This blog is authored by Phil Attfield, founder and CEO of Sequitur Labs as part of our In Conversation With… series.
We’re currently seeing a huge wave of new IoT devices, new technologies and capabilities emerging faster than we’ve ever seen before. As more devices are connected, however, it is critical that we build them on a foundation of trust that we can rely on – because attacks do happen. Compromised device security can affect your brand, your customer’s confidence and ultimately your bottom line through lost revenue and lost intellectual property (IP).
We find that our device OEM customers are inherently concerned with security, but have several key priorities. They’re looking to offer high quality products, new features providing a competitive edge, products that are built to last, a seamless user experience while protecting their customer’s data. While security isn’t a product feature, it is a fundamental part of the foundation of a connected product, contributing to the quality, the longevity, the user experience and, arguably the most important, the protection of customer data.
Security isn’t simple though, and it comes with several challenges. IoT developers must ensure their products are protected from a wide array of attacks (supporting secure and known firmware, encryption, and protection of critical intellectual property), ensure manufacturing security processes support secure software provisioning and device delivery, and ensure security throughout the lifecycle with features such as device monitoring, management and updates. This is a big challenge in itself, requiring investment and technical skills.
We can see that the developer role has evolved, with pressures of innovation, time-to-market, competitive pricing and lowered risks. We cannot place the whole responsibility on device manufacturers, and it’s clear that the ecosystem needs to play a role to support chip-to-cloud security. As more software-driven devices and services emerge, a holistic software security solution is required.
The Role System Software Providers Play in IoT Security
If we take an example of one of our customers, building an intruder alarm, we know that this product needs to perform a critical task – protecting a property and sounding an alarm when detecting an intruder. A traditional intruder alarm will monitor the home, sense movement and trigger an alarm. When you make that alarm ‘smart’ new features are enabled; controlling the device using a mobile app, providing multiple tiers of monitoring, integration with other smart home products and more. Despite these additional features, the device continues to perform a core critical task, users need to trust their device to perform accurately and therefore the security of that device is paramount.
For the IoT device developer, a robust set of complex security capabilities must be built into the device protecting against common hacks. The counter-measures include key and certificate management, secure over-the-air firmware updates and secure data storage. Ultimately, the developers building this product cannot allow the data to be compromised.
Simplifying Device Development with PSA Certified Sequitur EmSPARK™ Security Suite
This is where our Sequitur EmSPARK™ Security Suite can help. With this chip-to-cloud software security solution, device manufacturers can reduce risk and time-to-market by enabling the complete array of security functions supported by Arm-based silicon. The security suite addresses the key security elements of the IoT device lifecycle in a pre-packaged solution. IoT device developers can easily integrate EmSPARK™ with their device applications to support multiple security features including:
- Cryptography, key & certificate management, secure data storage and chip-to-cloud integration using a secure enclave and a suite of trusted applications
- Data and application management to ensure sensitive IP and data is only stored and executed in the secure area
- Threat detection by the silicon to enable secure reporting and auditing
Our EmSPARK™ Security Suite supports microprocessors from multiple PSA Certified partners. IoT device developers can therefore leverage silicon security using our APIs, abstracting the complexities of SoC security onto a platform that is common across a wide range of processors.
With the PSA Certified Level 1 validation, we are able to demonstrate our ongoing commitment to security and enable the ecosystem – from chip, to device OEM’s, to cloud service providers – to ensure that a critical set of security principles have been implemented into the system software that their devices and services rely upon.
We Need a Fundamental New Approach to Security
As a huge wave of new devices come online, there is a need for a fundamental new approach to security. Certifications like PSA Certified will become critical. Device manufacturers can use certified silicon and software solutions such as the EmSPARK™ Security Suite and supported microprocessors to meet baseline security principles and certify their own products while also aligning to standards and guidelines from government and standards bodies (such as NIST and ETSI) and cloud vendors. Sequitur Labs is uniquely positioned to help solve the IoT security issues, encouraging the use of an ecosystem built on a common foundation of security, speaking the same language and enabling high-performance IoT devices to be built on trust.
Security no longer has to be a barrier for IoT device developers.