Stamping out IoT security bugs

One of the topics to emerge from the vastness of Mobile World Congress was Internet of Things (IoT) security and the challenges surrounding it as more and more devices come online. The complex traditional method ...

Stamping out IoT security bugs
Stamping out IoT security bugs

One of the topics to emerge from the vastness of Mobile World Congress was Internet of Things (IoT) security and the challenges surrounding it as more and more devices come online. The complex traditional method of providing security for devices isn't compatible with some new genres of connectivity and or the sheer volume expected.

Kyrio, a subsidiary of CableLabs, announced that it is the first certificate authority and a Microchip Security Design Partner. Together, Microchip and Kyrio will work to offer a solution that embeds digital certificates in the secure hardware of IoT devices in an integrated way with the manufacturing process flow. The goal is to eliminate the need for device manufacturers to be security experts.

"Our customers will benefit from the simplified IoT security life cycle that Kyrio provides by managing the certificates from production to deployment," said Nicolas Shieli, senior strategic marketing manager of Microchip's Secure Products group.

Kyrio hopes that the strong managed public key infrastructure (PKI) represents a move closer to standardization for the IoT industry.

"Kyrio's backend security infrastructure fits well with Microchip's secure chips that can be used to put in device security," said Ronald Ih, Kyrio director of business development.

Microchip's offering will be a secure element that has cryptographic functions prebaked into the chip, which eliminates the need to implement code in the firmware.

"(You can do) strong digital certificate authentication in a small, low-cost device. If you tried to do it in firmware, it can be too slow and takes up too much space. A secure chip can do (it) quickly and stores the keys securely," Ih said.

Cloud service providers and network providers want to be able to know devices belong on the network. For example, a commercial lighting company might have a management system for 2,000-plus lights. They want to know everything that shows up on the network is a correct and authorized device, and not an interloper with a laptop in the parking lot, Ih said.

Kyrio also includes a testing arm and serves as a certification house for the Open Connectivity Foundation and works with the Wireless Broadband Alliance as well. It will, therefore, likely play a role once an IoT security specification is complete, whether it includes PKI or not.

Also from the wireless perspective, Kyrio has tools and scenarios to help provide customers with actionable intelligence in terms of performance using different traffic profiles, for example. Tying this to device security, the wireless connection has to be strong enough that devices in an ecosystem can talk with one another, said Wylie Nelson, Kyrio VP, wireless and testing services.

More in CPE