquartered in Los Angeles with international offices in Mexico, Canada, and China.

Why partner with Symmetry Electronics? Symmetry's technical staff is specially trained by our suppliers to provide a comprehensive level of technical support. Our in-house Applications Engineers provide free design services to help customers early in the design cycle, providing solutions to save them time, money and frustration. Contact Symmetry for more information.

Browse

See all tags

Subscribe

Stay up to date with industry and supplier news!