32 32
can send a deactivate command to protect a device from a newly identified
malicious attack, or a server can deactivate a device if an end user fails to pay
a subscription fee, or a device can deactivate itself if it comes under attack.
A device moves back to "Activation state" only after successful execution of
an activation command that contains an activation code cyphered by a Super
Admin key.
There must also be a mechanism for server-side deactivation, which is typically
performed by secure messaging between the factory IoT server and the device.
Singh notes that one challenge in designing secure IoT devices in today's market is
the lack of standardized security protocols for those devices. This issue is becoming
increasingly acute because of the rapid growth in the number of connected devices.
However, industry initiatives are under way to address this issue. Singh notes as an
example a technology called IoT SAFE from the GSMA. "They are putting the secure
crypto algorithm inside the device," he says. "It will work as a secure element, and it
will also work for connectivity. The SIM would play a dual role."
"A connected coffee
machine may not
need the same level
of security as a
connected device in
an automobile. The
level of security you
apply depends on the
use case."
