An Embedded Perspective - dataio.com Perspective - From Design to Life...interference can affect the...
-
Upload
vuongxuyen -
Category
Documents
-
view
215 -
download
1
Transcript of An Embedded Perspective - dataio.com Perspective - From Design to Life...interference can affect the...
www.abiresearch.com
IoT SECURITYFROM DESIGN TO LIFE CYCLE MANAGEMENTAn Embedded Perspective
Sponsored by
A Changing Threat LandscapeThe expansion of the Internet of Things (IoT) is ushering in a new era of ubiquitous connectivity that
reaches far beyond the current digital setting. PCs and smartphones are the core endpoints underpinning
information and communication technologies (ICT), but the landscape is rapidly changing. Today, they
represent only half of the 32 billion connected devices globally.
By 2022, an estimated 70% of the 57 billion connected devices will be of the IoT variety. Their applications
are as broad as they are varied, and already permeate all aspects of modern societies, from personal to
corporate, and healthcare to industrial, among many others.
The success of the IoT will largely depend on the ability to trust the applications delivered, both in hardware
and in software. The growing popularity of any platform will attract the interest of threat actors keen to
exploit vulnerabilities for profit and gain. Weaknesses can and will be leveraged to disrupt IoT systems and
coopt devices as malicious attack tools, predictably mirroring commonplace events plaguing ICTs. Stuxnet,
Mirai, and WannaCry are all disconcerting examples of successful cyberattacks that have impacted the IoT.
Security sits at the core of enabling trust, but it is regrettably not an integral part of the IoT growth discussion.
Often times, security is rendered later, and not always successfully. Yet, trust must start with the device,
2IOT SECURITY: FROM DESIGN TO LIFE CYCLE MANAGEMENTwww.abiresearch.com
in the hardware itself, if it is to be effective. Inherently, this starting point is with a Root of Trust (RoT), a
security primitive capable of performing services such as authentication and attestation, by providing a
trusted computing base that holds private keys, product certificates, and secure boot functionality.
Chart 1: IoT: Hardware Security vs Devices, World Markets, Forecast: 2017 to 2022 Source: ABI Research
Currently, few IoT original equipment manufacturers
(OEMs) make use of RoT-based hardware when
developing their products, with embedded security
shipments representing less than 4% of new IoT devices
available on the market today. However, such attitudes
are set to change going forward as the ecosystem
increasingly understands the need for trusted
hardware. By 2022, secure IoT embedded security
shipments will represent almost 20% of new IoT devices
(see Chart 1).
Significantly, a vulnerable IoT landscape has implications beyond digital degradation. As the IoT connects
operational technologies, cyber-physical systems, and other control processes to the digital realm, the
impact of a cyberattack can adversely affect the physical world.
In the last few years, numerous proofs-of-concept by security researchers have shown that digital
interference can affect the proper functioning of IoT devices: remotely disabling brakes in a connected
car or hacking drug infusion pumps to release fatal doses. Unsurprisingly, the U.S. government has
included cyberthreats targeting critical infrastructure in black sky scenarios. And beyond such
critical safety events, a vulnerable IoT ecosystem has massive data protection, privacy, and confidentiality
implications for all users.
More commonplace, however, and perhaps more dangerous, is the issue of intellectual property (IP)
theft and pirate manufacture. The cloning of electronic devices is widespread and especially problematic
in supply chain manufacturing. Reverse engineering off-the-shelf devices can allow cloning of printed
circuit boards and microchips, but the more recent problem stems from the growth of contract
manufacturing performing device provisioning services on behalf of OEMs.
The increased numbers of external parties in the manufacturing process has been an unfortunate
enabler for IP theft and cloning, as designs are more easily leaked or stolen. As the OEM must hand
over public and private information related to hardware to the contractor, it opens up threat vectors for
unauthorized interception.
The danger lies in these designs then being used to create ersatz devices that serve critical and
functional safety applications, such as engine management or voltage sensing. Often, they do not go
through proper Q&A testing or auditing processes, and are inherently more prone to faults and failures.
