Issue link: https://resources.mouser.com/i/1442760
19 | 19 | valuable data travels from these devices to the cloud and back— and can be intercepted at multiple points along the way. Unfortunately, many decisions around security come down to budget, often in a misguided manner. The cost of a security breach can be high in terms of dollars as well as reputation and customer confidence. Figure 3 uses consumables as an example to illustrate how much counterfeiting can impact the bottom line. But many companies are still playing their own balancing game, weighing the time, effort, and cost of building in security against the pressure to get to market quickly while keeping development costs down. Plus, for many, security adds zero functionality to a product, so it becomes an unfortunate afterthought. However, as evident in Figure 3, foregoing security can actually be more costly in the end. Why Hardware-Based Security is More Effective When you're ready to think seriously about security (and we hope the data points presented in this paper have convinced you), there are hardware- and software-based security approaches to consider. While software encryption is deemed to be cost effective and easy to implement and update, it really is "as strong as the level of security of the operating system of the device. A security flaw in the OS can easily compromise the security provided by the encryption code," notes Infosecurity Magazine. Indeed, operating systems (and their patches) are typically so complicated that it's hard to exhaustively determine all of the potential interactions that could lead to a breach, which leaves the system with potentially many points of vulnerability. Since hackers are constantly targeting software security tools and network vulnerabilities, a software-based approach can leave designs open to someone trying to gain control of the board or the main microcontroller. In its article, "Hardware-based security more effective against new threat," ZDNet argues that products would be better protected if hardware-based security is utilized because cybercriminals find it hard to alter the physical layer. The article, citing an RSA ® spokesperson, further notes that the physical layer eliminates the possibility of malware infiltrating the operating system and penetrating the virtualization layer. Hardware-based security is, indeed, more robust than its software- based counterpart. Establishing a "root of trust" starts with trusted software that stems from a hardware-based approach. The only way to guard against attacks that attempt to breach an electronic device's hardware is to use a secure microcontroller that executes software from an internal, immutable memory. Stored in the microcontroller's read-only memory (ROM), this software is considered to be inherently trusted because it can't be modified (and is, therefore, the root of trust). This "non-modifiable" and trusted software can now be used to verify and authenticate the application software's signature. Indeed, it makes sense to start at the very base level, where the design is architected, so you can integrate security into that level plus all of the layers that are added on top. With a hardware-based "root of trust" approach that starts from the bottom, you can close off more potential entry points into your design. Plus, some designs—like small sensors that are part of a larger, distributed sensor network—don't lend themselves to hosting complicated software. Figure 4 highlights the three pillars of IoT security. Figure 3: Security does come with a cost, but so does a loss of revenue, profits, and brand reputation due to counterfeiting. (Source: Maxim Integrated) Figure 4: Mandatory IoT security needs for the three key pillars. (Source: Maxim Integrated)