IoT Security: Bringing Trust to the Internet of Things

Thales eSecurity’s HSMs and Vormetric Data Security Platform provide a root of trust for connected devices and edge-to-cloud data protection

IOT security

Internet of Things (IoT) Security

Organizations have only just begun discovering and benefiting from the opportunities provided by the Internet of Things. The ability to capture and analyze data from distributed connected devices offers the potential to optimize processes, create new revenue streams, and improve customer service. However, the IoT also exposes organizations to new security vulnerabilities introduced by increased network connectivity and devices that are not secured by design. And advanced attackers have demonstrated the ability to pivot to other systems by leveraging vulnerabilities in IoT devices.

nShield HSMs and the Vormetric Data Security Platform from Thales eSecurity, along with partners from our IoT ecosystem, bring trust to the IoT with solutions for device credentialing and authentication, firmware signing, and data confidentiality and privacy.

Vulnerable Connected Devices

Once connected devices are deployed in the field, they become attractive targets for criminal actors seeking to:

  • expose protected content stored on or transmitted by the device
  • use the device's trusted status to gain access to other connected systems
  • take control of the device for other illicit activities
Unauthorized Device Production

Sophisticated cybercriminals or insiders with privileged access can take advantage of unsecured manufacturing processes to produce counterfeits and clones, resulting in decreased revenues and damaged brand reputation. This is particularly relevant at remote or third-party facilities, where the device vendor has no physical presence.

Introduction of Unauthorized Code

Malicious actors may seek opportunities to inject unauthorized code during the manufacturing process or when device code is updated, e.g., when the manufacturer needs to update the firmware to provide additional functionality or patch a vulnerability.

Data Protection

IoT devices will collect large volumes of data, some of which will require protection based on sensitivity or compliance requirements. IoT data protection solutions must span edge to cloud, provide scalable encryption and key management, and not impede data analysis.

Strong Device Authentication

Using nShield HSMs and a supporting security application to create and protect the underlying keys, each IoT device can be manufactured with a unique, cryptographically-based identity that is authenticated when a connection to gateway or central server is attempted. With this unique ID in place, you can track each device throughout its lifecycle, communicate securely with it and prevent it from executing harmful processes. If a device exhibits unexpected behavior, you can simply revoke its privileges.

Secure Device Manufacturing

Thales nShield HSMs, used in conjunction with security software, enable manufacturers to secure their production processes. For example, Microsemi, a leading provider of semiconductor solutions, uses nShield HSMs in combination with security software to generate unique codes that can only be decrypted by the device for which each was generated. By controlling the number of authorization codes generated, they can also limit the number of systems built.

PKI Supports the IoT

Establishing strong authentication is just one part of the puzzle. The IoT demands large scale management and protection of digital certificates and the underlying keys, and support for multiple public key algorithms including Elliptic Curve Crypto (ECC) whose shorter key lengths and less intensive computational power are well suited to constrained IoT devices, all supported by a well-designed public key infrastructure (PKI). The accepted PKI best practice to secure your most sensitive keys and business processes is to use an HSM. Whether you work with one of our industry-leading PKI partners or tap into our Advanced Services Group’s knowledge and expertise, Thales HSMs will provide a high-assurance, independently-certified root of trust for your PKI, regardless of complexity or scale.

Defense Against Attacks and Data Loss

Limiting access to protected systems and data to only authorized devices and users enables you to defend against many of the potential threats associated with the IoT, such as APTs and data breaches, as well as protect data confidentiality and privacy. By using cryptographically-based identification underpinned by HSMs - a recognized best practice - for authentication, and code signing to ensure authenticity and integrity of device firmware updates and patches, you can create a secure network of trusted IoT devices.

Reduced Operational Costs

Through secure control and monitoring of geographically-dispersed devices, organizations can lower the cost of device maintenance and updates. The cost savings extend to the removal of untrusted devices; if a device exhibits unexpected behavior, instead of deploying a technician to physically inspect and take it offline, you can simply revoke its privileges remotely.

