In this article, part three of the IoT Security Foundations series, we examine issues related to certificate authentication and the complexities around its use in the Internet of Things.
Many security issues that plague the Internet of Things are directly caused by insecure password authentication. We have reviewed these issues and possible solutions in the previous article. Certificate authentication provides a stronger alternative, as unlike passwords, it does not rely on a short token memorized by a human operator; instead, it uses public key cryptography, with larger storage and processing requirements, more advanced protocols, and better security guarantees as a result. Certificate-based authentication is common in the Internet of Things: outside of regular client-server communication, it is used in such areas as firmware updates and local access. This article should be useful to IoT manufacturers and service providers looking for the right way to design their certificate management.
Continue reading “IoT Security Foundations: Certificate Authentication in the Internet of Things”
This guest article is a detailed guide to the Dropbear SSH service, intended for technical readers. It is meant to be one of the first in the VDOO Library, a collection of in-depth technical articles and guides which would provide practical advice to device makers, administrators and users.
Our guest writer, Donald A. Tevault, is a Linux security expert, instructor and consultant, and the author of the book “Mastering Linux Security and Hardening”.
Continue reading “Installing Dropbear with Enhanced Security Options”
This article is part two of the IoT Security Foundations series. In this post we will introduce authentication, its pitfalls, and what makes it interesting in the Internet of Things. This article focuses on password authentication mechanisms, the most common ways they get broken, and the right measures that IoT makers can take to achieve a high level of security. There are other advanced authentication methods, that can be more secure or more efficient than password authentication under specific scenarios, but we will leave the details of those for a later article in this series.
Continue reading “IoT Security Foundations: Authentication on the Internet of Things”
In this blog post, we will discuss what makes up the foundations of security in IoT, and begin a series of articles that will provide focused overviews on select topics within this field. We will focus on the client or device side of IoT, rather than the server or service side, since that is where some of the most unique challenges lie.
Continue reading “IoT Security Foundations”
The Internet of Things (IoT) ecosystem is somewhat infamous for its lack of security. In this article, part of our series on IoT security foundations, we will analyze the IoT supply chain, and examine how some of its elements affect IoT security, focusing on devices. We will then use this analysis as a basis to propose some industry and regulatory solutions.
Continue reading “Security in the IoT Supply Chain”