According to the Buckets Effect, how much of a bucket filled with water, depends on the shortest piece on the sides of casks. IoT industry with access to 5G shows rapid growth, but the security would become the “short board” restricting its development.

For individual customers, the security protects their privacy against infringement when they use connected devices; for enterprise end users, the security holds them harmless against suffering immeasurable losses caused by hacker attacks; and for IoT service providers, the security means more trustworthy products and solutions. Simply put, the security cannot be overemphasized. Yet the reality is that the IoT industry is far from paying enough attention to security.

IoT devices, for instance, have only a simply default password when leaving the factory; for another example, manufacturers only use initial encryption method, and so on. Only in the past 2019, IoT security news emerged in endlessly-millions of IoT cameras were reported to have major vulnerabilities; a 14-year-old hacker was able to control up to 4,000 IoT devices, and there was also a security scandal about Ring, one of Amazon’s fire security products…

Based on this status quo, what security awareness should IoT enterprises establish? How can we safeguard the safety and reliability of IoT devices?

With these questions, the author had in-depth exchanges with Ma Jing, General Manager of Sales Center of CEC Huada Electronic Design Co., Ltd. under CEC. Ms. Ma believed that massive amounts of unsafe connected devices may cause physical accidents, and the security is becoming the key factor restricting the development of IoT. Meanwhile, the software alone can no longer meet the IoT security demand, so the industry urgently needs the hardware to address the security weakness.

Why is it said that “software alone can no longer meet the IoT security demand” ?

In the era of Internet, terminals are generally on the user side, and the connection between the device and the man is very close. With the IoT age coming, tens of billions of devices are widely deployed in every corner of the globe, and attackers can easily launch two types of attacks:

Local attack: Hackers can conduct a reverse analysis of IoT devices or obtain the codes and work mechanisms of devices through hardware and software, so as to launch remote network attacks on servers or IoT devices.

Remote attack: By way of example of man-in-the-middle attacks, hackers can eavesdrop on communication data of the IoT devices and the cloud, so as to analyze and obtain some sensitive data from interactive information.

The author noted that foreign media reported last April that a security research organization disclosed unprecedented security vulnerabilities of IoT cameras, covering more than 2 million surveillance cameras. These cameras use a P2P communication software component of iLnkP2P developed by a domestic manufacturer. This component contains two vulnerabilities. Among these, the iLnKP2P authentication vulnerability allows attackers to intercept the connection of the devices and perform man-in-the-middle attacks and remotely control devices for eavesdropping, passwords stealing and remote invasion.

This shows that the software alone cannot effectively protect the security of IoT devices. Considering these existing pain points, HED launched professional IoT security SE chips, providing higher security protection for the IoT through hardware.

“In having communications between the IoT device and the cloud, random numbers are often introduced to ensure that even the same data is not the same on the communication links,” said Ma Jing, “although the software can achieve this function, the random number algorithms conducted by the software leave data exposed to a greater risk of being cracked as a result of the big data analysis, while the hardware can generate random numbers in the true sense through thermal noise or chaos principle of semiconductors, greatly improving the security level of anti-tapping and anti-tampering. ”

Further, power consumption attacks are also common; to be specific, there is a difference in power consumption when the device calculates 0 or 1, and the hackers may use the difference in physical power consumption to conduct reverse reasoning of data. To settle this problem, the IoT security chips can remove the difference of power consumption information occurring in the calculation of data by devices, and also can interfere with data, effectively preventing hackers from obtaining calculated data.

HED’s SE security chips are far from merely encrypting data

“Encryption does not mean security, and security chips are not just cryptographic algorithms,” Ma Jing concluded, “security threats in IoT applications include both single product security, such as anti-copying boards, local data storage security, and device networking security, such as device identification, identity authentication, data encryption transmission and OTA security upgrade.” Therefore, as an originator of the concept “security chips” of IoT, HED summarizes the requirements of IoT security in the following four aspects: device identification, bi-directional identity authentication between the device and the cloud, encrypted data transmission and remote OTA security upgrade.

To meet above requirements, the IoT security should contain a safe environment, safe data protection and safe processing flow, all of which are indispensable. Based on this, HED’s SE security chips have three functions including sensitive information protection, data transmission encryption and identity authentication.

The security needs to be paid great attention to from one end to another end of IoT, and the security awareness needs to be cultivated and accumulated for years. This puts forward higher requirements for security service suppliers. Domestically, HED has been awarded “Prize of Most Influential Enterprise in IoT Security” for three consecutive years, showcasing its excellent strength in the security chip field.

