A group of tech firms have joined forces to develop a management protocol for IoT devices that could pave the way to an open, interoperable standard to address security and privacy risks
They have been working with Sprint, Beanpod, Sequitur Labs, Thundersoft, Trustkernel and Verimatrix to assess the security challenges of connecting billions of devices across multiple sectors, including healthcare, manufacturing and transport.
The cross-industry initiative is in response to growing concerns that billions of connected devices are at risk unless security and privacy sensitive data can be managed to an acceptable level.
Tech industry attention to security has been increasing, amid growing concerns by security and privacy professionals and a prediction that failure to get security right could stall the whole IoT market, according to the IoT Security Foundation.
The tech firms have concluded that any IoT system can be compromised unless a system-level root of trust is established through a combination of code signing, encryption and authentication.
The resulting Open Trust Protocol (OTrP) combines a secure architecture with trusted code management, using technologies proven in large-scale banking and sensitive data applications on mass-market devices such as smartphones and tablets.
The protocol set out standard practices for installing, updating and deleting applications, and to manage security configuration in a trusted execution environment (TEE).
“In an internet-connected world, it is imperative to establish trust between all devices and service providers,” said ARM security systems vice-president Marc Canel.
“Operators need to trust devices their systems interact with and OTrP achieves this in a simple way. It brings e-commerce trust architectures together with a high-level protocol that can be easily integrated with any existing platform,” he added.
Symantec estimates that one million internet attacks were carried out every day during 2015. IoT expands the attack surface and according to analyst firm Gartner, security is now the top priority when building any connected product.
The research firm has said organisations are likely to continue to underinvest in IoT security, despite the company’s predictions that more than a quarter of cyber attacks will involve IoT systems by 2020, when Gartner expects the number of connected IoT devices to have risen to around 26 billion worldwide.
OTrP is a high-level management protocol that works with security solutions such as ARM’s TrustZone–based trusted execution environments that are designed to protect mobile computing devices from malicious attack.
For Full Story, Please click here.