editor's blog
Subscribe Now

IoT Paranoia – Not a Bad Thing

While the Internet of Things (IoT) is full of promise, there’s one word that summarizes all that people fear about it: security.

We got to hear a bit about that at a session dedicated to the topic at the recent Internet of Things Engineering Summit co-conference at EE Live. Presented by consultant George Neville-Neil, it wasn’t about technology per se; it was about our state of mind.

Most of us believe it’s important to keep intruders out. His main takeaway: assume they will get in. Because, eventually, they will. Building sturdy walls is good and important, but planning for what happens next is also important.

What caught my ear in particular is one of the less-obvious possible consequences of not minding the store properly: a “consent decree.” I’ve heard the term in a generic sense, but it’s not obvious what the implications are if you’ve never had one (which I haven’t, which is why I asked). Apparently, if you’ve been careless with security, a consent decree allows the Federal Trade Commission (FTC) to become your overseer, getting all up in your business and stepping in when they want. Most of all, the documentation required during the term of the decree sounds particularly onerous. So… avoid this.

That aside, the following are my attempt to summarize his supporting recommendations (“attempt” because I was writing furiously to keep up):

  • Shrink the “attack surface” (i.e., expose less). Meaning, drivers, daemons, features, debug access, web servers, data loggers, etc.
  • Separate out “concerns.” I.e., no processes with root access or super-control; restrict access to data. Nothing gets access to anything irrelevant.
  • “Defense in Depth” – rings of security. What happens when the first wall is breached?
  • Provide only those features really needed. (OK, marketing will have a fun time with this. You know the drill:
    • Marketing: Here are the features we need in the next release.
    • Engineering: You can’t have them all; which ones do you really need?
    • Marketing: We need them all. We didn’t bother asking for the nice-to-haves.
    • Engineering: Well, which of these do you need least?

In other words, marketing probably already thinks they’re getting less than the really-needed features.)

  • Be conservative in what data you accept and send.
  • Review your code.
  • Review other people’s code – especially when incorporating someone else’s code or IP. Do an internet search for the package along with words like “crash” or swear words to find red flags.
  • Use “sandboxing” to provide isolation.
  • Use automation to test and analyze your code. Oh, and don’t forget to look at the results.
  • And, the bottom line, “Plan for Compromise.”

And sleep with one eye open. Because They’re coming, you know…

Leave a Reply

featured blogs
Sep 23, 2020
The great canning lid shortage of 75, the great storm of 87, the great snow of 54, the great freeze of 48... will we one day be talking about the great toilet roll shortage of 2020?...
Sep 23, 2020
CadenceLIVE 2020 India, our first digital conference held on 9-10 September and what an event it was! With 75 technical paper presentations, four keynotes, a virtual exhibition area, and fun... [[ Click on the title to access the full blog on the Cadence Community site. ]]...
Sep 22, 2020
I am a child of the 80s.  I grew up when the idea of home computing was very new.  My first experience of any kind of computer was an Apple II that my Dad brought home from work. It was the only computer his company possessed, and every few weeks he would need to cr...
Sep 18, 2020
[From the last episode: We put the various pieces of a memory together to show the whole thing.] Before we finally turn our memory discussion into an AI discussion, let'€™s take on one annoying little detail that I'€™ve referred to a few times, but have kept putting off. ...

Featured Video

DesignWare MIPI C-PHY/D-PHY IP Performance at 24 Gbps

Sponsored by Synopsys

This video features the DesignWare MIPI C-PHY/D-PHY IP interoperating with an image sensor in C-PHY mode up to 3.5 Gsps per trio and D-PHY mode up to 4.5 Gbps per lane, available in FinFET processes for camera and display applications.

More information about Synopsys DesignWare MIPI C-PHY/D-PHY IP

Featured Paper

An Introduction to Automotive LIDAR

Sponsored by Texas Instruments

This white paper is an introduction to industrial and automotive time-of-flight (ToF) light detection and ranging (LIDAR) solutions to serve next-generation autonomous systems.

Click here to download the whitepaper

Featured Chalk Talk

DC-DC for Gate Drive Power

Sponsored by Mouser Electronics and Murata

In motor control and industrial applications, semiconductor switches such as IGBTs and MOSFETS of all types - including newer wide-bandgap devices are used extensively to switch power to a load. This makes DC to DC conversion for gate drivers a challenge. In this episode of Chalk Talk, Amelia Dalton chats with John Barnes of Murata about DC to DC conversion for gate drivers for industrial and motor control applications.

More information about Murata Power Solutions MGJ DC/DC Converters: