WHAT SECURITY & TESTING DO YOU NEED FOR YOUR IOT DEVICE?
What Kind of Security and Testing required? ■ If you’re creating an Internet of Things device or application, there are top five things to keep in mind during security testing: – Security ■
1. ENCRYPTION
■
2. AUTHENTICATION
■
3. PROTECTION FROM SIDE-CHANNEL ATTACKS
– Testing ■
1. RANGE
■
2. CAPACITY & LATENCY
■
3. TESTING FOR MANUFACTURABILITY
■
4. APPLICATION-SPECIFIC TESTING
■
5. FCC & ETSI/CE COMPLIANCE TESTING
Security 1. Encryption ■ There are two different approaches: – Where the data lives online. – How the data gets to the internet. ■ The standard practice is to use SSL, which you should use everywhere your data exists. ■ On the wireless protocol side, you need to be sure the protocol you’re using has built-in encryption.
Security 2. Authentication ■ If your data is encrypted, then be sure your device is talking only to you and that only you can talk to your device. ■ A consequence of neglecting authentication is that anyone can make up information and send it to you. ■ You’d have no way to verify that it isn’t real.
Security 3. Protection from Side-Channel Attacks ■ Even with encryption and authentication, there are still other ways to gain illicit access to your system. ■ Side channel attacks have less to do with the information itself and more with how the information is presented. ■ The location itself may be encrypted, but the fact that you’re sending a notification can tip someone off and allow for them to gain access.
Testing 1. Range ■ Keep in mind that the network you’re thinking about will fit your application’s range needs. ■ A potential customer can purchase development kit, setup a gateway, and take network tester out for a spin. ■ In a mesh network, adding more repeaters lessens the capacity you have in your system— and eventually you’ll get to a breaking point.
Testing 2. Capacity & Latency ■ Most people want to push the limits of capacity and latency . ■ To increase the capacity of a network, by definition, you’re increasing the latency. ■ If you want to bring your latency down, you’re going to affect the capacity of the network negatively.
Testing 3. Testing for Manufacturability ■ When a wireless module rolls off the assembly line, each one goes into a fixture that tests the power output, receiver sensitivity, and frequency accuracy. ■ To manufacture this type of product, there are a few components you’d have to keep in mind. – You’d need the radio. – You’d put the radio down on your own carrier board, which is usually your own design, with a host device.
Testing 4. Application-Specific Testing ■ If you are going to build a military-specific application, you’ll want to understand all of the specs beforehand and verify that the components you’re adding to your device meet those specs.
Testing 5. FCC & ETSI/CE Compliance Testing ■ Once your end device is complete, you’ll have to go through FCC (in the U.S.) or ETSI/CE (in Europe) certification. In the U.S. ■ You could buy a module with a pre-approved certification and put it into your end device, which allows it operate in the 900-928 MHz ISM band.
Looking for Security and Testing Solution for IoT Device, Contact Us ■ https://www.consagous.com/internet-of-things/ ■ https://www.consagous.com ■ info@consagous.com