Virtualization Technology News and Information
Article
RSS
Keyfactor 2023 Predictions: PKI and Code Signing Will Make IoT Device Security a Priority in 2023 & Beyond

vmblog-predictions-2023 

Industry executives and experts share their predictions for 2023.  Read them in this 15th annual VMblog.com series exclusive.

PKI and Code Signing Will Make IoT Device Security a Priority in 2023 & Beyond

By Ellen Boehm, SVP of IoT Strategy and Operations, Keyfactor

In the years ahead, IoT devices will only grow more and more popular. In fact, a forecast from the International Data Corporation (IDC) estimates there will be 27 billion IoT devices by the year 2025. With 13.4 billion IoT devices today, that is a projected 101.49% increase.

While the rise of IoT devices has introduced countless opportunities for innovation, the security of those devices poses serious challenges across automotives and medical devices, to the manufacturing, retail, and finance sectors. Why? Because the capabilities these devices possess to generate positive change in the world are actually what makes them more susceptible to security risks.

IoT devices extend internet connectivity beyond standard devices like laptops and smart phones to everyday devices like watches, thermostats, and home security cameras so that they can share information and perform actions in response to that shared data. This means that every point of connection that exists carries the risk of being hacked. Beyond the many points of connection that inherently create risk, for many companies who jumped on the IoT bandwagon, security was an afterthought to innovation.

As IoT devices continue to become more commonplace, IoT device security will be a top priority for both developers and security professionals. If we fail to prioritize IoT security, these security risks could interfere with the projected growth and adoption of IoT devices.

Industries with the Most Prevalent Challenges

Industries that will continue to have a particularly hard time securing IoT devices include automotive, medtech, and telecommunications. These industries are complex, involve multiple vendors to orchestrate a robust solution, and oftentimes have extremely high volumes of devices and applications distributed globally. This complexity requires operators and implementers to have robust security strategies in place to establish trust and ensure data integrity. Let's examine these industries a bit more to understand why.

Automotives:

With the rise of vehicle-to-everything (V2X) technology, it will soon become possible for vehicles to communicate with other vehicle, including parts of th infrastructure such as road signs and traffic signals to create a clear picture of what is happening around the car - ultimately enabling safer or more efficient driving. With this technology, it will be possible for a vehicle to deliver real-time traffic information, preemptively respond to changing road conditions, take evasive actions to avoid a car crash, and recognize road signs and other warnings, to name a few potentialities.

Automotives require many features and functionality to be secured, including firmware or software updates over the air, Infotainment app updates, diagnostic and maintenance tools, or securing components in the supply chain. All these different features and functionalities must all be validated and trusted to build a robust and secure in vehicle operating system.  These use cases are complex and oftentimes involve multiple vendors collaborating to put the pieces together with high reliability and security in mind.

Medical Technology

According to Straits Research, IoT medical technology is expected to grow to a $486.34 billion market by 2031. This projected growth stems from wearables such as Apple Watches measuring heart rate, to teletherapy options heightened by the pandemic. While IoT medical technology brings many health benefits, IoT medical technology will be challenging to secure in 2023 for a few reasons. For one, medical devices are a huge target, due to the amount of sensitive data that medical technology collects, it is a prime target for cyber criminals. Additionally,  many hospitals and clinics are adopting intelligent equipment and applications to bring efficiency and insights into their operations. It is known that these facilities can be targets for ransomware, where systems are compromised and the victims have no choice but to pay up in order to continue operations.  It's critical that everything from high value robotic surgical equipment to connected bedside sensors are secured and aren't left open to attacks that can spread inside a facility.

Telecommunication

When it comes to telecommunication, IoT mostly plays a role in moving beyond internet cables and mobile phone towers to enable 5G technology. Further, IoT telecommunications makes smart home devices possible, and that is just the beginning. In the next century or so, telecommunications will be used to enable applications from smart cities, to waste management, traffic management, and everything in between. IoT telecommunications is particularly challenging to secure because the volume of endpoints that exist within a network and the complexity of hardware that needs to interoperate securely in order to provide robust infrastructure. Wireless connectivity provides many benefits and ability to stand up solutions where limitations existed based on wired or physical architecture. 

With all three industry applications, it's crucial to have the proper security infrastructure in place to ensure the trustworthiness of communication of every message. Without it, it's impossible to determine whether the source of the message is legitimate and whether it has been impacted by outside interference or modification. This can have devastating consequences. In the case of connected vehicles, tampering with V2X communications might result in fatal accidents. Or, when it comes to medical devices, it could lead to device failure that is critical to an individual's health. Then there is telecommuncations. Once smart cities emerge, another country could infiltrate its systems, taking over critical infrastructures that impact our everyday lives.

What We Can Learn from Matter

Thankfully, the wider IoT industry is starting to pay more attention to this. The Connectivity Standards Alliance (CSA) introduced the Matter standard, striking new ground with security policies and processes. Companies that pledge to the Matter standard will be required to use public key infrastructure (PKI) to validate device certification and provenance within smart homes. Today, there are over 550 tech companies that have agreed to participate in the Matter standard. This includes big names like Google Home, Amazon Alexa, and Apple Home Kit.

PKI & Code Signing will be Key in Securing IoT Devices

While the Matter standard only pertains to the smart home, it will lead as a great example of security benefits associated with requiring PKI in all IoT applications. As a trust framework composed of hardware, software, policies, and procedures, PKI enables IoT device manufacturers to embed a cryptographically verifiable identity through a digital certificate into each device, ensuring that all access and data communication remains secure.

In the year 2023, we will also see more businesses relying on code signing for IoT device security. Code signing is a cryptographic method used by developers to prove authentic devices. By digitally signing IoT device software and firmware with a private key, the proof is delivered to end-users that the code originates from a trusted and legitimate source. This also ensures that the device's software hasn't been tampered with since it was published.

Implementing a PKI program will allow manufacturers to bring innovative new devices to the market while maintaining high-security levels, which will prove a competitive advantage going forward as it will quell consumer concerns around security.

##

ABOUT THE AUTHOR

Ellen-Boehm 

Ellen leads the product strategy and go to market approach for the Keyfactor Control platform, focusing around digital identity security solutions for the IoT device manufacturer market.  Ellen is passionate about IoT and helping customers establish strong security implementations for the lifecycle of their overall IoT systems.

Ellen has 15+ years experience leading new product development with a focus on IoT and connected products in Lighting controls, Smart Cities, Connected buildings and Smart Home technology.  Ellen has held leadership roles in Product & Engineering at General Electric and Sky Technologies over her career.

Personal Highlights: Ellen lives in Cleveland, OH along with her husband Rich and children Edward & Emma.  Ellen has a Bachelor of Science degree in Electrical Engineering from Rochester Institute of Technology, and a Master of Science degree in Electrical Engineering and  Master of Business Administration from Case Western Reserve University.  Ellen enjoys fitness, yoga, swimming, and outdoor activities around Cleveland with her family and friends.

Published Friday, January 20, 2023 7:35 AM by David Marshall
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<January 2023>
SuMoTuWeThFrSa
25262728293031
1234567
891011121314
15161718192021
22232425262728
2930311234