The most popular and comprehensive Open Source ECM platform
IoT Security: DICE Secures Devices with Limited Resources
IoT Security has a reputation for being bad or non-existent. Vendors have focused on creating the functionality for their internet-connected devices without deep consideration about security. But as the number of internet-capable devices have increased, IoT devices become easy targets for hackers and cyber-criminals. These include medical, wearable, and smart-home devices.
IoT devices are often tiny or designed to be extremely cheap with the absolute minimum of hardware. Security software designed to run on servers and PCs is too big and complicated to run on many IoT devices. Dennis Mattoon of Microsoft Research, said that “in just about every way you can measure the cost of a device, and an element of your IOT ecosystem, the TPM (Trusted Platform Module) will eat up those resources. Its just a big complicated thing.”
The problem is to secure IoT devices but to do it in a way the is resource efficient. The Trusted Computing Group has created a standard called DICE (Device Identifier Composition Engine) that specifically targets the security of IoT devices.
The Trusted Computing Group said that DICE “enables strong device identity, attestation of device firmware and security policy, and safe deployment and verification of software updates, which often are a source of malware and other attacks. The DICE Architecture, with its hardware root of trust for measurement, breaks up the boot process into layers, and creates unique secrets and a measure of integrity for each layer. This means if malware is present, the device is automatically re-keyed and secrets are protected.”
Mattoon said that “growth in the IoT and embedded space has brought with it a corresponding increase in the number of available attack vectors and vulnerabilities. We hear about high-profile breaches with alarming regularity and attacks are only increasing in their sophistication and relentlessness. That, coupled with this new reality of constraint computing, means we need a renewed focus on security. Especially now as more market segments move to adopt this technology in critical infrastructure.”