Today’s IoT is all around us—from smart cities to industries, homes and more. It is an everyday reality
and the number of connected devices is rising rapidly.
Connectivity Creates Significant Vulnerabilities
But the rapid increase of connected devices also may cause a weak spot: security. Connected devices are potential
targets for those seeking unauthorized access to the network and to the device cloud, malicious control of the
device or theft of IoT-collected data. As there are so many ways to potentially cause damage in the IoT, the
connection of devices to each other and to clouds requires scalable and easy to use security solutions. For example,
integrators of industrial systems need to strongly authenticate the origin of devices before allowing them to
connect and interact with other components of an infrastructure, such as a factory automation system or a smart grid
What’s the Best Way to Implement Security?
The IoT device identity must be strong, meaning remain unique and tamper resistant; The software implementing its
functionality must be integrity protected. Because there are so many ways to potentially damage in the IoT,
connected devices need a comprehensive set of protections. Adding protection at the silicon level is one of the best
ways to arm a device with necessary defenses. Here’s why:
1. Silicon is the heart of the device and therefore a strong foundation on which to build. The protection of
device identities in IoT requires specific hardware support in order to isolate them from the multiple software
layers. These layers keep changing during multiple software updates to prevent remote extraction or local leakage
independently from the device software, or counter un-authorized modifications by a compromised software. Keys used
to verify software executed on an IoT device must be securely provisioned onto the hardware and integrity-protected,
independently from the software it is supposed to verify and loaded at different stages of the device lifecycle, at
manufacturing or over-the-air in the field.
2. Silicon is trustworthy as it’s highly stable and resistant to change. The starting point for
this hierarchy of security, that is, the base that supports the layers of abstraction, is known as the root of
trust. The root of trust is something that is inherently trustworthy. The right root of trust creates a firm
foundation for security. While lines of code, data stored in memories, operating systems and user interfaces are
relatively easy to alter or damage, physically isolated programs and data in silicon or programs and data kept safe
in immutable silicon are highly stable and resistant to change.
3. Third party evaluations certify implementations for compliance with security claims.
Effective security solutions are the result of a strict development process with clearly defined design
rules, multiple iterations of careful review and full control over the many sub-components. Developing security
requires system-level thinking, so as to identify a more comprehensive risk profile and benefits from multi-layer
mitigation strategies and validation procedures to strengthen the defense. What’s more, as consumers and
service providers seek greater assurance that IoT products are adequately protected, it becomes increasingly
important to have third-party evaluations that certify implementations for compliance with security claims.
NXP’s Security Solution
At NXP, we believe strong security doesn’t have to be hard to work with. We’re taking a fresh look at
the IoT security and create new ways for developers. Our silicon-based security solutions are designed to provide a
safe, self-contained environment for staging and executing the authentication tasks that are essential to safe
operation in the IoT.
Our ‘Plug & Trust’ approach for the A71CH Secure Element has proven successful by simplifying the
implementation of strong security mechanisms in today’s IoT devices. With NXP’s upcoming SE050 product family of
‘Plug & Trust’ devices, we offer enhanced CC EAL 6+ based security for unprecedented protection
against the latest attack scenarios. This ready-to-use secure element for IoT devices provides a root of trust at
the IC level and delivers real end-to-end security, from sensor to cloud, without the need to write security code.
Additionally, the turnkey solution includes a complete product support package that simplifies design-in and reduces
time to market.
To learn more about NXP’s innovative solutions for IoT security, visit our ‘Secure the Edge’ webpage. And
don’t miss to join us at this week’s Embedded World (booth #4A-220) in Nuremberg to experience our
latest security solutions to protect the IoT.