Securing the Internet of Things
Once a device has been correctly instantiated we can then periodically HASH the device memory to provide levels of confidence that the device is operating within tolerance.
Unfortunately things change. We are all human, and as such errata are a real world component of every system we create.
The IoT is no different from this, and as such we should always design IoT devices in such a way as to enable remote updates of software, to ensure the next Heartbleed bug doesn’t require us to throw away devices or leave applications at risk of compromise within our homes and industry.
The challenge with remote updates is that these mechanisms instantly become the honeypot for aggressive attacks, as these enable the injection of new code into devices. Again these issues are well known in many industries and we have to leverage this knowledge across to ensure that all updates are aggressively protected using cryptographic identifiers linked to the specific keys, signatures or certificates within the devices.
The fundamentals of security for the IoT are not new, however we must be far more aggressive in applying the best practices developed in the automotive, industrial, and mobile applications to the nascent IoT domain. The IoT Security Foundation, in partnership with many leading companies is leading the charge in supporting best practice and creating a Secure Internet of Things.