The obvious consequences are life-threatening at worst, but at the least, could land an OEM with liability
and warranty issues.
-
1
2
3
4
5
6
7
8
2017 2018 2019 2020 2021 2022
Billio
ns
IoT Embedded Security Shipments
New IoT Connected Devices
This product was downloaded by [email protected] on Feb. 23, 2018
3IOT SECURITY: FROM DESIGN TO LIFE CYCLE MANAGEMENTwww.abiresearch.com
Why the Lack of Comprehensive Security?Despite the obvious critical nature of these threats, there is a comprehensive lack of security in
many IoT product developments and subsequent deployments. IoT players are simply not prioritizing
cybersecurity in either manufacturing or implementation. Initially, this was due to low awareness and
limited understanding of the risks involved, particularly in operational technologies, little, if any, in-house
security expertise, and the lack of reference architectures and standards for IoT security technologies.
Nonetheless, this is changing with the growing media visibility of IoT cyberattacks, and the increasing
costs related to both IP theft and device failures.
Despite better knowledge of risks, cost and time-to-market considerations often supersede security
concerns, especially when such risks are difficult to quantify accurately. Belief that air-gapped systems
or proprietary platforms are secure also leads to a distorted understanding of risks. And even
where there is awareness, the problem shifts to the lack of ease of use and simplicity in deploying
available cybersecurity solutions. This is where a growing body of standards and specifications or even
reference architectures and guidelines is helping to address the issue, although many of these efforts
are still fairly nascent.
Further, the broad diversity of the IoT ecosystem and a host of interoperability and integration
issues means security is particularly difficult to implement. Existing cybersecurity solutions are not so
easily ported to the IoT; they need to be adapted to the many new form factors and use cases that are
emerging in the space. This is in stark contrast to traditional ICTs, where devices narrowly diverge in
terms of form factor, architecture, radio technology, and operating system.
A new approach is needed where the IoT products’ chain of trust (CoT) is understood and reviewed,
with corrective measures put in place in order to help prevent and mitigate breaches. This starts with
the design of the IoT product and the integrated circuits (ICs) that devices use, continues with the
secure programming of a RoT into the system, extends to how the device is manufactured, and persists
throughout the life of the product with secure software updates and active patch management.
IoT Products’ Chain of Trust (CoT) Source: ABI Research
Secure Designof IoT Product
Inclusion ofa Secure IC
Secure Programming& Provisioning of RoT
Secure DeviceManufacture
IoT Product LifeSecure Software Updates
Active Patch Management
This product was downloaded by [email protected] on Feb. 23, 2018
4IOT SECURITY: FROM DESIGN TO LIFE CYCLE MANAGEMENTwww.abiresearch.com
The current preference is to tackle IoT security from a software and network management perspective,
simply because these can be more easily adapted after product development. Adding security last, and
often post-market, is fairly consistent with the general, albeit eroded view that security is a stopgap.
While software and network security are essential elements, alone they do not confer comprehensive or
effective security.
The absentee in the ecosystem is hardware-based security. Often unfavorably considered in IoT
implementations, its value should not be underestimated. Secure hardware can enable better device
life cycle management, not only by addressing existing gaps in IoT security, especially regarding identity,
authentication, and access control, but also by opening up new added value opportunities for IoT
players, such as over-the-air (OTA) servicing and updating.
Most importantly though, securing the manufacturing and development process is paramount to
ensuring the integrity of the CoT. Anchoring trust in the hardware, and protecting the supply chain
does not need to be cost, time, or resource prohibitive. It is becoming increasingly affordable, even for
semiconductor distributors and smaller IoT OEMs in the space.
Secure Provisioning and ManufacturingIntroducing hardware security into an IoT device starts at the design phase. The architects should
be leveraging secure system designs, such as secure elements or secure MCUs, from silicon IP and
semiconductor manufacturers to develop secure devices.
These designs should include immutable secret data that can be embedded onto the device,
such as unique cryptographic keys and certificates, secure loaders (i.e., secure boot managers and
authenticators), and other secure identifiers. This secret data forms the RoT of a device and can then
be used for crypto-processors and accelerators, security engines, and controllers, among other security
logic that may be loaded later. In turn, this logic can serve any number of purposes, e.g., provision identity
or ownership, create digital signatures, encrypt/decrypt, authenticate, authorize, etc.
