Home Internet of Things (IoT) Gartner: IoT Security – Endpoint Hardware Key Storage

Gartner: IoT Security – Endpoint Hardware Key Storage

0
Gartner: IoT Security – Endpoint Hardware Key Storage
0

While cryptographic algorithms fail from time to time as computational tools advance or analytical breakthroughs occur, failures of this nature are rare events. Key storage or management failures are the leading causes for cryptographic protection failure. Key storage failures are tightly related to the key bootstrap problem – how to securely store a key at rest on storage that attackers can gain access to  (i.e. Cold Boot Attack) or using the key in memory the attacker can snoop (i.e. Heartbleed).  The most dangerous key management event is the creation of the poor keys, usually this is related to entropy problems (i.e. OpenSSL Debacle) – essentially failing to have as much randomness as needed.This problems are exacerbated in the IoT security space as the attacker often has physical access to devices. In the case of mass produced devices, attackers may have access to enough units to be able to conduct destructive tests.

The gold standard for addressing key storage and management problems is to use a NIST (or other major standards authority) certified Hardware Security Module (HSM). The problem is that HSMs are expensive and their operation can be quite complex.

Microchip has very interesting option: ATECC608A

These are inexpensive I2C interface, 8 lead devices that cost under a dollar each volume one, and around 65 cents each in 10k volumes. What can get for a under a dollar per device:

  • FIPS compliant RNG and key generation
  • Hardware based key protection
  • Secure (encrypted) on chip key (ECC, AES, SHA HMAC) and data storage
  • Guaranteed Unique 72-bit Serial Number
  • Boot validation, LoRa node authentication

Read the entire article here, IoT Security | Endpoint Hardware Key Storage

Via the fine folks at Gartner.

Categories:
Gartner Gartner, Inc. (NYSE: IT) is the world's leading information technology research and advisory company. The company delivers the technology-related insight necessary for its clients to make the right decisions, every day. From CIOs and senior IT leaders in corporations and government agencies, to business leaders in high-tech and telecom enterprises and professional services firms, to technology investors, Gartner is the valuable partner to clients in approximately 10,000 distinct enterprises worldwide. Through the resources of Gartner Research, Gartner Executive Programs, Gartner Consulting and Gartner Events, Gartner works with every client to research, analyze and interpret the business of IT within the context of their individual role. Founded in 1979, Gartner is headquartered in Stamford, Connecticut, USA, and has 8,300 associates, including more than 1,800 research analysts and consultants, and clients in more than 90 countries. For more information, visit www.gartner.com.

Featured Resources:

Related Articles:

| LATEST FEATURED RESOURCES

White Papers

    Application Lifecycle Management with Stratusphere UX – White Paper

    Enterprises today are faced with many challenges, and among those at the top of the list is the struggle surrounding the design, deployment, management and operations that support desktop applications. The demand for applications is increasing at an exponential rate, and organizations are being forced to consider platforms beyond physical, virtual and cloud-based environments. Users […]

    Downloads

      Download Commvault VM Backup and Recovery: end-to-end VM backup, recovery and cloud management

      Commvault’s ability to provide end-to-end VM backup, recovery and cloud management creates a significantly better way to build, protect and optimize VMs throughout their lifecycle. Our best-in-class software for VM backup, recovery and cloud management delivers a number of significant benefits, including: VM recovery with live recovery options; backup to and in the cloud; custom-fit […]

      On-Demand Webinars

        What’s Going on in EUC Printing – A Technical Deep Dive!

        The IGEL Community and ThinPrint invite you to watch the following technical deep dive webinar. The agenda is to technically bring you up to speed on what’s going on in the EUC Printing space today along with a deep dive into new methods, technologies, printing scenarios and a discussion on why printing still matters. You […]

        Latest Videos

          Views All IT News on DABCC.com
          Views All IT Videos on DABCC.com
          Win big $$, visit ITBaller.com for more info!

          Visit Our Sponsors

          Close