Intelligent, networked devices make our lives more convenient. But on the other hand, the proliferation of these devices also means that our data is very vulnerable to security breaches, including personal or sensitive information. Protecting data that is transmitting and stationary is also becoming more and more important.
The Transport Layer Security (TLS) protocol, which is the successor to the Secure Sockets Layer (SSL) protocol, prevents eavesdropping or tampering of data when Internet of Things (IoT) devices communicate over the Internet. The protocol essentially establishes a secure communication channel between the client and the server. When we access a website protected by an SSL certificate, we see Secure Hypertext Transfer Protocol (HTTPS), which combines HTTP and SSL/TLS, along with the security identity of the web server, to enable encrypted communication with the web server.
TLS includes a "handshake phase" that uses an asymmetric key to agree on a symmetric key pair that is used only for that session for efficient and fast data encryption and decryption. The security IC is capable of handling this handshake phase, storing session private keys, and performing encryption/decryption on separate devices, with countermeasures that prevent known hackers and attacks. If the private key and certificate cannot be stored securely, and illegal modifications are prevented, all of these assets are exposed to the attack. In an intrusive attack, an attacker attempts to open the device's shell to manipulate memory contents, replace firmware, or probe PCB traces. There are also non-intrusive attacks targeting a logical vulnerability in the device's firmware.
Fortunately, there is a low-cost, low-complexity solution that guarantees the security of the TLS protocol implementation in networked embedded systems and reduces the burden on the device application processor.
Supporting security ICs protect TLS implementation in IoT designs
Traps for TLS integration in embedded devicesOne of the advantages of the TLS protocol is its ability to be easily integrated into any application that uses a commercial software library. However, even if there are no vulnerabilities in the TLS stack, there may still be flaws in integrating and using the TLS library in your software. Common weaknesses in integrating TLS in embedded devices include:
Skip certificate verification
Weak cipher suite
Insufficient protection of certification authority certificate
Session key leak
Client authentication key is threatened
Use poor encryption and low quality random numbers
In order to implement a truly secure TLS approach and avoid the pitfalls discussed above, a minimum set of rules needs to be adhered to. This includes protecting the session key in use, using a secure encryption algorithm, and securely storing the client's authentication private key. It is also very effective to use a companion IC to protect the TLS implementation. The security IC does not impose any additional burden on the designed application processor, essentially preventing many vulnerabilities in TLS implementation. Security ICs such as the MAXQ1061 can help avoid these pitfalls, even in embedded systems with limited resources, the MAXQ1061 supports TLS. Security ICs can also enhance the inherent security of the TLS protocol by protecting key steps during handshake, session key generation, and packet encryption/decryption.
Tn Panel,Tn Lcd Display Module,Tn Positive Lcd Display Module,Tn Lcd Display Module Connector
Huangshan Kaichi Technology Co.,Ltd , https://www.kaichitech.com