E-commerce level security needed to protect IoT connected devices, say technology experts

Smart cities rely on connected devices, such as smart lighting sensors which provide data showing when and where street lights are needed.

Around the world, billions of connected devices are used in multiple sectors including industrial, home, health and transportation. But greater security is necessary to protect these devices, according to a group of cyber security experts.

Industry specialists including ARM and Symantec have been working together to assess the security challenges of connecting billions of devices. They concluded that any system could be compromised unless a system-level root of trust was established.

Symantec estimates that one million internet attacks were carried out every day in 2015. As the Internet of Things (IoT) expands, the threat will only increase.

To address this risk, the companies have created the Open Trust Protocol (OTrP), combining a secure architecture with trusted code management, using technologies already well established in banking and in applications for smartphones and tablets which handle sensitive data.

According to the developers, the management protocol is used with Public Key Infrastructure (PKI) and Certificate Authority-based trust architectures, enabling service providers, app developers and OEMs to use their own keys to authenticate and manage trusted software and assets.

The protocol can be added to existing Trusted Execution Environments or to microcontroller-based platforms capable of RSA cryptography, the group said.

“In an internet-connected world, it is imperative to establish trust between all devices and service providers,” commented Marc Canel, vice president of security systems at ARM. “Operators need to trust devices their systems interact with and OTrP achieves this in a simple way. It brings e-commerce trust architectures together with a high-level protocol that can be easily integrated with any existing platform.”

The other members of the OTrP group are Intercede, Solacia, Beanpod, Sequitur Labs, Sprint, Thundersoft, Trustkernel and Verimatrix.

Sign up to our newsletter

Meet our experts