Tactical, Operational & Strategic Analysis of Markets, Competitors & Industries
“Tiny IoT devices don’t have power to do really powerful security.”
Even early 1980s grade 8-bit, 8MHz chips with only 2k of RAM can do elliptic curve cryptography with a 256-bit key-length and are effectively as strong as RSA crypto with 2,048-bit key length, which is strong enough for U.S. “Secret” level national security information. That crypto is done using such little battery power that signing or verifying data on the hour every hour for twenty years would only use a slice of an AA battery.
“Security is too complicated, especially in IoT. You can never win.”
It’s true that effective security never stems from any single silver bullet. Instead, just as most good houses need a few walls, a roof and a floor, effective IoT security can be composed from a short list of crucial ingredients:
Good crypto to protect the authentication and potentially protect the confidentiality of data
Cryptographic verification of any and all code and configuration before permitting the code to run with any configuration.
Third-party runtime security by security professionals to mitigate any vulnerabilities in the code
Over-the-air management capabilities, including update and software inventory management, telemetry and policy management for security agility
Security analytics to find and fight sophisticated adversaries who don’t trip any alarms
These ingredients are simple and strong enough to protect top brands against the best attackers.