- Semiconductor BusinessHOME
- Products and Services of Macnica,Inc.
-
technical information
-
Events and Seminars
- Handling Manufacturer
- Support
- Inquiry
- Click here to purchase products
- Semiconductor business e-mail magazine registration
“Security measures” required for IoT devices
With the rapid progress of IoT, the cybersecurity risks of IoT devices are also increasing proportionately. Since IoT devices exchange data via the Internet, they are constantly exposed to the threat of cyber-attacks, such as interception and spoofing through security holes and attacks on vulnerable parts. In addition, there have been cases of large-scale attacks using IoT devices as springboards, and this has become a social problem.
Under these circumstances, in order to reduce the cyber security risk of IoT devices, there is an increasing demand for security measures for IoT devices, centered on laws, regulations, and certification standards.
However, at actual development sites, highly specialized security design is required, so the current situation is that effective security measures are not being implemented.
Security measures for general IoT devices
Certification standards such as IEC62443 that define functional requirements for industrial control systems, procurement standards such as NIST SP800 that are starting to be applied to consumer products from the US government procurement standards, and other IoT devices listed in laws and regulations. The required security measures include the following.
・Encryption of communication data or memory data
・Secret key protection
・Mutual authentication, message authentication, detection of falsification of transmitted data
・Vulnerability countermeasures (updates) for software such as OS, firmware, and applications
・Detection/prevention of tampering with software such as OS, firmware, and applications
・Access control to devices, setting of access authority
・Anomaly detection/status monitoring
・Strengthen administrator ID/password
・Suspension or deletion of unnecessary accounts
・Strengthen security policy
Three points in building security functions for IoT devices
We will introduce the three important points for implementing the security measures mentioned earlier, as well as the issues and causes that arise when implementing them.
1. Determination of optimal security measures for development equipment
At the stage of starting to consider the implementation of security functions, there are many cases in which it is not possible to determine the necessary measures for development equipment among the many security measures. It is caused by a lack of understanding of what kind of threats posed by cyberattacks can be handled by each security measure.
2. Selection of software and hardware that can implement security measures
After determining the optimal security measures, there are many cases in which the correct selection cannot be made when selecting the software and hardware for constructing each security measure, and the assumed security measures cannot be introduced. This is caused by a lack of understanding of what kind of security technology constitutes each security measure.
3. Implementation of security functions that are optimal for the product environment
Selected software and hardware cannot be implemented correctly according to their own environment (including use cases for each function and the operating environment of the device itself), creating new security holes.
Macnica security measures construction support service
Macnica provides effective security measures through its "Product Security Measures Construction Support Service," which supports the introduction of security measures according to the customer's product characteristics, operating environment, and use case.
1. Support for determining optimal security measures for devices
Through threat analysis that identifies possible threats and attack scenarios, and identification of optimal security measures according to the results, we support decisions on security measures based on strong evidence.
2. Provision of software and hardware capable of implementing security functions
From the introduction of knowledge to understand the security measures that have been decided, in addition to introducing the knowledge of the software and hardware required to construct each security measure, we also provide the optimal software and hardware to support accurate and prompt selection. increase.
3. Optimal development and implementation support according to the environment
In addition to introducing the necessary knowledge according to the customer's product features, operating environment, and use cases, we support accurate and rapid development and implementation by outsourcing some development work.
Provided software and hardware image diagram
Macnica implements the above-mentioned security measures as a total system that includes not only the hardware and software on IoT devices, but also the application software on the server.
Inquiry
“For companies that are considering digitizing their products and services and converting them to IoT in order to develop new markets and develop new products, we will provide easy-to-understand explanations, from optimal product selection to installation methods. Please feel free to contact us.