IoT Security: Hardware vs Software

617

The subject of technology often leads us to the alleys of future. It is a topic that people often indulge in debating. For some, technology and its future is like the lush meadows of Bern: inexplicably wonderful; and for others, it is like the sight of the Spitfire: aggressive, but not in a wonderful way.  But, regardless of which side of the pond you belong to, you cannot deny one thing: that the Internet of Things (IoT) is going to be a big thing in the coming decades. It will be a technology that will dictate the way we look at the word. In short, it will be the last word in disruptive technologies.

However, there is a little problem. You see, the IoT seems to be this wonderful network of connected devices. Devices that share important data within a given ecosystem. But, what if someone breaks into that network and steals your vital data? Connectivity is good. It brings the world closer, and makes a system efficient and productive. But, there are always bad fish in the pond.

As they say: “buyer beware.” This is all good, but total connectivity opens the opportunity for unintentional or malicious data corruption and contamination to occur. Cryptographic methods can be applied to resolve these vulnerabilities. A decision that system designers face is deciding between software-based or hardware-based security solutions. Both technologies combat unauthorized access or modification to data; however, their differing features bear further examination before making the final selection.

Software Based Security

Utilizing existing system resources, software security systems were the first to show up in the marketplace. These solutions are relatively inexpensive, as they share resources to protect and safeguard data with other programs in the system. An additional capability of a software-based implementation is the ability to revise and upgrade security as threats and vulnerabilities evolve.

A software security system places a load onto a host processor. Potentially, this could compromise the overall system efficiency. Beyond these concerns, the software approach is the weak link within systems-security architecture. Secrets remain vulnerable to discovery and the algorithms typically run on general-purpose non-secure hardware and are similarly an attack risk.

With all this said, cost-effective, software-based security can be effective in physically secure environments, preventing unauthorized access to the system.

Hardware Based Security

Hardware-based security uses a dedicated integrated circuit (IC), or a processor with specialized security hardware, specifically designed to provide cryptographic functions and protect against attacks. Security operations, such as encryption/decryption and authentication, take place at the IC hardware level where crypto algorithm performance is optimized. Additionally, sensitive information, such as keys and critical end-application parameters, are protected within the electrical boundary of crypto-hardware.

The security IC contains circuit blocks such as a math accelerator, random number generator, non-volatile memory, tamper detection, and a physically unclonable function (PUF).  The PUF block is particularly interesting in that it has a unique characteristic of being immune to invasive or reverse-engineering attempts to extract sensitive data such as a cryptographic key. The Maxim DS28E38 is an example of a security IC that integrates PUF, both to generate keys and to protect against invasive security attacks.

It is incredibly difficult and expensive to alter silicon; therefore, cybercriminals are deterred from attacks on hardware-based security. Further, when attacked, the security IC is capable of shutting down operations and destroying sensitive data before being compromised. Such a solution may be a little more expensive, but it provides a dramatic reduction in the risk of unauthorized access to embedded devices, peripherals, and systems.

Hardware-based security is very effective in all application environments, especially those where the end equipment is exposed and physically accessible to the bad guys.

Embrace Yourselves

You see, security is an important and equally complex subject. But somehow, when people talk of the IoT, they unexpectedly miss out on the concern of safety and security. IoT is still at its nascent stage. So, people’s admiration of its potential is understandable. But, negligence has already cost the world a lot. And if the issue of security and safety is ignored in the IoT, it will have repercussions that we might not like. But like responsible journalists who care about safety in IoT, we’ll tell you that hardware is really the way to go. It makes for a more robust safety net around your connected devices. Take cars for example. You can have all the in-car luxury, but until the framework, the chassis, the hardware of your car is not up to the mark, it won’t be considered as a safe way of commuting. So, be responsible, and take safety in the way you commute and communicate, seriously.

LEAVE A REPLY