The secret data form the root authority of the device, which is the first element in the CoT. Each subse-
quent function and application created for the device is derived from that root.
Architects must also plan for the secure programming and provisioning of that secret data during the
manufacturing process. This involves the set-up and management of a key injection process, which is
executed in a secure environment and certified to comply with strict security requirements.
Secret DataForms the Root
authority of the device Subsequent function &application created for the device
1 2+
ApplicationFunction
This product was downloaded by [email protected] on Feb. 23, 2018
5IOT SECURITY: FROM DESIGN TO LIFE CYCLE MANAGEMENTwww.abiresearch.com
The issue with threat vectors in contract manufacturing can be solved by wrapping the secret data
together with other public information (e.g., production counts and how software updates can be
enabled later) at the OEM site, before it is sent to the contractor’s programming center. The wrapped
data are tied to a specific provisioning system (such as a secure, tamper-resistant hardware security
module) at the programming center where the data can be securely unwrapped and injected into the
secure element or secure MCU.
Mutual authentication mechanisms (e.g., a PKI) are used at both the OEM and the contractor sites,
first to create the secret data, then to wrap them, and finally to securely transmit the information to the
contractor. The contract manufacturer can then securely provision devices, uniquely binding the secret
and public data to each device based on the information determined by the OEM.
For resource-intensive hardware (e.g., secure MCUs), this can include a secure mastering process for
loading software application images (e.g., the OS and other applications) into a secure boot manager, for
example, and other product information for the system. A secure manufacturing appliance integrated in
the programmer itself can provide this loading function.
Once the memory is programmed securely (either in one-time-programmable, embedded flash, or
other) with all the secret data, and securely provisioned within the device, it is then logically and physically
locked to ensure tamper resistance.
Properly provisioned devices provide IoT OEMs tighter control over downstream manufacturing
and can serve to prevent overbuilding, limiting piracy and cloning of unauthorized ICs and
devices further down the supply chain. For a hardware base to be truly secure, it must go through
this “zero trust” development process. From design and provisioning to manufacturing and
production, all of these steps need to take place in a secure, controlled environment.
While this process has traditionally been performed by semiconductor suppliers for large customers,
semiconductor distributors are also investing in secure programming and provisioning services that pro-
vide the same level of security and support for the broader market.
Development tools, especially for secure MCUs, are an important aspect of secure development
and deployment, and need to continue to evolve to support better security. Moving away from just
supporting advanced cryptographic libraries, the development tools must now focus on leveraging the
security world inside devices, ensuring that certificates and keys are developed and operated on, and
providing secure patches that can target specified devices.
This product was downloaded by [email protected] on Feb. 23, 2018
6IOT SECURITY: FROM DESIGN TO LIFE CYCLE MANAGEMENTwww.abiresearch.com
Secure Elements Evolution: Smart Cards and Mobile Pave the WayThe widespread adoption of tamper-resistant hardware, such as secure elements and secure
MCUs, has been a critical driver for the advancement of secure, low-cost, and power-constrained
technology in smart card markets. In particular, secure IC usage has driven global standards for smart
card applications in numerous sectors, from payment and banking (ticketing, credit cards) and telephony
(SIM cards), to various types of identity services (healthcare, government).
Advances in the smart card technology facilitated the development of authentication ICs, which
emerged as a promising hardware-based security technology for the IoT to ensure secure authentication
of devices to networks, identity, and access control applications. While both are considered secure
elements, the difference in a smart card is that the secure IC can be soldered onto a printed circuit
board and embedded within other components, devices, or equipment. This portability, added to
connectivity capability and the small form factor, make it a valuable technology for securing low-cost
connected things.
