Here’s what we mean by secure information:
Information needs to be available when needed:
This is the most basic level of security. If the information regarding an intruder in your house gets sent to the police station the next day, that information loses its value. The assurance that the services and their underlying infrastructure can process, store and deliver the data when and where it’s needed is the first aspect of a secure system. In certain cases, redundant infrastructure needs is required to ensure this will happen.
Information needs to be confidential:
Hence, the owner of the information decides which authorized people, groups or organizations can access it. Safeguarding the information obtained by IoT services is critical, or those services will lose the users’ trust. Mechanisms must be put in place to ensure confidentiality of the information exchanged. This is a tough balancing act, as there are a whole host of IoT-related services designed to leverage data mining and generate push services. The “opt out” mechanism for such services would be subject to the governance of the IoT.
The integrity of data needs to be assured:
Assurance that the information is accurate, authentic, timely and complete is key. Unless the data can be trusted and relied upon, it cannot be used for its intended purposes, and the entire service paradigm around that data will break down.
The security of the system is as good as the last threat it was able to prevent, and, as soon as it gets broken, one needs to implement new ways of making it secure again. If the recent hacking of credit card and personal information from reputable outlets on the Internet is any indication of the challenges facing IoT services, the Internet security infrastructure available today is inadequate to manage IoT services.
In the summer of 2010, malware for the first time targeted electronic process control systems instead of the traditional targets of credit cards and personal information. The Stuxnet Trojan that attacked Siemens process control systems at nuclear plants demonstrated incredible levels of sophistication and showed the potential damage that could be done to undermine the security of the IoT.
There are different types (MCU, hybrid MCU/MPU, integrated MCUs, etc.) and layers of embedded processing at various nodes of the IoT, and for any device to be considered smart so it can be connected to the Internet, it must incorporate an embedded processor. Embedded processors are going to be pervasive in the IoT, and they’d better be extremely
Early in Kaivan’s career, working on cellular phone modems, he learned the hard way how easy it was to hack a phone during the boot-up process. MCUs are similarly vulnerable during their boot-up process, when software is executed from programmable memory using the code stored in the read-only memory (ROM) or non-volatile memory (NVM)/flash memory. During this process, expert hackers can break the routine and hack the system in a variety of ways. Many new technologies are rolling out to address the security issues related to passive attacks (e.g. glitching) and invasive attacks (e.g. UV attacks), but more is likely necessary.
The intent of the IoT is to put smart devices on a sort of universal neural net, controlling them remotely. Hence, each of these identifiable objects (billions of them) can introduce a threat to the overall system. With such potential for disaster, are there best practices engineers can learn to enhance the security of MCUs in an IoT system?
By now it should be clear that networks of the future will connect more objects, machines, and infrastructure, to a global neural network of cloud-based services, than they will be connecting people. A tsunami of data and services will affect the way we live, well beyond the changes networks and people experienced when the Internet itself first arrived and changed the way people communicated. At the heart of IoT are layers of embedded processing, from the most remote satellite sensing node, all the way to the core of the network. The diversity of services that are being planned for IoT means no one company can develop full solutions and supporting IoT-based innovations. Rather, IoT-based innovations will require a wide and rich ecosystem of partner companies working together to bring IoT-based services to the market. An open (non-proprietary) platform that allows all partners working together using same baseline technologies is the key to make IoT happen.
So when does the IoT become a reality?
The pervasiveness of embedded processing is already happening everywhere around us. At home, appliances as mundane as your basic toaster now come with an embedded MCU that not only sets the darkness of the piece of toast to your preference, but also adds functional safety to the device. Your refrigerator has started talking to you and keeping track of what you put in it. There are energy-aware HVAC systems that can now generate a report on the activity in your house and recommend ways to reduce your energy consumption. The electrification of vehicles has already started happening, and in just a few years from now, each car will contain infinitely more electronics than they did just five years ago. And the cars of the future will indeed be able to drive themselves. Similar changes are also happening in other aspects of our lives … in factories, transportation, school systems, stadiums and other public venues. Embedded processing is everywhere.
Connecting these smart devices (nodes) to the web has also started happening, although at a slower rate. The pieces of the technology puzzle are coming together to accommodate the Internet of Things sooner than most people expect. Just as the Internet phenomenon happened not so long ago and caught like wildfire, the Internet of Things will touch every aspect of our lives in less than a decade.
If you found this article to be interest, visit Microcontroller / MCU Designline
where – in addition to my Max's Cool Beans
blogs on all sorts of "stuff" – you will find the latest and greatest design, technology, product, and news articles with regard to all aspects of designing and using microcontrollers.
Also, you can obtain a highlights update delivered directly to your inbox by signing up for my weekly newsletter – just Click Here
to request this newsletter using the Manage Newsletters tab (if you aren't already a member you'll be asked to register, but it's free and painless so don't let that stop you [grin]).
Last but certainly not least, make sure you check out all of the discussions and other information resources at All Programmable Planet
. For example, in addition to blogs by yours truly, microcontroller expert Duane Benson is learning how to use FPGAs to augment (sometimes replace) the MCUs in his robot (and other) projects.