The Internet of Things (IoT) provides connectivity between portable devices and cloud-based data systems, assuring that virtually anything can be monitored, and perhaps infiltrated, from almost anywhere. These embedded tools offer built-in protection.
5G isn’t just the next evolution in smartphone communication, it’s also the wireless superhighway that will carry traffic generated by the more than twenty billion IoT devices expected to be online by the year 2020. With all that information flying around the airwaves, we’re going to need a serious layer of data security. That’s why Gemalto, a digital security provider, just announced a partnership with Intel (you know who that is) to deliver software and hardware protection for servers that hold information from IoT devices.
The Internet of Things (IoT) provides connectivity between portable devices and cloud-based data systems. From the fitness monitor on your wrist that uploads your vital signs to a personal tracking system (and your physician, if you choose), to a robot in a manufacturing plant detecting a fault and informing the facility manager in real-time, IoT’s wireless protocols assure that virtually anything can be monitored from almost anywhere. Therein lies the problem: if you can access the data, then what stops someone else from doing so?
Much like the espionage industry, data security is a constant “arms race” between the good guys and the bad guys, with the former creating protective measures and the latter finding ways around them. For example, your data may be secured by a password. Obviously, the server that holds your information has to store your password somewhere. The same is true of any security measure, whether it’s a password, a fingerprint, or facial recognition. If someone hacks into the server, they can see all that secret data. Intel says that SGX will keep that information hidden, even if the server itself is hacked.
Intel SGX
Intel’s SGX (Software Guard eXtension) provides a layer of security by creating “enclaves,” safe spaces in a server’s memory that hold an application’s secrets. According to Intel, the enclaves are so secure that even if the server’s operating system or BIOS is hacked, the secret data will remain hidden from the malware. Secrets include:
-
Medical records
-
Personal ID info
-
Biometrics
-
Passwords
-
Encryption keys
-
Intellectual property
Intel offers a slew of design tools for engineers developing apps that run on cloud-based servers, including a set of tutorials that comprise, for all practical purposes, a complete online “how-to” course. The learning modules provide videos, sample code, and application notes.
Gemalto Data Protection on Demand
Gemalto’s “SafeNet Data Protection on Demand” (DPoD) is a cloud-based security platform that provides identity authentication and data protection. The partnership with Intel means that these services are built into the SGX design tools – an engineer simply selects the option to enable the feature and creates a link to the appropriate DPoD service. I asked Gemalto to elaborate on that:
“This service provides hardware security modules (HSMs), key management, and other encryption services on demand. Gemalto hosts this service from data centers in North America (and soon in Europe).
SafeNet Data Protection on Demand’s API is integrated into Intel SGX. Developers have very little to do since data security is already included at the processor level. The data processed or created by the product is encrypted and can be stored and/or transferred between any cloud environment or app. This allows developers to have security built in at the very beginning of their development process. It offers them hardware security capabilities with the flexibility of software security.
To help developers, SafeNet DPoD is a web platform, enabling them to select, click and deploy the data security services they need in a matter of minutes. And because the API is connected to the Intel SGX processor, the services are automatically provisioned, without any complicated configuring or integration on the part of the developer.”
Internet security is a specialty that was once the sole purview of network administrators. The proliferation of IoT devices brings security into the realm of embedded systems engineers. Fortunately, most IoT platforms have security built-in, so the application engineers can simply find the tool that’s most appropriate for the job and use it, without having to worry about what’s happening behind the curtain.