Chart 2: Shipments of Authentication IC, World Markets, Forecast: 2018 to 2022 Source: ABI Research
The use of authentication ICs has proven to
be well-adapted for IP and brand protection over
the last decade. In 2017, more than 1 billion
authentication ICs shipped globally, with a 50%
growth rate expected by 2022, and almost 400
million of those will be leveraged in IoT applications
(see Chart 2). The most popular use cases for
the technology include enterprise printer
cartridges, smart card readers, mobile TV, USB
secure tokens, and standalone secure one-time-
programmable generators.
The mobile platform naturally developed its own set of new technologies, including trusted execution
environments (TEE) and NFC embedded secure elements. These form factors are adapted to take
advantage of the greater computing and power resources available through smartphones.
As the smart mobile platform evolved to include tablets and wearables, it increasingly converged
with computing platforms and M2M/IoT applications, adapting and leveraging technologies such as the
trusted platform module (TPM 2.0) and embedded SIM (eSIM) where appropriate.
0
50
100
150
200
250
300
350
400
450
2018 2019 2020 2021 2022
Milli
ons
Other
Utilities and Industrial
Smart Cities and Buildings
Wearables
Smart Homes
This product was downloaded by [email protected] on Feb. 23, 2018
7IOT SECURITY: FROM DESIGN TO LIFE CYCLE MANAGEMENTwww.abiresearch.com
This industry convergence has been a hotbed of innovation for the secure hardware market,
with continuously improved feature-sets particularly well-suited for embedded and resource-
constrained IoT devices. Secure elements are currently the foundation for the successful
realization of any markets revolving around authentication, access control, and identity, which are
the precursors to deploying other security technologies, from software to network. While they are
the mainstay of this domain today, the continued expansion of IoT platforms will also drive the
evolution of secure elements to include more complex and feature-rich functionalities.
Embedding security into an increasingly greater variety of IoT hardware is already well underway.
The next step is expanding the functionality of secure elements to address new and growing demands
in the broader embedded IoT landscape, including industrial, automotive, and smart spaces. The goal
is to enable new applications beyond those maturing in the smart card space, such as enabling secure
industrial communications, motor control, wireless connectivity (e.g., BLE, LP/LR-WANs), precision
measurement applications, and power conversion applications, among many others.
Most of the hardware platforms for embedded systems are currently based on low-cost MCUs, with
processors typically ranging from 8-bit to 64-bit. However, price points for 32-bit MCUs have dropped
drastically over the past few years, driving greater adoption in newer devices. In addition, advances in
microelectronics have created sophisticated system-on-chip solutions, resulting in MCUs with diverse
functionalities in a single package.
Increasingly, security is becoming a part of that feature set, and an emerging market for secure MCUs for
the IoT is gaining ground rapidly. Defined as a type of authentication IC, a secure MCU has fuller process-
ing capabilities and the possibility of programming the software to perform a variety of tasks, such as
provisioning for a hardware-based RoT. This is comparatively different from a simpler IC, which reads
data from input and performs actions based on instructions written in the memory, generally performing
that one task.
At its core, a secure MCU is essentially a microcontroller with
tamper-resistant aspects using either a dedicated security
hardened central processing unit (CPU), or a hardened
embedded security domain and normal CPU. These then
leverage various encryption engines, accelerators, and
libraries, Random Number Generators, and secure
non-volatile (NV) storage. Critically, a secure MCU
must include the ability to securely host an immutable
key pair embedded in the non-volatile storage
and authenticate it.
MCU with embedded security domain
or security hardened CPU
Tamper-proof non-volatile memory for secure key storage
SECURE MCU
Systems, memories, clocks, timers
Encryption engines
& libraries
RNGs, CRCs, crypto
accelerators
Connectivity & communication
This product was downloaded by [email protected] on Feb. 23, 2018
8IOT SECURITY: FROM DESIGN TO LIFE CYCLE MANAGEMENTwww.abiresearch.com
Functionalities of a secure MCU should allow for secure boot, secure communication and data
protection. Broadly speaking, this class of MCUs is a less resource-intensive, or discrete version of a
TEE, designed specifically for IoT devices (and often for those using the Arm Cortex-M family of
processor cores).
Secure MCUs are most efficient in implementations requiring a strong security infrastructure.
