16
Jonathan Cartrette, Director of
Technology, IoT Systems, Legrand,
North America
In 10+ years with Legrand, Jonathan built
up his expertise in solving scale problems
in distributed systems of smart devices
optimized for CX/UX and performance
anywhere in the stack from Cloud to
deeply embedded. Time on construction
sites deploying smart lighting provided
considerable exposure to real-world
deployment challenges that he faced as
a Product Manager, Engineer R&D leader,
and Systems Architect.
Internet of Things (IoT) security begins with hardware authentication. "You've got
to sign the hardware if you are going to have ecosystem-level rights management
and access control," says Jonathan Cartrette, Director of Technology and IoT
Systems at Legrand. "You need certificates, and you've got to use crypto."
The success of all downstream security efforts, including securing software and
data, and the ability to secure IoT devices in a network environment, depend on
device-level hardware authentication in order to scale.
Although the methods for creating the rooted trust necessary for true hardware
authentication are well understood, they add cost and present challenges
for compact hardware designs. For many devices, particularly the smaller,
lower-cost IoT devices that are becoming ubiquitous in the market, hardware
authentication is often an afterthought. Cartrette points out that in some cases,
it's even a challenge to agree on exactly what is meant by authentication. For
example, Bluetooth has pretty good protections for pairing to guarantee that
only the peripheral and your phone are communicating. Designers may assume
that because they are using Diffie-Hellman cryptographic key exchange in their
Bluetooth device and the peripheral successfully connects, the hardware is
"It is impossible to do a good job of protecting firmware
integrity if you do not have hardware you can trust."
Hardware Authentication Is the Foundation
of a Secure IoT Ecosystem
