Issue link: https://resources.mouser.com/i/1516547
21 complex and potentially too resource-intensive for an embedded system, PKE can actually simplify system deployment and operation because the sender and receiver don't need prior knowledge of one another and manual configurations can be minimized. This approach is often used on Linux-based systems that communicate over IP, because the necessary resources for PKE are often already present. Transport Layer Security Transport Layer Security (TLS) is the current standard for the widely implemented Secure Sockets Layer (SSL) protocol. It provides a standard framework for PKE and encryption to secure traffic between devices. However, for resource-limited embedded systems, the memory and processing requirements for the TCP/IP stack may be impossible to support. That's why TLS is often used on larger embedded systems (e.g., those running Linux) where communication occurs in IP sessions such as TCP. Even smaller embedded systems may have the resources to support TLS, but this requires careful evaluation. Wi-Fi Protected Access (WPA2) When an embedded terminal device uses Wi-Fi (802.11) for communi- cation, the WPA2 suite of standards can secure the communication channel. This widely deployed protocol allows interoperability of systems from different design authorities. However, it is generally beyond the reach of smaller embedded systems unless specialized Wi-Fi-ded- icated coprocessors are present. For certain applications on larger OS-based (e.g., Linux) systems, WPA2 can be an attractive option. Digi TrustFence™ Featuring the Digi ConnectCore ® 6UL and NXP i.MX 6 and i.MX6 UL ® Applications Processor To help designers and builders effectively respond to the IoT security mandate, Digi offers Digi TrustFence™, a fully integrated, tested, and complete Linux device security framework for the Digi ConnectCore ® 6UL system-on-module solutions featuring the NXP i.MX6 and i.MX6 UL applications processors. By leveraging multiple H/W security components of the i.MX series, Digi TrustFence simplifies efforts to build secure, trusted, and reliable connected products; speeds your time to market; and lets you focus on your core competency. You gain immediate access to critical features such as secure connections, authenticated boot, encrypted data storage, access-controlled ports, secure software updates, and seamless integration of the dedicated on-module Secure Element (SE). Build connected, embedded products on Digi ConnectCore ® 6UL for the NXP i.MX6UL to capitalize on out-ofthe-box, integrated security with Digi TrustFence. The result: you can protect your brand's reputation. You focus on delivering products that take advantage of the benefits of connectivity. Digi TrustFence handles the security for you. Digi TrustFence offers: SECURE BOOT TrustFence ensures only signed software images run on your device. ENCRYPTED STORAGE Local file system encryption keeps your internal data safe. PROTECTED PORTS Protected, access-controlled internal and external ports prevent unwanted "back doors." DEVICE IDENTITY Root of trust, certificate management, and secure key storage protect the identity of your device. DEVICE INTEGRITY Tamper-proofing and device-integrity monitoring with low-power support protect against physical intrusion. SECURE CONNECTIONS Enterprise-level data encryption provides privacy for wired and wireless network connections. FUTURE-PROOFING Digi platforms are built for longevity and long-life product lifecycles with availability for years to come. SECURE BOOT TRUSTFENCE SECURE CONNECTIONS DEVICE IDENTITY ENCRYPTED STORAGE POLICY MANAGEMENT SECURE UPDATES PROTECTED PORTS CERTIFICATE MANAGEMENT Summary Security threats to embedded devices in IoT solutions are increasingly common, as attacks have become easier to carry out. These can include confidentiality breaches, service theft, data integrity, and service availability. IoT systems have unique security requirements and challenges, mostly due to resource limitations. Six core methods (packet encryption, message replay protection, message authentication code, debug port protection, secure bootloaders and pre-shared keys) are typically compatible with the unique needs of M2M terminal devices. Increas- ingly, four other methods (SSH, PKE, TLS and WPA2) can be used with smaller M2M terminal devices as available system resources expand.