Home/ Blog/Security

Archive for the ‘Security’ Category

How to Balance IoT Security for Embedded Solutions

When considering embedded IoT solutions, security is a balance between three parts that are often in tension: economic cost, benefit, and risk.

  • Cost – Pertains to the price for designing security into industrial applications versus “bolting” it on, the urgency of time to market, and the value of your brand’s reputation.
  • Benefit – The benefits of integrated security allow you gain immediate access to critical features such as secure connections, authenticated boot, encrypted data storage, access-controlled ports, secure software updates, and seamless integration of the dedicated on-module Secure Element (SE).
  • Risk – With remote and distributed wireless networks, hackers do not need physical access to devices such as USB outlets or network ports, putting remote industrial applications even more at risk to communication attacks, software attacks, invasive hardware attacks, and non-invasive hardware attacks can be classified in terms of investment, the type of attacker, and equipment involved.

Designing and building connected products can be accelerated by using a secure and cost-effective System-on-Module (SOM) platform, a surface mount form factor that provides simple design freedom with unlimited access to interfaces, and out-of-the-box integrated security that is reliable, allowing you to focus on accelerated product development and delivering products that take advantage of the benefits of connectivity.

To help designers and builders effectively respond to the IoT security mandate, Digi experts developed Digi TrustFence™, a fully integrated, tested, and complete Linux device security framework. The built-in security of Digi TrustFence provides immediate access to critical features and easy integration to handle security for your embedded IoT device.

>>Check out this IoT Device Security Technology Brief to protect your embedded devices with a balanced security framework.

Internet of Things Device Security: Five Simple Steps (video)

Device security is a critical and complex step in designing an Internet of Things strategy. Digi’s Chief Technology Officer, Joel Young, discusses five critical areas of IoT security.

Cover these, and you’re on the right path:

  • secure boot
  • authentication
  • protected ports
  • storage
  • secure connections

In this five minute video, Joel shares which questions to ask and what steps to take in order to ensure strong IoT device security.

You can get the transcript of this video here, and learn more about Digi TrustFence here.

5 Lessons Learned from the Mirai DDoS Attack

Posted on:

Security is always top of mind when it comes to IoT devices and applications. The recent Mirai DDoS attack in October 2016 is an important reminder that IoT device manufacturers—and consumers—need to be vigilant with security, both out of the box and at home.

Recently, Andrew Lund, Digi’s Product Marketing Manager for Wireless M2M and IoT, shared his thoughts with IoT Evolution on the Mirai attack and what lessons could be learned to help improve security for IoT devices and applications. Below is an excerpt of five of Andrew’s best practices from IoT Evolution’s piece, which you can read in full here.

  1. Change default passwords:
    Given the attack vector that Mirai used, it’s clear that one area Device OEMs can make design decisions to increase security is with respect to passwords. The days of leaving the default password unchanged are over, so manufacturers must either force users to change passwords or create a “default” passwords that are unique to each individual IoT device.
  2. Don’t allow insecure ingress protocols:
    Mirai malware contains “killer” scripts that remove other worms and Trojans, allowing Mirai to maximize its use of the infected host device. But Mirai also goes one step further and closes processes that are used for remote ingress attempts, like Telnet, SSH, and HTTP.
  3. Secure remote management tools:
    Efficient, cost-effective method of remotely monitoring, updating and managing connected devices. Users can set performance parameters for healthy devices and create reports and alarms for suspicious activity. Using a remote manager that incorporates PCI-DSS and other relevant security certifications in the cloud such as HIPAA and NIST allow users to define a device profile, assign the profile to all devices in a group, and monitor and auto-remediate any variances. The best remote management tools can also restrict incoming traffic to only allow SSL connections, eliminating unencrypted TCP connections.
  4. Firmware updates:
    Firmware updates must be completed securely (authentication) and automatically, or at a minimum, users must be notified/prompted when a new firmware update is available.
  5. Packet encryption:
    This consists of basic encryption, such as FIPS-197/AES, to protect messages from unauthorized viewing or malicious changes. This method is easy to implement and use, especially in conjunction with private keys.

