Connected devices require eCommerce standard security, according to cyber security experts

Research from a group of technology security experts revealed that billions of connected devices are potentially at risk unless security sensitive software can be managed to an eCommerce standard.

The companies, including ARM, Intercede, Solacia and Symantec worked together to assess the security challenges of connecting billions of devices across multiple sectors, including industrial, home, health services and transportation. Their conclusion was that any system could be compromised unless a system-level root of trust was established.

To deal with the risk, the companies collaborated on the Open Trust Protocol (OTrP) to combine a secure architecture with trusted code management, using technologies proven in large scale banking and sensitive data applications on mass-market devices such as smartphones and tablets.

“In an internet-connected world, it is imperative to establish trust between all devices and service providers,” said Marc Canel, vice president of security systems, ARM. “Operators need to trust devices their systems interact with and OTrP achieves this in a simple way. It brings eCommerce trust architectures together with a high-level protocol that can be easily integrated with any existing platform.”

Other members of the OTrP Joint Stakeholder Agreement include Beanpod, Sequitur Labs, Sprint, Thundersoft, Trustkernel and Verimatrix.

Earlier this week, the boards of directors of SoftBank Group and ARM Holdings announced that they have reached agreement on the terms of a recommended all cash acquisition of the entire issued and to be issued share capital of ARM by SoftBank. The consideration values the entire existing issued and to be issued share capital of ARM at approximately £24.3 billion (about US$32 billion).

The cash consideration payable under the acquisition will be funded by SoftBank’s existing cash resources and cash drawn down from a term loan facility between SoftBank and Mizuho Bank.

SoftBank intends to preserve the ARM organisation, including ARM’s existing senior management team, brand, partnership-based business model and culture to ensure continuity of a strong track record, while maintaining the headquarters of ARM in Cambridge. The Japanese vendor also intends to at least double the employee headcount in the UK over the next five years thereby enabling ARM to continue to develop innovative technology in the UK; and increase the headcount of ARM outside the UK over the next five years.

Symantec estimates that one million internet attacks were carried out every day during 2015. The Internet of Things (IoT) expands the attack surface and analyst firm Gartner said that security is now the number one priority when building any connected product.

OTrP is a high level management protocol that works with security solutions such as ARM TrustZone-based Trusted Execution Environments that are designed to protect mobile computing devices from malicious attack. The protocol is available for download from the IETF website for prototyping and testing.

The protocol paves the way for an open interoperable standard to enable the management of trusted software without the need for a centralized database by reusing the established security architecture of eCommerce. The management protocol is used with Public Key Infrastructure (PKI) and Certificate Authority-based trust architectures, enabling service providers, app developers and OEMs to use their own keys to authenticate and manage trusted software and assets.

OTrP is a high level and simple protocol that can be added to existing Trusted Execution Environments or to microcontroller-based platforms capable of RSA cryptography. OTrP is available as an IETF informational and it is planned that it will be further developed by a standards defining organization that can encourage its mass adoption as an interoperable standard.

“Enabling the creation of an OTrP ecosystem for Trusted Applications is crucial in ensuring commercial flexibility across markets, said SangJin Park, CEO of Solacia. “We are committed to the adoption of open standards across the security industry and the provision of SecuriTEE will help to achieve this by deploying ARM TrustZone technology widely to ensure universal adoption of secure mobility.”

“As a wireless operator, providing a communication and data ecosystem that is safe and secure is a paramount mission,” said Dr. Ron Marquardt, Sprint’s vice president of technology. “As the global ecosystem of connected devices and mobile applications continues to grow, security will become more challenging. OTrP offers a strong prescription for this increasing challenge with its flexibility to provision and maintain system-level root of trust within the service ecosystem.”

“With new technologies come increased security risks,” said Brian Witten, senior director for Internet of Things (IoT) security at Symantec. “The Internet of Things and smart mobile technologies are moving into a range of diverse applications and it is important to create an open protocol to ease and accelerate adoption of hardware-backed security that is designed to protect on board encryption-keys.”


IoT Innovator Newsletter

Get the latest updates and industry news in your inbox! Enter your email address and name below to be the first to know.