Cellular IoT connectivity is not an internet experience, it’s a secure, dedicated connection

Analysys Mason’s research director Tom Rebbeck caught up with Arkessa chief executive, Andrew Orrock, to talk about how the barriers to IoT adoption are gradually falling, and how mobile virtual network operators (MVNOs) can succeed in a market with numerous large global mobile network operators (MNOs)

Tom Rebbeck: There’s a general feeling that IoT has been a bit slower than expected to take off. Is that your feeling as well and if so, why do you think that’s the case?

Andrew Orrock: With enterprise that has been the case. We have seen concerns – around sourcing, the business case, scaling, security and platform integration – but gradually these barriers are coming down.

A lot of people think about mobile connectivity based on their experience with internet on a smartphone. This has coloured views as to what cellular means as people do not see it as a secure dedicated connection. But, once you get into the discussion about managed services, and we show that we can give customers the tools to manage and monitor the data connections, manage the billing, and provide a secure private network we can show that we are not simply connecting our customers devices to the internet – far from it. When we explain all of this to our channel partners, they realise they can go to their customers and get around the problems they have had in the past – they can show how our network infrastructure works and that it is secure and private.

TR: So it has been slow as it has taken time for people to realise what it means to using a mobile network for IoT connectivity?

AO: Yes, there has had to be some education. The idea of the traditional SIM card provided by a mobile operator essentially locks a customer in. If you are deploying devices around the world, or even across one country then the idea of single sourcing from an MNO with traditional SIM cards has been a problem.

Today the role of an MVNO is much clearer. We can provide multiple networks through a single relationship, a single contract providing commercial, technical and customer support. That creates a much better reaction in companies both small and large.

In the near future, the reprogrammable embedded subscriber identity module (eSIM) will give enterprises more comfort and more control and flexibility. The same solution will work globally with a range of different cellular technologies, from 2G to 5G and the cellular flavours of low power wide area (LPWA) technologies, like narrowband IoT (NB-IoT).

TR: Earlier you talked about the challenges of sourcing. What did you mean by that?

AO: The companies that have deployed IoT and that have shown most growth tend to be small to medium enterprises (SMEs). From a sourcing point of view, the larger enterprises manage their supplier lists quite closely and it can be difficult for SMEs to get onto these lists.

What we have found works well is to work with finished goods distributors or IT systems integrators. They are often already […]

The post Cellular IoT connectivity is not an internet experience, it’s a secure, dedicated connection appeared first on IoT Now – How to run an IoT enabled business.

Blogs – IoT Now – How to run an IoT enabled business

Secure IoT with a hardware-based approach

Developing IoT strategies with a security-by-design framework is essential for creating robust IoT solutions able to respond to a growing and changing security threat landscape. Approaches to that can differ and there is no one-size-fits-all solution. The different use cases drive the choices in terms of security features. Robin Duke-Woolley, the chief executive of Beecham Research, discusses this with Cristina de Lera, the head of Infrastructure and Device Security at Infineon Technologies. Infineon proposes a hardware-based approach to capitalise in full on IoT opportunities as strong, tamperresistant protection is needed, which cannot be provided by software alone.

Robin Duke-Woolley (RDW): Why is security such an important element in the development of an IoT strategy? What are the challenges in including security in IoT strategy development?

Cristina de Lera, the headof Infrastructure and Device Security at Infineon Technologies

Cristina de Lera (CdL): IoT is here now and it will add significant value to the global economy. According to a study conducted by the World Economic Forum and Accenture, the Industrial IoT is forecast to add US$ 14 trillion to the global economy by 2030, according to a joint World Economic Forum and Accenture study, titled ‘Digital Transformation of Industries: Telecommunications, 2016’. That means IoT will impact all areas of economies and society. The benefits are potentially enormous, but the security threats increase exponentially. An IoT solution is an integration of components, from devices to applications going through platforms, all subject to potential breaches. Therefore, it becomes essential to develop an IoT strategy with a security framework firmly in mind. However, each IoT strategy is defined by its own applications, business objectives, financial constraints and security requirements. In addition, different market sectors face a different balance of risks, industry-specific security needs, and level of trust requirements. This means that there is no single approach to design, develop and implement security in all IoT applications. Security must be thought of at the beginning of a project and supported by a security-by-design approach.