Protected Revenue and Reputation

By securing the process of manufacturing devices, organizations can protect against lost revenues and brand damage resulting from the sale of unauthorized black market units. Secure connected devices also provide opportunities for new revenue streams, as companies can use their connectivity to deliver functional upgrades or to serve up premium content and services.

Webcasts : Securing IoT Data: Compliance, Privacy, and New Regulations

As the Internet of Things (IoT) becomes ever more ubiquitous, organizations need to ensure that the solution they deploy to protect their infrastructure can effectively scale to secure exponentially growing volumes of data - in compliance with evolving security regulations...

Download

Case Studies : Thales Accelerates Polycom’s Integration of Digital Certificates into Phones

Polycom turns to Thales Professional Services and Thales HSMs to enhance VoIP Security. Thales accelerates Polycom’s integration of digital certificates into phones....

Download

Case Studies : Qube Cinema Revolutionizes Digital Cinema Distribution With Help From Thales Hardware Security Modules

As a manufacturer of servers, projectors, mastering and distribution technology for digital cinema, Qube Cinema saw a unique opportunity to introduce a highly disruptive technology to the market as the film industry...

Download

Data Sheets : Thales nShield Certified Systems Engineer Training Data Sheet

The nCSE provides the training to give your people the knowledge to get the most from your investment. Getting the best from your technology requires a technology, getting the best use from it depends on how much you invest in it....

Download

Related Solutions

Securing IoT Devices

Dig deeper into Thales eSecurity's solutions and examples for securing the IoT.

Learn More

Thales nShield HSMs

nShield HSMs provide a hardened, tamper-resistant environment for secure cryptographic processing, key protection, and key management.

Learn More

PKI & Digital Certificates

Products and services from Thales eSecurity can help to ensure the integrity, performance, and manageability of your PKI.

Learn More
Vormetric Encryption delivers what we need it to do – without any fuss or drama – knowing it’s in place is one less thing to worry about. Albert AvilaBusiness Solutions Specialist, Fujitsu America, Inc.
Thales eSecurity is our standard. Whenever an encryption solution is needed, the answer is always, ‘let’s start with Thales eSecurity. Damian McDonaldVice President of Global Information Security, Becton, Dickinson and Company
There is absolutely no noticeable impact on the performance or usability of applications. I am very excited at how easy the solution is to deploy and it has always performed flawlessly. Christian MuusDirector of Security for Teleperformance EMEA
My concern with encryption was the overhead on user and application performance. With Thales eSecurity, people have no idea it’s even running. Karl MudraCIO
Delta Dental of Missouri
The Vormetric solution not only solved all of our encryption needs but alleviated any fears of the complexity and overhead of managing the environment once it was in place. Joseph Johnson,chief information security officer CHS

As a global payment solutions and commerce enablement leader, Verifone’s strategy is to develop and deploy “best in class” payment solutions and services that meet or exceed global security standards and help our clients securely accept electronic payments across all channels of commerce. We selected Thales HSMs to provide robust security, unmatched performance and superior scalability across our payment security platforms, protecting encryption keys from virtually any attack. This helps Verifone to continue reducing merchants’ growing exposure to data breaches and cyber criminals and more aggressively safeguard consumer information… Joe Majka,Chief Security Officer

Implementing Vormetric has given our own clients an added level of confidence in the relationship they have with us; they know we’re serious about taking care of their data. Audley Deansenior director of Information Security,
BMC Software
Vormetric’s approach of coupling access control with encryption is a very powerful combination. We use it to demonstrate to clients our commitment to preserving the security and integrity of their test cases, data and designs. David VargasInformation Security Architect
Cadence Design Systems
Visionner notre démo interactive Explorer
Programmer une démo en direct Programmer
Entrer en contact avec un spécialiste Nous contacter