Often, the secure MCU is tied to a device life cycle management platform and supported by the
manufacturer with associated software tools (including drivers, application programming interfaces, and
middleware) that enable remote management, updates, and patching (notably via OTA).
New Market Dynamics Driving Secure DemandThe broadening market offering secure elements provides greater choice for implementers, and their
decision to go with an authentication IC or a secure MCU, or other technology, will be entirely dependent
on the use cases planned for the IoT product. Considerations such as risk appetite, cost, time-to-market,
and post-market service provisioning will weigh in as well.
Currently, authentication ICs are well entrenched in the digital home and PC-connected devices market,
dominated by the enterprise printer cartridge market and consumer accessories for anti-counterfeiting
and brand protection purposes. More than 99% of authentication ICs shipped are targeted at those mar-
kets. More recently, however, there has been interest in leveraging authentication ICs in smart spaces
(homes, cities, buildings, etc.), most notably around smart home appliances, smart home gateways, and
other industrial use cases, such as programmable logic controllers.
Chart 3: Shipments of Secure MCUs, World Markets, Forecast: 2018 to 2022 Source: ABI Research
While the secure MCU market is still fairly nascent,
traction is initially emerging in the industrial and
utilities sector. Global shipments of secure MCUs
are projected to hit almost 20 million this year,
but their growth rate over the next 5 years is
expected to be highly dynamic, with more
than 367 million shipments forecast for 2022.
Demand is highest in the utilities and industrial
sectors, but uptake in wearable, smart home,
building, and city applications is anticipated to
follow closely behind.
The driver behind secure MCU growth revolves around the increased interest to bundle multiple
applications and services in IoT devices. Sectors that are being digitally transformed and increasingly
connected are having to face significant structural changes, impacting functions that have traditionally
been performed in a closed and siloed manner.
0
50
100
150
200
250
300
350
400
2018 2019 2020 2021 2022
Milli
ons
Utilities and Industrial
Smart Cities and Buildings
Wearables
Smart Homes
This product was downloaded by [email protected] on Feb. 23, 2018
9IOT SECURITY: FROM DESIGN TO LIFE CYCLE MANAGEMENTwww.abiresearch.com
For example, the two-way communication infrastructure being implemented in energy grids is
enabling smart power management, from generation to distribution. Operators are looking at how they
can leverage not only commercial off-the-shelf ICTs, but also new sensing technologies, automation,
machine learning, and analytics to render the grid more efficient. Opening previously closed systems to
connected networks and the Internet increases vulnerabilities.
Security requirements need to go beyond simply incorporating authentication, access control, and
identification mechanisms. From substations to smart meters, additional security capabilities will
have to include real-time endpoint protection, intrusion detection, incident response, and other threat
management features, applied to both information and operational technologies. This transformation
will require the new generation of industrial appliances to include some form of security at the hardware
level in order to enable expanded security functions.
In a similar manner, manufacturers of consumer IoT devices, such as connected white goods
(refrigerators, washing machines) and home security (cameras and smart door locks), are already
envisioning how to link their connectivity to new and existing applications, such as social, payment,
retail, fitness, servicing, etc. Consumer appliances provide an opportunity to tie in numerous third-party
applications and connect to other devices owned by the user, harvesting and exchanging data, and
creating additional value from that information. A secure hardware base in all of these devices minimizes
potential threat vectors that could usurp the intended functionalities, siphon personal data, or degrade
the various appliances.
IoT implementations, whether in a business or in a consumer space, involve numerous third parties.
Gone are the days when appliances are simply sold and operate in a silo. Connectivity, the ability to
serve multiple applications, and broad and varying use cases are all factors that are expanding the
opportunities for post-market servicing and third-party integration.
Life cycle device management offers manufacturers the ability to continue providing value, long after
a device has been sold and even re-sold. Critically though, that management service only has value
if it can be tied securely back to the device, and the onboarding of a device into an IoT application is
securely controlled. Secure hardware (such as secure elements and secure MCUs) are at the forefront of
providing this trust.