RDW: To what extent do IoT devices have such specific and diverse characteristics that security solutions should be optimised to each IoT use case?

CdL: At Infineon, we believe that IoT devices usually have four unique characteristics that warrant security solutions being specially designed and optimised for their use cases. First, many IoT devices are simple objects such as sensors with one or a handful of functions. In these simple devices, the microcontroller (MCU) usually has a limited computing capability and physical space. These constraints in turn restrict the security support that the MCU can offer. Secondly, many IoT devices operate powered by batteries. In this case power management functions are tremendously important to assure not to shrink the effective lifespan of the IoT device and thus failing to maximise the benefits of using IoT technologies. Thirdly, security solutions optimised for IoT devices must be able to support embedded Linux, MCU RTOS and bare metal operation without an OS running on top of it. Finally, IoT devices vary in feature sets; from simple movement sensors to […]

The post Secure IoT with a hardware-based approach appeared first on IoT Now – How to run an IoT enabled business.

Blogs – IoT Now – How to run an IoT enabled business

Presto Protects IoT Chips With Secure Manufacturing & Test

Supporting the growing need for IC security in IoT applications, Presto Engineering is offering a comprehensive manufacturing and test service that is tailored to ensure IoT chips are made to high standards of security.

Presto says it can manage the entire chip manufacturing and testing process to make chips with levels of security right up to that needed for banking standards.

IoT devices’ connection to the Internet provides a potentially vulnerable route for hackers. Presto notes that an IoT chip connected to the internet should have two levels of security built into the design of the ASIC itself to stop unauthorized access.

The first is Cryptography to protect communication and maintain the confidentiality and integrity of data as it moves across the network. The second is Authentication to verify that only authorized computers or people have access.

Turning the design into a chip requires a highly secure manufacturing supply chain. Presto claims “it can manage the entire chip manufacturing and testing process to make chips with levels of security right up to that needed for banking standards, including the secure provisioning of the cryptographic keys. The latter ensures that processors will only execute code and updates identified with the correct secret keys.”

Handling these securely in the manufacturing supply chain is vital to an effective security strategy and is covered by the Common Criteria for Information Technology Security Evaluation standards. These range from the basic Evaluation Assurance Level 1 to Level 7 for government and military, with Level 5 being typical for banks, payment systems, and other highly demanding commercial application.

More information: https://presto-eng.com/

The post Presto Protects IoT Chips With Secure Manufacturing & Test appeared first on Internet Of Things | IoT India.

Internet Of Things | IoT India

A Week in IoT: How secure are your devices, and your elderly?

Well, this week’s themes are BIG. Fundamental flaws in chip security are affecting all kinds of IoT devices, and big players like Intel and Apple are in the frame as they scramble to patch the problem. ‘Does the IoT have the device management tools needed to fix this?’ asks Jeremy Cowan. One analyst doubts it.

Meanwhile, planners are asking if smart cities will be fit for purpose. Will they be smart enough to provide help where it’s needed most – for the elderly? (In planners’ timefames, that’s you and me, by the way.) It’s not a coincidence that we’re seeing a growing focus on edge computing for smart cities – in some IoT sectors that may be the only way to manage all this data.

As you will have heard unless you just got in from Mars, Google‘s Project Zero security research team has released details of a serious security vulnerability. Indeed, some are calling it the most serious hardware bug of the modern era.

Samuel Hale: Access to normally off-limits data

Samuel Hale, analyst and IoT development expert at the US-based analyst firm MachNation tells IoT Now: “This vulnerability impacts literally all large cloud-services companies like Google, Amazon, Microsoft, IBM and others that offer multi-tenant services.”

So, he believes it’s no wonder that Intel’s stock tumbled following this announcement. Fixing this security problem is going to decrease enterprise application performance by approximately 10-15% worldwide. “This vulnerability is so serious,” says Hale, “that any application running on a system may be able to access normally off-limits data, such as passwords, security keys, or other sensitive information.”

He insists the implications for Internet of Things devices will be huge. “The majority of all IoT devices worldwide will need a software update very soon. Without great IoT device management, this is going to be extremely difficult to accomplish.”

Gavin Millard: Long-standing blunder in chip design.

