Issue link: https://resources.mouser.com/i/1516458
Hardware identification and authentication. This key parameter of IoT security involves the device having an immutable identity used in handshaking with an IoT network. Three mechanisms help ensure hardware identity and authenticity. One is a digital signature stored in the device memory that verifies that code running on the device is valid and has not been altered. Another is a digital certificate used to verify digital communications from the device, including the transfer of encrypted data. The third is a media access control (MAC) address. Each device will have its own factory-installed MAC address in its firmware. The MAC address typically includes information that identifies the device manufacturer. Kulkarni believes that there must be standard design practices for IoT device hardware authentication. "Engineers should use a similar hardware authentication mechanism in their hardware design," he says. "In addition to a standard authentication protocol, they must ensure that the manufacturer name, model number, and unique identifying information are encrypted so that it will be difficult for any attacker to decrypt." Data protection. "This is a two-stage challenge," Kulkarni says. "You have to decide how you will protect data on the device. You also have to decide how to ensure that transmitted data is correct." Kulkarni uses the example of a device that controls access to a building that he helped design. "It was a stand-alone product based on a processor, and it had flash memory for data storage," he explains. "A critical aspect was that user information had to remain protected." That was a challenge because any attacker could dump the data by taking out the flash memory and putting it into the flash reader. Kulkarni's team created two layers of protection, which he describes in this way: "We created a hidden partition in the flash memory that no tool could see, and we put all sensitive data in that partition. All the information was hidden. " As the original equipment manufacturer, you must have ultimate authority to control the supply chain at a minute level." 21