Life Cycle Device Management
Secure design & development
Secure programming& manufacture
Secure deployment& monitoring
Secure servicing& updating
This product was downloaded by [email protected] on Feb. 23, 2018
10IOT SECURITY: FROM DESIGN TO LIFE CYCLE MANAGEMENTwww.abiresearch.com
Without this process, any future service provisioning for the device post-market is vulnerable. The
increased recognition that the IoT opportunity cannot be realized without trust is a significant driver
for market adoption. This realization is also being pushed by standards development, and policy and
regulatory efforts to address these emerging security gaps.
Standards, Policy, and RegulationStandards and frameworks play a significant role in enabling trust. Security standards, specifically, can
provide a foundation for building robust and trusted IoT devices, both from a digital and a physical
security perspective. Secure design and later integration can be more robustly delivered through the
consistent application of standards, specifications, and reference architectures.
The development of IoT security standards is not a clear-cut effort. Mature international standards
already exist around ICTs and mobile devices, as well as for securing critical-safety systems (with
many derived from IEC 61508, the functional safety of electrical/electronic/programmable electronic
safety-related systems). Most of the working groups behind those standards are actively discussing how
to incorporate digital security for the IoT into some of those standards, and debate is equally active
around applying them for various sectors, including automotive, avionics, healthcare, transportation,
and industrial.
In the interim, a few standardization bodies have put out best practices and guidelines, notably the
U.S. National Institute of Standards and Technology (NIST), ISA ETSI, IETF, IEC, ISO, GSMA, IEEE,
GlobalPlatform, and TCG, among many others. Of notable interest are the efforts of the NIST, which has
put in place a Cybersecurity for IoT Program and makes available a number of publications to the general
public, including a few focusing on hardware security.
Similarly, the European Union Agency for Network and Information Security (ENISA) IoT SECurity
(IoTSEC) Experts Group has published quite a few best practice cybersecurity documents for smart
homes, airports, hospitals, transportation systems, and cities, and all stress the importance of hardware
security, alongside other technologies.
Newer IoT-focused organizations are also actively developing reference architectures, best practices,
and guidelines for developers. The Alliance for Internet of Things Innovation, the Industrial Internet
Consortium, Industrie 4.0, and Internet of Things Security Foundation are among the most prominent.
Still other groups are focusing on implementing projects based on open-source technology, such as the
Linux, Eclipse, and prpl foundations.
At the legislative level, the United States is still building on the 2013 Executive Order “Improving Critical
Infrastructure Cybersecurity” and the NIST’s subsequent Cybersecurity Framework, and is now working
toward an “Internet of Things Cybersecurity Improvement” bill. Various sectoral agencies (the FDA, HHS,
NERC, EPA, DOT, FEMA, TSA, etc.) are each focused on setting up security working groups, developing
policy and regulation that focus on implementing cybersecurity within their remits. Importantly, the NIST
is planning a specific Cybersecurity Framework Application to IoT in the coming year, which the agencies
will be able to adapt more specifically to their sectors.
This product was downloaded by [email protected] on Feb. 23, 2018
11IOT SECURITY: FROM DESIGN TO LIFE CYCLE MANAGEMENTwww.abiresearch.com
The EU is not far behind in trying to address cybersecurity for operational technologies, leveraging
the ENISA, EU sectoral agencies, and national authorities to tackle the issue as harmoniously as possible
between its member states. The EU updated its cybersecurity strategy in November 2017, reinforcing
the need to protect critical infrastructures, as well as future technology developments, and clearly stipu-
lating the need to secure the IoT and movements such as Industrie 4.0.
In November 2017, the EU recently proposed a “Cybersecurity Act” that will include common policy
or certification requirements for IoT devices. Secure hardware inclusion will likely be a significant
contributing factor to successful certification. The EU also aims to refresh existing directives as well.
Two legal instruments are set to come into force in the spring of 2018 that will tighten cybersecurity
regulation and catch IoT devices in their scope.
The first is the EU’s General Data Protection Regulation (GDPR), which replaces an earlier 1995 direc-
tive that has become outdated and suffers from a lack of harmonized implementation across member
states. The second is a directive on security of network and information systems (the NIS Directive)
targeting critical infrastructure operators primarily, with the goal of making them accountable for cyber-
security. Both will bring IoT security within their scope.
