The security issues surrounding the internet of things (IoT) devices range from tiny semiconductors to global supply chains.<\/p>\n\n\n\n
PUFsecurity, a key provider of intellectual property (IP) that helps strengthen security at the chip level, hosted a forum of IoT experts to discuss the industry\u2019s challenges and outlook.<\/p>\n\n\n\n
We Need to Build Trust for each IoT Device<\/strong><\/p>\n\n\n\n Wide-ranging security challenges threaten to slow down the adoption and growth of the IoT industry. Geopolitical and data sovereignty challenges drive the creation of trusted supply-chain ecosystems in Asia, Europe, and the Americas, according to Tom Katsioulas, Board Chair of GSA Trusted IoT Ecosystem Security (TIES) an industry group. Nowadays, more IoT devices need a root of trust (RoT) for secure boot, secure storage, secure data access and identity linked to such data. The COVID pandemic has resulted in accelerated digital transformation, chip demand, and supply chain shortages, increasing the risk of counterfeits with more people working remotely. (Read more: RoT: The Foundation of Security<\/a>)<\/p>\n\n\n\n \u201cWe need to trust every aspect of the supply chain with respect to design and procurement of services,\u201d Katsioulas said. \u201cDigital transformation of the supply chain presents an opportunity to evolve the existing infrastructure in a way that enables trusted traceability of process and products to maximize the level of security.\u201d<\/p>\n\n\n\n Many issues are related to the semiconductors that run IoT devices, according to PUFsecurity consultant Albert Jeng.<\/p>\n\n\n\n \u201cThe three keys to chip security are building trust into each device, verifying its security during the design stage, and maintaining records on the chip through its lifetime. These steps are critical for upholding semiconductor supply chain security,\u201d said Jeng.<\/p>\n\n\n\n Without adequate protections, it becomes difficult to securely deploy IoT and other devices connected to the internet. The provisioning of security and identity for each device is important as a broader range of devices are under attack. Moreover, home networks are increasingly vulnerable through the wider use of edge devices. Because of the pandemic, people have left secure parameters and adopted easily penetrable devices and networks.<\/p>\n\n\n\n \u201cMore IoT devices used equals more holes to cover,\u201d says Luis Ancajas, director of IoT solutions for memory chipmaker Micron. The best defense is assuming there will always be invasions. The question is how to trace violations and identify where breaches occurred. Until now, software-based protection was the most common. Unfortunately, this approach is only as strong as the device operating system. Such electronic devices typically store their secret key critical to system security within a visible eFuse device vulnerable to invasive attacks.<\/p>\n\n\n\n An Ideal Solution to Build Root-of-Trust inside Chips: PUF<\/strong><\/p>\n\n\n\n An alternative secret key solution is the physically unclonable function (PUF) technology that functions as a chip’s inborn fingerprint and provides security-related advantages. PUF is an emerging solution used as a hardware root of trust (HRoT). The ideal PUF generates secret keys that are highly random, independent of each other, and reliable within all operating conditions. (Read more: Why a True Hardware PUF is more Reliable as RooT of Trust<\/a>)<\/p>\n\n\n\n \u201cA PUF can create a unique identity (UID) or an inborn fingerprint for each chip,\u201d according to PUFsecurity R&D Director Meng-Yi Wu. \u201cTherefore, it provides an immutable secret to derive public-private keys for many applications in the supply chain and field use. HRoT enables secure boot, secure storage for silicon lifecycle data, and secure access of the chip for secure read\/write data.\u201d <\/p>\n\n\n\n