Implementing IoT device security can be a challenge. Let us help you by sharing our proven framework for integrating a proactive security approach into your design. Click the button below to schedule a one-on-one web conference to discuss your security needs.
Implementing IoT device security can be a challenge. Let us help you by sharing our proven framework for integrating a proactive security approach into your design. Click the button below to schedule a one-on-one web conference to discuss your security needs.
IoT provisioning is the installation of software, or more commonly firmware, on an IoT device. Devices have lifecycles that span two to twenty years, so secure, remote provisioning is critical to keep them updated rather than replacing them.
It must be securely handled through all stages of IoT lifecycle management to prevent loss of control, loss of data or damage from external threats.
Provisioning starts in the Beginning of Life phase when the software is initially installed and continues during Middle of Life as new versions override existing ones to add features or rectify problems. End of Life requires a special type of provisioning that wipes out data and access to intellectual property to maintain privacy and safeguard against IP theft.
Models Used for Secure IoT Provisioning
There is no single provisioning model that works across the multitude of IoT devices and applications that exist since they have different hardware, software, features and capabilities. However, there are a few models that are commonly used.
OTP One Time Programmable The one-time programmable method stores software in a fixed part of a device and cannot be changed or updated. If the software needs to be updated the IoT device is replaced with a new one. This method is acceptable if the software will not change during the product’s lifecycle.
Blob Model The Blob model also uses an area within the device to store software/firmware, but unlike OTP, the software can be updated. This occurs “in one shot” that replaces the old software with the new – it is all or nothing. The updating can be done in stages, with the new version stored in a staging area on the device until it replaces the previous version. Blob is a brute force, less sophisticated method for provisioning software.
Asset Approach
This method is granular and scalable, but it is complex. With the Asset Approach, there are multiple areas on the device, referred to as assets, that maintain programs that perform specific functions. Each asset may have a unique version number and program size. This approach offers maximum flexibility because device functions can be altered or controlled independently. However, this method can be complicated because software across all assets must be compatible with the device to operate properly.
Enterprise IoT infrastructure providers such as AWS, Microsoft, and Google recognize there isn’t a one size fits all approach, so each supports different models to facilitate secure IoT provisioning.
Provisioning is Part of a Secure IoT Infrastructure
Provisioning is a meta-application that draws on key security capabilities that in combination create embedded trust within an IoT ecosystem.
Root of Trust Extremely important for provisioning because it is the DNA of a device.
Secure Boot Ensures the device boots up with the proper provisioned software and has not been compromised.
Secure Parameter Storage Basic and operational configuration parameters are stored securely on the device once it is provisioned.
Validated Cryptography: Provisioning builds on the validated cryptography.
Secure Data in Motion Ensuring that data in motion during provisioning is transferred across a secure network and that the source can be validated.
Secure Data at Rest The provisioned software is protected and securely stored.
Allegro Software Toolkits Provide Secure Remote Updates Framework for IoT Devices
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
