IoT Security News: Principles of IoT Security, PKI Trends, and the Encryption Debate

By Joanne Kelleher | October 14, 2017

In the face of seemingly endless cybersecurity breaches and IoT hacks, it is important to actively stay abreast of security news and trends in the semiconductor industry. But it can be difficult to stay informed, particularly due to short news cycles and the sheer volume of security-related announcements coming out each day. We can help. And here are some recent security stories that we thought were interesting and important.

US Chamber of Commerce: Principles for IoT Security

Not long after a bipartisan group of US senators introduced an IoT security bill, the US Chamber of Commerce weighed in on the IoT landscape and called for new global standards to address IoT security threats. In a report titled “The IoT Revolution and Our Digital Security,” the Chamber recommended increased public-private collaboration and presented a list of 10 IoT security principles for policy makers and industry experts.IoT Security Hacking

The list included principles such as: “global standards work is the best way to promote common approaches and technology solutions”; “governments must work together to shut down illegal activities”; and “any approach to IoT security should be data-driven.”

In addition to listing its 10 principles, the Chamber makes several sensible recommendations to governments that will, if implemented, lead to a more secure IoT. For instance, it is recommended that “governments should avoid picking winners and losers when it comes to technical standards, this is especially true as it relates to cybersecurity, as approaches are continuously evolving alongside threats.” Another practical recommendation is that governments should “encourage a bottom-up, industry-driven approach to enhanced security.” Read the Report

Public Key Infrastructure (PKI) Global Trends

Now more than ever, engineers and product managers are seeking authentication solutions for IoT devices and applications. According to a new report published by the Thales and Ponemon Institute, 43% of all IoT devices will implement digital certificates for authentication and identification within the next two years.

The Ponemon Institute surveyed more than 1,500 IT security experts about public key infrastructure (PKI) design, management, and challenges. Some of the Ponemon Institute’s more interesting findings include:

  • Respondents who are concerned about the impact of the IoT on PKI increased from 14% to 36%.
  • The IoT is the fastest growing trend driving the deployment of applications that make use of PKI.
  • Organizations with internal certificate authorities (CA) use an average of eight separate CAs and manage an average of 35,488 internal or externally acquired certificates. Read the Report

The Warrant-Proof Encryption Debate Continues

Back in 2016, the FBI and Apple squared off over the legality of unlocking a terrorist’s iPhone. Ever since then, many tech executives and US law enforcement leaders have struggled to find common ground on the subject of “warrant-proof” encryption. In early October, Deputy Attorney General Rod Rosenstein pushed the debate forward at the Cambridge Cyber Summit, where he stated that modern encryption continues to make it difficult for law enforcement to investigate crimes and prevent terrorism.

“We in law enforcement have no desire to undermine encryption,” Rosenstein said. “But the advent of ‘warrant-proof’ encryption is a serious problem. It threatens to destabilize the constitutional balance between privacy and security that has existed for over two centuries.”

Read the transcript of Rosenstein’s presentation.

Yahoo Was Off by 2 Billion

The 2013 Yahoo hack story just got worse, for everyone involved. Yahoo recently announced that 3 billion user accounts were hacked in 2013. That is 2 billion more hacked accounts than previously announced.

In a notice posted on October 3, Oath, which now owns Yahoo, stated:

“Subsequent to Yahoo’s acquisition by Verizon, and during integration, the company recently obtained new intelligence and now believes, following an investigation with the assistance of outside forensic experts, that all Yahoo user accounts were affected by the August 2013 theft.”

For Yahoo’s take on the 2013 hack, check out the Yahoo 2013 Account Security Update FAQs.

News Briefs

  • Market research firm IC Insights anticipates that China will account for 13% of pure-play foundry sales in 2017. (IC Insights)
  • Global semiconductor sales reached $3 billion for the month of August 2017, up 24% compared to August 2016. (Semiconductor Industry Association)
  • Taiwan Semiconductor Manufacturing Co. (TSMC) has announced it will build a 3-nm fab in Tainan Science Park, Taiwan. (TSMC)
  • Dialog Semiconductor announced last week it will acquire Silego Technology for $276 million. (Dialog)
  • Google’s Cloud IoT Core, a managed service on the Google Cloud Platform (GCP), is now openly available to the public in beta. Developers can use Google Cloud IoT Core to manage millions of IoT devices, build IoT applications, and collect and analyze data. (Google)