Connected devices need e-commerce security standard, says industry group
The companies, including ARM, Intercede, Solacia, and Symantec worked together to assess the security challenges of connecting billions of devices across multiple sectors; including industrial, home, health services and transportation. Their conclusion was that any system could be compromized unless a system-level root of trust was established.
To deal with the risk, the companies have collaborated on the Open Trust Protocol (OTrP) to combine a secure architecture with trusted code management, using technologies proven in large scale banking and sensitive data applications on mass-market devices such as smartphones and tablets.
“In an Internet-connected world, it is imperative to establish trust between all devices and service providers,” said Marc Canel, vice president of security systems, ARM. “Operators need to trust devices their systems interact with and OTrP achieves this in a simple way. It brings e-commerce trust architectures together with a high-level protocol that can be easily integrated with any existing platform.”
Other members of the OTrP Joint Stakeholder Agreement are: Beanpod, Sequitur Labs, Sprint, Thundersoft, Trustkernel and Verimatrix.
OTrP is a high-level management protocol that works with security solutions such as ARM TrustZone-based Trusted Execution Environments that are designed to protect mobile computing devices from malicious attack. The protocol is available for download from the IETF website for prototyping and testing.
The protocol paves the way for an open interoperable standard to enable the management of trusted software without the need for a centralized database by reusing the established security architecture of e-commerce.
The management protocol is used with Public Key Infrastructure (PKI) and Certificate Authority-based trust architectures, enabling service providers, app developers and OEMs to use their own keys to authenticate and manage trusted software and assets. OTrP is a high-level and simple protocol that can be easily added to existing Trusted Execution Environments or to microcontroller-based platforms capable of RSA cryptography.
OTrP is available as an IETF informational and it is planned that it will be further developed by a standards defining organization that can encourage its mass adoption as an interoperable standard.
Related articles:
Cybersecurity is fertile breeding ground for startups, says report
Cybersecurity firms partner to protect connected IoT devices
MCU for IoT features hardware-based cryptography
Security chip protects IoT connected devices
If you enjoyed this article, you will like the following ones: don't miss them by subscribing to :