Clearly, IoT technology developments are going to be buffeted by increasing security imperatives,
whether from implementers, standardization bodies, or public sector agencies. The resulting demands
will be for comprehensive implementation, from secure hardware to secure service provisioning.
Adapting to Future DemandThere is little doubt that secure hardware will form the supporting foundation for
greater trust in the IoT. The varying and diverse use cases will require the
availability of different form factors, with secure elements that can offer
lightweight, single-task functions, as well as more resource-intensive,
multi-function secure MCUs capable of serving numerous different
applications. From the secure manufacture of device hardware,
to the authentication of a legitimate product, and to enabling
the secure OTA delivery of critical updates, there is a host of
choice in secure elements.
For silicon and semiconductor companies, the focus is
two-fold going forward. The first is to ensure that the design
of IoT hardware includes security, if only as options to be
activated later, even for the simplest application. Critically, this
includes secure manufacturing and secure programming of that
hardware to establish a CoT. If there is no security hardware for a
manufacturer to choose from, the inclusion of security in the finished
product will be limited and lacking. For low-cost and simple devices, such as sen-
sors and controllers, no secure hardware will mean no security at all.
Varying & Diverse Use CasesSecure Hardware
Lightweight | Single-task Functions
Resource Intensive | Multi-function
This product was downloaded by [email protected] on Feb. 23, 2018
12IOT SECURITY: FROM DESIGN TO LIFE CYCLE MANAGEMENTwww.abiresearch.com
The second is an effort to educate themselves and the rest of the supply chain. Hardware developers
have a pivotal role to play in instigating trust, but also in raising awareness. Security should
always be part of a discussion with customers and, at a minimum, it enables information sharing
and knowledge transfer to other vendors in the supply chain. Offering a choice of secure technologies,
with different solutions tailored to specific use cases, not only showcases awareness of risks, but also an
understanding of and adaptation to different risk appetites.
All along the supply chain, each player in line should be asking their predecessors what type of security
technologies are available to build upon and enabling subsequent parties to anchor future security
features (whether software or services) on their platform. Regardless of whether the final commer-
cialized product does not utilize all the security features available, the possibility remains to activate
and leverage them at a later date, simply because the design allows it. This is critical, especially if IoT
deployments are to operate efficiently for more than a few months or years in the field.
A securely programmed hardware-based trust is the starting point from which a comprehensively
secure IoT ecosystem can be built. It is not a barrier to efficient IoT implementation. On the contrary,
it is an enabler of productive IoT devices, flexible platforms and secure services, efficient post-market
management, and longer device life spans.
This product was downloaded by [email protected] on Feb. 23, 2018
Published February 22, 2018©2018 ABI Research
249 South StreetOyster Bay, New York 11771 USA
Tel: +1 516-624-2500www.abiresearch.com
About ABI Research
ABI Research provides strategic guidance for visionaries needing market foresight on the most compelling transformative technologies, which reshape workforces,
identify holes in a market, create new business models and drive new revenue streams. ABI’s own research visionaries take stances early on those technologies,
publishing groundbreaking studies often years ahead of other technology advisory firms. ABI analysts deliver their conclusions and recommendations in easily and
quickly absorbed formats to ensure proper context. Our analysts strategically guide visionaries to take action now and inspire their business to realize a bigger picture.
For more information about ABI Research’s forecasting, consulting and teardown services, visionaries can contact us at +1.516.624.2500 in the Americas, +44.203.326.0140
in Europe, +65.6592.0290 in Asia-Pacific or visit www.abiresearch.com.
© 2018 ABI Research. Used by permission. ABI Research is an independent producer of market analysis and insight and this ABI Research product is the result of
objective research by ABI Research staff at the time of data collection. The opinions of ABI Research or its analysts on any subject are continually revised based on the most
current data available. The information contained herein has been obtained from sources believed to be reliable. ABI Research disclaims all warranties, express or implied,
with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
www.abiresearch.comThis product was downloaded by [email protected] on Feb. 23, 2018