IoT offers new business opportunities, extended benefits and simplified processes, but the increasing networking is accompanied by larger attack vectors. This is mainly due to the fact that IoT solutions conceal significantly more complex infrastructures than in classical IT. To
“This leads to the need to include IT security aspects at an early stage in the planning, conception and implementation of IoT projects,” emphasizes Detlev Henze, Managing Director of TÜV TRUST IT, an Austrian-German IT security company. For this reason, the IT security specialist has worked with the DFKI to develop a test catalog with which IoT devices can be assessed independently and objectively. For this purpose IoT devices are tested in the “IoTestLab”, a test laboratory of the DFKI, which is recognized by the German Federal Office for Information Security (BSI) for evaluations according to Common Criteria.
The extent of the investigation is individually adapted to the respective project. These include various test services and application contexts, such as a general conceptual check under a wide range of aspects from development methodology to crypto key management. The hardware and software architecture, as well as the technical data protection and the data security, are also closely scrutinized, inter alia. The examined IoT devices are tested against relevant safety recommendations. The aim is to identify existing conceptual weaknesses and, in the aftermath, to show improvement potentials.
If the test result is positive according to the “Trusted IoT-Device” catalog, an optional certificate is issued. The seal of approval and validity is valid for three years. In order to maintain certification, the subject of the examination is re-examined every year.
“One of the essential advantages of the possibilities of investigation by the closed cooperation is that an implementation of sustainable and effective information security can already take place in the development process of the relevant IoT product,” explains Henze. “This results in a high level of investment security for development projects in the IoT environment. A certification also improves the marketing opportunities because it is proof that the IoT device is trustworthy and secure. “
This also corresponds to the DFKI motifs for the certification carried out: “The examinations are designed to make a lasting contribution to more security in the Internet of Things (IoT),” explains Roland Vogt, Director of the IoTestLab at DFKI. “Long-term experience with the independent verification of the security of IT products leads to results that confirm that Trusted IoT devices are resistant to a wide range of hazards and that Trusted IoT devices do not pose a threat to networked infrastructure, data protection or consumers. “