Securing Smart Devices from Hackers and Cyber Criminals

Abdul Khadar Jeelani, Senior Software Engineer, & Jijo Thomas, Senior Software Engineer, Infineon Technologies India

With the advancements in computing and connectivity, electronic devices can be connected to other devices or networks to operate interactively and autonomously in different environments to leverage expanding opportunities. These are smart devices with microcontrollers and embedded software that can operate on personal or business critical information which poses privacy and security risks to consumers.

Smart devices play a crucial role in the systems used by today’s connected world. Hence, these are the target of adversaries to carry out malicious operations. The attackers who exploit the smart devices could be amateurs, ethical hackers or criminal organizations. Security risks in mobility and health care systems can be detrimental to business and life. So securing these devices becomes of utmost importance now.

In order to realise the required security, cryptography provides various algorithms and protocols. They address the needs for authorized access, authenticity, confidentiality and integrity of crucial data and functionality of the system. Security algorithms based on obscurity are of one type whereas in the other type, security algorithms are openly available. Open security algorithms rely on secret information called keys, and the ability of the platform to protect the keys and any information involved in processing of the algorithm that can be used to deduce the keys.

The security of a system is as strong as the weakest link in a chain. So, the security measures shall include the entire system development phase with Root of Trust (RoT) spanning the entire solution. Software alone cannot provide RoT as it can easily be analysed, modified and copied. Hardware-based RoT at the system level allows balancing of the security requirements between software and hardware. In addition, hardware of the device must be tamper resistant so it does not allow access to the physical hardware components. It should also include cryptographic coprocessors for carrying out complicated computations of algorithms securely without compromising on performance.

Further, the level of security claims for each smart device and the security processes involved in its development are to be affirmed through certification process carried by competent bodies through rigorous verification at their accredited security labs.

Because of the proven trust, products from Infineon are deployed in systems that provide secure transactions in payment, mobility, telecommunications, computing and government ID sectors.

To conclude, vulnerability in any component of the smart device– hardware, firmware, and operating system can compromise the trustworthiness of security mechanisms on which critical applications rely. So, these components must include security mechanisms right from the conceptualization stage and must be certified by third-party security evaluation laboratories to serve as RoT for connected world applications.