Many believe that securing the Internet of Things (IoT) boils down to properly using a few basic ingredients: cryptographic protocols (such as signature and encryption), secure elements, etc. However this is just a small part of the whole security story.
With the IoT, the part of the devices that need to be trusted, e.g. the Trusted Computing Base (TCB) involved in connected architectures becomes extremely wide. Devices to secure are indeed more diverse than ‘just’ mobile phones. Devices now include larger number of various peripherals that have to be secured. Devices also include complex and large software stacks, with rich OSs and kernels, some of which are essential to security. The IoT is thus taking the need for security into a new era where sub-systems and peripherals that need to be secured are complex and have a very large attack surface.
In addition, IoT use cases create new situations where assets that need to be protected are not just virtual, but also physical: goods, infrastructures, lives, etc. The effects of large-scale attacks are no longer limited to tampering with crucial data or creating improper transactions (issues which can usually be avoided or traced back with proper risk management processes), but could also potentially include irremediable physical destruction. The prospects and business model for hackers become much more attractive. In many cases the risk for services and industries may become incommensurate.
At Prove & Run, we have industry-recognized experts backed up by years of experience in the digital security market, with world-class expertise in security and architecture, operating systems, formal methods and security certification. We offer:
- Professional Services to help our customers secure new or existing IoT architectures. Our services include security analysis and development of security applications (secure boot, firmware update, firewall, authentication, secure storage, etc).
- Engineering Services to develop secure custom firmwares, OS kernels, TEEs and hypervisors. Our services can include formal proof of the software correctness and support to certification.
For more details about how we can help you solve the security challenges of your projects, please contact moc.n1511347828urnev1511347828orp@s1511347828elas1511347828.Print