If you’re an Internet of Things (IoT) designer, you’re probably often challenged to do more with less when it comes to security, constantly looking for new ways to protect your products against an ever-growing list of threats with lean system resources and perhaps limited experience.
Knowing that these struggles are very real, in this post I’ll outline a few top IoT security risks and common misconceptions on how to address them. I will also provide an overview of how new SimpleLink™ Wi-Fi® products give you more tools to help address security challenges through a novel architecture and rich set of integrated security features.
Any device that connects to the internet may be vulnerable to local or remote attacks. Attackers can target almost any connected device to try and steal manufacturer intellectual property stored in the system, gain access to user data, or even maliciously manipulate the system to compromise users or attack third parties online.
As demonstrated by the major distributed denial of service (DDoS) attack late last year, labeled by experts as the largest of its kind in history, even seemingly harmless products such as home digital video recorders (DVRs) can be maliciously infected and used as “botnets” to halt operations for third-party entities. The attack last year affected services such as Twitter and PayPal, but similar attacks could potentially target large smart infrastructure technologies such as electric grid systems. According to a 2016 study conducted by Kapersky Lab, a single DDoS attack can cost an organization more than $1.6 million to resolve.
Recognizing these threats, TI’s SimpleLink™ Wi-Fi® CC3220 wireless microcontroller (MCU) integrates a host of powerful, multilayered and hardware-based security features to provide you with powerful tools to help protect products from attacks such as local or remote packet sniffing, man-in-the-middle (MITM) server emulation, hostile takeovers via over-the-air updates, remote file manipulation, data and software theft, intellectual property (IP) cloning, and many more. Watch the below video to learn more about these tools:
Having strong Wi-Fi (Advanced Encryption Standard [AES]/Wired Equivalent Privacy [WEP]) and internet-level (Transport Layer Security [TLS]/Secure Sockets Layer [SSL]) encryption is critical to help prevent local and remote network-packet sniffing, respectively. But these measures alone may not be enough to fend off hostile takeover attempts or provide full protection against theft of IP, code, data, keys and identity information stored and used in a connected system. Figure 1 illustrates these measures in action.
The CC3220 device actually integrates more than 25 additional security features to help provide tools that address potential threats from the larger end-to-end IoT landscape. Figure 2 portrays many of these features.
While increasingly lean IoT system resources often present design challenges, you can still strive to target more robust security in MCU-based, bill of materials (BOM)-optimized systems. The first steps are to identify which system assets are at risk, where the potential exposure points exist and what threats you anticipate will put the system at risk. From there, you work to choose components that offer a wide range of integrated hardware-based security features, while offloading the host MCU.
The CC3220 wireless MCU sets out to give you these tools. The unique dual-core architecture (illustrated in Figure 3) runs both the host application and the network processing on a single chip to simplify the design. However, running these operations on two physically separate execution environments enables the chip to:
For more information about the CC3220 device, be sure to check out the product page and the broader SimpleLink Wi-Fi security documentation, including the full security application note, “SimpleLink CC3120, CC3220 Wi-Fi Internet-on-a-Chip Solution Built-In Security Features.”
All content and materials on this site are provided "as is". TI and its respective suppliers and providers of content make no representations about the suitability of these materials for any purpose and disclaim all warranties and conditions with regard to these materials, including but not limited to all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement of any third party intellectual property right. No license, either express or implied, by estoppel or otherwise, is granted by TI. Use of the information on this site may require a license from a third party, or a license from TI.
TI is a global semiconductor design and manufacturing company. Innovate with 100,000+ analog ICs andembedded processors, along with software, tools and the industry’s largest sales/support staff.