Gavin Millard, technical director at Tenable adds: “The latest vulnerabilities blessed with catchy names and logos are deserving of the hype that will surely build. Spectre and Meltdown are both incredibly concerning from a privacy perspective, affecting the average home user and enterprises alike.

The long-standing blunder in chip design could enable an attacker to access confidential pieces of information being processed, for example grabbing a password as it’s typed, installing malware that could slurp up anything a user is working on, or browser data to enable it to hoover up credit card details and logins.” (Other vacuum cleaners are available. Ed.)

“For home users, MacOS has already been updated to address the flaw with Apple’s recent 10.13.2 patch release. For Windows, there were also fixes made available last night. Almost everybody is affected by these bugs, in ways researchers are only just discovering. It is of the utmost importance that updates are applied in a timely manner,” says Millard. “With a possible decrease in processing speed caused by addressing the flaws, organisations that rely on cloud platforms could be facing a significant financial impact from the increase in the number of workloads required […]

The post A Week in IoT: How secure are your devices, and your elderly? appeared first on IoT Now – How to run an IoT enabled business.

Blogs – IoT Now – How to run an IoT enabled business

Qtum Foundation, Trusted IoT Alliance, and Chronicled, Inc. to Develop Secure IoT Use Cases

Qtum Foundation, Trusted IoT Alliance, and Chronicled, Inc. to Develop Secure IoT Use Cases

Qtum Foundation, Trusted IoT Alliance, and Chronicled, Inc. to Develop Secure IoT Use Cases

Chronicled, Inc. and The Qtum Foundation have announced a collaboration to combine the Internet of Things (IoT) with Blockchain technology, developing real-world use cases integrating smart devices with a secure distributed ledger back end.

This will take place in collaboration with researchers at the University of California, Berkeley. Through this partnership, Qtum and Chronicled will work together to define and support a roadmap of fundamental research at UC Berkeley, developing post-quantum applied cryptography, zkSNARK-based privacy-preserving smart contracts, and zero knowledge proofs for large computations.

Qtum Foundation founder Patrick Dai, said:

“The partnership with Chronicled and UC Berkeley represents the frontier of innovation in IoT, smart contracts, and privacy for enterprise applications.”

“We are delighted to be partnering with some of the strongest researchers and innovators in the world who are leading enterprise implementations.”

Qtum is developing a leading blockchain data network in Asia, using a hybrid model that combines the UTXO transaction model with a virtual machine layer for smart contracts. Meanwhile, Chronicled will pursue development of smart contracts to integrate IoT device registrations on the Qtum blockchain. Both Chronicled and Qtum are members of the Trusted IoT Alliance, a consortium of companies ranging from startups to Fortune 100 enterprises. The Alliance is focused on leveraging the power of the blockchain to secure high-value physical assets. Members of the Alliance, which is based in San Francisco, include Bosch, BNY Mellon, Cisco, and UBS.

“We have been collaborating with the team at Qtum for almost a year through the Trusted IoT Alliance, and we are excited to bring the latest IoT integration capabilities to Qtum,” said Chronicled CTO Maurizio Greco. “We see a future where trusted device provisioning, authentication, data logs, and payments are just around the corner.”

A team of researchers at UC Berkeley is currently focused on using applied cryptography to develop solutions for identity, ownership, and provenance validation as well as other use cases at the intersection of blockchain and IoT. Through collaboration with Chronicled and Qtum, they hope to devise real-world use cases and gain insight from two teams that have been developing and applying the technology for enterprise customers.

“It is great to work with strong commercialization partners who both value the need for fundamental research and who see a path to commercialization of the applied cryptographic methods that we have under development in the lab,” said Alessandro Chiesa, Assistant Professor at UC Berkeley.

For his part, Trusted IoT Alliance Executive Director Zaki Manian said:
“We are excited to be in a position to administer development grants to integrate Trusted IoT devices with the Qtum Blockchain technology. We see a win-win for our members in the Alliance and the Qtum ecosystem.”

Software developers and researchers are encouraged to visit the Trusted IoT website to apply for grants, here: https://github.com/Trusted-IoT-Alliance/Quantum-Foundation-Proposals

The post Qtum Foundation, Trusted IoT Alliance, and Chronicled, Inc. to Develop Secure IoT Use Cases appeared first on IoT Business News.

IoT Business News