IoT-related systems are gaining popularity but it is hard to deny that connected devices are at risk without security sensitive software that can be managed according to an e-commerce standard.
Security challenges are defined by leading technology experts while such companies as ARM, Intercede, Solacia and Symantec took the matter into their own hands and collaborated on the Open Trust Protocol (OTrP). The partners aimed to use reliable technologies proven in large scale banking and sensitive data applications on mass-market devices such as smartphones and tablets to combine a secure architecture with trusted code management.
“In an internet-connected world, it is imperative to establish trust between all devices and service providers,” said Marc Canel, vice president of security systems, ARM. “Operators need to trust devices their systems interact with and OTrP achieves this in a simple way. It brings e-commerce trust architectures together with a high-level protocol that can be easily integrated with any existing platform.”
The OTrP Joint Stakeholder Agreement also includes Beanpod, Sequitur Labs, Sprint, Thundersoft, Trustkernel and Verimatrix.
Symantec underlines the importance of enhanced security and reminds that one million internet attacks were carried out every day during 2015. Connected devices only contribute to a problem by expanding the attack surface. The analyst firm Gartner says the focus on security is number one task while creating any connected product.
BusinessWire reveals more details about a newly-developed Open Trust Protocol already available for prototyping and testing on the IETF website. It is a high level management protocol that works with security solutions such as ARM® TrustZone®-based Trusted Execution Environments developed to prevent malicious attacks on mobile computing devices.
“Posting OTrP as an IETF informational for public review is an important step in providing universal digital trust from silicon to services for mobile and IoT connected devices, said Richard Parris, CEO of digital trust specialists, Intercede. “It provides network operators and app developers the control they need over their selection of hardware security module and cryptographic key provider for reasons of interoperability, policy and cost while maintaining a common management platform across mixed fleets of devices.”
“With new technologies come increased security risks,” said Brian Witten, Senior Director, Internet of Things (IoT) Security, Symantec. “The Internet of Things and smart mobile technologies are moving into a range of diverse applications and it is important to create an open protocol to ease and accelerate adoption of hardware-backed security that is designed to protect on board encryption-keys.”
The Open Trust Protocol takes one step close to an open interoperable standard that will allow to manage trusted software without the need for a centralized database by reusing the established security architecture of e-commerce.