The connectivity revolution is changing our lives. It allows us to interact with many of the devices we own, allows them to learn from their use, improves efficiency and saves resources.
As part of this revolution, manufacturers are now being motivated to explore new areas in which they have no previous experience; from embedding new components into their devices, through writing dedicated additional code for connectivity, to integrating with other solutions. In order to satisfy market expectations, as well as enjoy a competitive advantage, many manufacturers rush to ‘connect’ their products, focusing on ease of use and leaving out anything that can slow down production or require any (additional) expertise.
Continue reading “The Time for Security Is Now”
In this article, part three of the IoT Security Foundations series, we examine issues related to certificate authentication and the complexities around its use in the Internet of Things.
Many security issues that plague the Internet of Things are directly caused by insecure password authentication. We have reviewed these issues and possible solutions in the previous article. Certificate authentication provides a stronger alternative, as unlike passwords, it does not rely on a short token memorized by a human operator; instead, it uses public key cryptography, with larger storage and processing requirements, more advanced protocols, and better security guarantees as a result. Certificate-based authentication is common in the Internet of Things: outside of regular client-server communication, it is used in such areas as firmware updates and local access. This article should be useful to IoT manufacturers and service providers looking for the right way to design their certificate management.
Continue reading “IoT Security Foundations: Certificate Authentication in the Internet of Things”