Menu

IoT FEATURE NEWS

Securing the Internet of Things with Digital Holograms

By Special Guest
Richard Hayton, CTO, Trustonic
April 13, 2018

Securing the Internet of Things is a phrase that is on everyone’s lips these days, but what exactly will it take? And why should device manufacturers care?

Here are some of the major concerns: 

  • Ensuring that only legitimate devices can enroll with your service, to prevent fraudulent or over-produced devices abusing your web services, generating false data, or ruining your reputation with your customers.
  • Protecting the sensitive IP on the devices from theft by other parties in the production chain
  • Securing the storage and transmission of data from trusted devices to trusted services.
  • Enabling simple and secure enrollment to cloud services, without requiring expensive key provisioning in OEM factories.

Everyone knows that devices need security services to support various use cases, but it is often very hard to achieve. One of the main goals at Trustonic is to embed security at the silicon level, thereby making security simple to enable for device manufacturers. We aim to democratize security such that everyone can benefit from it without being security experts themselves.

Here is one option:
Imagine the life of an IoT device. Though the final device may be created by one OEM, it is common to use standard parts, or outsourced production, to make modules used in the final solution. The outsourcing is a great way of reducing costs, but it adds risk – theft of IP, overproduction of parts and other fraud.  For example, a device may move from a MPU form a silicon provider (SiP) to a hardware module maker, to a second subcontractor who adds software or performs testing.  Eventually, the module ends up with the OEM who packages it all up, adds a nice form-factor around it and ships the final product to the end user. In this example, there are four links in the chain, but there are often even more.

When the device eventually wishes to attest itself as genuine when enrolling with the OEM cloud (e.g. product registration for warranty benefits), how does the OEM or other interested party differentiate between a fully-genuine device, and one which travelled only part way along the chain before being diverted for fraudulent purposes.

To address the problem of proving whether devices are genuine or not, we’ve come up with a solution that we call Digital Holograms™. Think of credit cards and remember how they all have holograms on them which shine in nice colors when tilted – to show you that these are genuine and not counterfeit. Our digital holograms are similar, just in a digital representation.

Now, before the chip leaves the SiP we embed a Root of Trust and software to enable further steps to be securely recorded and replayed. For each additional notable step, a Digital Hologram can be added to attest that the device passed a particular milestone. So, by the time it reaches the OEM for final assembly, the device will contain a Root of Trust (RoT) and several Digital Holograms. These holograms are all linked together in a Blockchain, to prevent any tampering along the way.

So, when the device attempts to enroll to a service (in the example above; product registration), the RoT and chain of holograms are passed on to the cloud service which can then call a Trustonic service to validate that the message came from a device enabled with our technology, and to enable Trustonic to report on the device’s lifecycle so far. We know the origin and meaning of each hologram so can provide a digital trace on the device’s manufacture. Much like their real-world analog, our holograms are hard to clone, and impossible to remove without destroying them. That means we can detect fraud of many different forms – fraudsters creating devices without holograms are easily spotted, and attempts to clone or manipulate holograms either in factory or on the device are protected by our patent-pending algorithms and active monitoring. If fraud does take place, we can point the finger as to the location  - acting both as a deterrent and as evidence for redress.

Everyone in the IoT space knows they ‘must do better’ with security. With Digital Holograms™, Trustonic is demonstrating clear business benefits from adopting a secure approach to manufacture. We have built this solution as part of our Kinibi-M solution, which offers many other benefits, such as IP Protection for code modules (preventing others in the supply chain from extracting code or secret keys), secure cloud onboarding and small, simple cryptography – all on the smallest of ARM MPUs.




Edited by Ken Briodagh
SHARE THIS ARTICLE
Related Articles

AT&T and Los Angeles Explore Partnership

By: Ken Briodagh    9/20/2018

AT&T and the City of Los Angeles are looking to team up to make LA one of the smartest cities in America and to Drive Traffic, Public Safety and Disas…

Read More

SAS IoT to power China's Wuxi High-Tech Zone

By: Ken Briodagh    9/19/2018

Partnership builds on SAS' position as the IoT analytics leader in smart cities arenas.

Read More

AT&T, G+D and Altair Team Up to Spur IoT Deployment

By: Ken Briodagh    9/19/2018

Next-Generation Integrated SIM Will Meet the Needs of an Expanding Global Internet of Things Market

Read More

Top 5 Reasons Why APIs Lead to Blockages in B2B Operations

By: Special Guest    9/18/2018

These days, enterprises are increasingly adopting API led solutions for Business to Business (B2B) connectivity.

Read More

Technology Companies Join to Reduce Water Consumption for Commercial Farms

By: Cynthia S. Artin    9/18/2018

Three companies have announced an Industrial IoT (IIoT) "stack" combining sensors, signals, semiconductors, algorithms, expertise in social moisture m…

Read More