Although the term “Internet of Things” was coined not long ago, all kinds of smart card devices belong to the IoT devices in a broad sense, and have long-term requirements on security. Therefore, HED has carried certain IoT security genes since its inception. By now, HED has become a global supplier of smart card security chips and also one of the largest security chip suppliers.

In addition, to correspond to international algorithms, China has launched cryptographic algorithms with independent intellectual property rights, which is generally known as Chinese cryptographic algorithms. Currently, HED has developed a variety of security chips supporting both international algorithms and Chinese cryptographic algorithms. Its product security has passed the certification of many third-party testing agencies and obtained security qualifications of China Cryptogram Certification Level 2, UnionPay Chip Security, EAL4+/EAL5+, etc.

What’s more, as an important hardware product, HED’s SE security chips have internal software support, including an operating system and a file system, among other systems, so as to meet security needs of different scenarios and businesses. By combination of hardware and software, the SE security chips can provide customers with tailored security services.

Of course, in addition to security, low power consumption is also a factor that IoT devices need to focus on. HED also developed the ultra-low-power consumption security chip, with its standby power consumption less than 1μA and its large operating power consumption not exceeding 10mA. This chip can meet higher requirements on standby power and operating power consumption which the IoT puts forward aiming at security chips.


Which fields should pay more attention to the IoT security?

The IoT, ranging so wide, develops at different rates in different industries and has different degrees of security requirements in subdivided fields. So, the IoT segments involving people’s life, property and privacy security desperately need the IoT security chips.

In the IoV field, smart cars, as a mobile IoT carrier, use a wide variety of technologies internally. This also means that they face greater information security risks. The Guideline for Developing National Internet of Vehicles Industry Standard System released by the Ministry of Industry and Information Technology of the People’s Republic of China and Standardization Administration of the People’s Republic of China at the end of 2017 lists the information security construction as an important part of the intelligent connected vehicles standard system. By now, HED’s SE security chips can not only provide various levels of information security protection for passenger vehicles, but also help the government effectively monitor whether automobile exhaust pollutants of commercial vehicles meet the “China VI Vehicle Emission Standards”, realizing the innovation application of IoV security chips. This is a milestone breakthrough for a Chinese chip supplier.

In the smart security field, China has built the world’s largest video monitoring network with years of efforts. However, the security situations of our smart safeguard systems are hardly optimistic. The Technical Requirements for Information Security of Video Surveillance Network System for Public Security (GB35114-2017), the technical standards established by China in respect of the information security of video surveillance network, were officially implemented in November 2018, becoming the technical basis for comprehensively improving information security in the field of public security video surveillance. So far, HED has developed the security chips conforming to specifications A/B/C of GB35114, providing safeguard for various security needs.

In the smart metering field, the metering industry has evolved from mechanical metering to smart IC card metering, and to the present IoT metering. While solving the functional issues in the smart, digital, and information aspects, IoT technologies are susceptible to serious security threats in terms of the network and information security. To respond to these serious security threats, HED works with partners to provide a complete set of IoT security solutions for the smart metering industry, so as to effectively protect the data security of IoT metering, keep the property and privacy security of users, and safeguard the healthy development of the smart metering industry.

Besides, HED’s SE security chips and its solutions are widely applied in smart home, smart door locks, etc, providing both security safeguard for products and anti-counterfeiting solutions for accessories and consumables.

The IoT security needs joint efforts

Only after a long-term continuous improvement and evolvement and joint efforts of the industry is IoT security safeguarded. HED, as a pioneer in the security chip field, has explored a set of effective solutions for the IoT security, but the maturity of this industry needs the concerted efforts made by all enterprises.

Fortunately, some enterprises and management agencies have become the “leaders” in the IoT security field, and the whole IoT industry is increasingly paying attention to the security. With this, the security is expected to be greatly improved.

At the industrial level, the 2019 China Cybersecurity Development White Paper released by CCID showed that the IoT security market size in China reached RMB 8.82 billion and hit an annual growth rate of 34.7% in 2018. According to Gartner, the expenditures of the IoT security are estimated to reach USD 3.1 billion by 2021. Therefore, how to settle the IoT security issues is one of main concerns of enterprises.

In terms of policies, since 2017, the Chinese laws and regulations have been promulgated one after another, such as the Cybersecurity Law of the People’s Republic of China, the Cryptography Law of the People’s Republic of China, the Regulations on Protection of Critical Information Infrastructure Security, and the Regulations on Classified Protection of Cybersecurity. This means that importance of security is constantly increasing and has become a key point which cannot be ignored at the policy level.

For sure, the IoT security willcertainly become more and more important in the future, so it’s high time that all the companies consider how to safeguard the product security before security issues exist out there.

Source: Internet of Things Think-tank