TO LEARN MORE, READ THE FULL POST HERE >>

The Past, Present, and Future of Remote IoT Security

Posted on:

The expansion of IoT applications allows more remote devices to wirelessly collect, store, and transmit information across vast networks and distances to multiple applications. Remote_IoT_SecurityThis advancement now demands that remote IoT solutions be designed to have individualized device security, well thought out IoT hardware and with consideration of risk aversion because hackers now have a larger playing field with even more targets. Industries like Smart Grids, Smart Cities, and the Transportation industry are more susceptible to these cyber attacks because they are constantly trying to go further, do more, and expand network coverage. Remote IoT connected devices can be accessed from both wired and wireless networks, which leave them vulnerable to these basic types of attacks to consider:

  • Access/Authentication of IoT Devices – Hackers can cause mistrust by misleading remote network devices by altering the manufacturer code.
  • Up-to-date security systems – Hackers can attack systems that have fallen behind on updates or lack support to patch issues in large numbers of scattered IoT devices.
  • Encryption Network Security – Hackers can easily access and find encryption keys to decrypt IoT data.
  • Hardware Port access Protection- Hackers can physically attack remote IoT devices and gain access through the JTAG port, network ports, or an Ethernet port.

The IoT solution to help prevent these cyber attacks is to design and implement a futuristic IoT security framework. The security solution will be tailored to a specific IoT solution and will provide advance features like device authentication, using a remote system that will monitor and update devices. Remote services will also help store IoT data and validate that data as originating from the proper device. It will include a hardened coprocessor that add other layers of IoT security by enabling security functions separate from the main processor in a hardened security environment.

Read more about remote IoT Security, cyber attacks, and the future of an IoT Security Framework >>

Is Your JTAG Debug Port Vulnerable to Hackers?

Posted on:

In most Internet of Things (IoT) deployments, it’s good practice to authenticate anyone trying to access your device – typically through the Ethernet, WiFi, or other network protocol. But there’s a more subtle, and dangerous, way to get into your device: through a JTAG debug port. If someone gains physical access, he can create much more havoc because JTAG takes you to the low-level heart of a board or chip, where an expert hacker can take complete low-level control of the system – even replacing firmware with a rogue code.

System Blog Diagram

In this contributed article for Embedded Computing Design, Digi’s Mike Rohrmoser explains the pluses and minuses of the use of Secure JTAG keys. Regardless of the approach you choose, Digi TrustFence™ security framework includes tools for manufacturing and maintenance, including Secure JTAG.

FULL ARTICLE IN EMBEDDED COMPUTING DESIGN: DON’T LET HACKERS IN THE JTAG PORT >>

It’s an Uncertain World: Are You Secure?

Posted on:

Security is a mounting concern for both wired and wireless M2M networks.

Their data may seem mundane, but if this information is stolen, impeded, or altered, the potential consequences are too great, particularly in commercial and industrial applications.

IoT SecurityYet M2M networks are populated by small, defenseless devices that are designed to be simple and inexpensive.

With their limited electrical and processing power, desktop and mobile security measures like firewalls or passwords aren’t practical.

Digi acutely understands the need to safeguard M2M networks and offers Strengthening Security in Embedded IoT Solutions, an introduction to security options for designers of M2M implementations.

Reading this paper, you’ll learn about the four types of IoT threats and the tools available to identify and prioritize them.

You’ll discover the six core methods for achieving M2M security: packet encryption, message replay protection, message authentication code, debug port protection, secure bootloaders, and pre-shared keys.

By understanding the threats and means to counter them, you can greatly reduce the risks and vulnerabilities of your M2M networks.

Read the white paper here >>

Interview with Embedded Computing Design: Connected Device Security

Posted on:

With the rapid growth of the Internet of Things, devices have become more vulnerable in recent years. Even with highly publicized security breaches (medical devices, web cams, vehicles, building automation equipment, etc.), it seems like security is still on the lower end of awareness and focus. And for those device manufacturers who are security-minded, implementation is not trivial.

Mike Rohrmoser, Digi’s Director of Product Management for Embedded Systems, spoke with Embedded Computing Design at NXP FTF 2016 about concerns surrounding connected devices. He emphasized that security requirements will change over time, so it’s imperative that device manufacturers make sure their products have a chance to support those changes.

Listen to the full interview to hear Mike’s thoughts on the state of connected device security and how Digi is addressing these deficiencies with a secure software framework and security architecture called Digi TrustFence™.

Full interview: Is the hysteria around connected device security warranted?>>

Secure Device Management within a Private Cellular Network

Posted on:

It’s not uncommon for customers to deploy 4G LTE devices on private cellular networks for the perceived security benefits, but this can create a challenge for customers who want to use cloud-based device management tools for configuration, performance reporting, and troubleshooting.

In this video, Brad Cole, Digi Device Cloud Product Manager, explains how network administrators can use a web proxy to access Digi’s cloud-based network management tool while maintaining compliance with their existing security architecture.

To learn more about Digi TransPort routers and their remote management capabilities, click here. If there’s a topic you’d like to see covered in an upcoming video, fill out this form and let us know!

Contact a Digi expert and get started today! Contact Us
Have a Question?