IoT and the Trusted Execution Environment

Editor’s note: In this guest blog about IoT security, our partner Trustonic delves into specific use cases for its Trusted Execution Environment, which comes bundled with ARTIK.

By now you’re aware that security is a big issue in IoT, and rightly so. (If this is the first time you’ve heard about this, see our previous post on the importance of keeping your IoT products secure!) This week, we’d like to share some example use cases for our Trusted Execution Environment (TEE) technology that we’ve built to address security threats in smart homes and devices. Because our TEE is bundled with every ARTIK module, you can rest assured that best-in-class security will keep your data safe. Let’s get a sense of where and when you might want to use that power.

Privacy-protecting gateway

Medical sensors connect to your gateway, and most likely you’d want the data to go to your doctor. But there may be a time when you want to temporarily grant access to another for a second opinion. Or you’re altruistic and want to contribute to medical science by sharing anonymized data. The sensor data may be the same, but its uses are dependent on relationships with services, and the only method for protecting the data streams is through strong identity management. The TEE can isolate keys and services from each other – making sure the right data only goes to the right place.

Privacy-preserving home monitoring

Webcams are useful to see what’s going on at home when you’re out, but the last thing you want is someone intercepting the video streams, particularly when you are at home. There are times when it’s useful for a third party to keep watch, for example, when an alarm is activated and your home is unoccupied. Through trusted key management, you can wrap policy around when video streams can be decrypted – think of it as Digital Rights Management for the content you create. The TEE is trusted by film studios to protect blockbuster films; it’s perfect for protecting your privacy!

Smart door entry system

Key management enters the digital age, when you can leave and enter home without physical keys or devices, grant temporary access to guests, and keep unauthorized people out. A front-door camera with a microphone, a smart hub, and wireless lock working together is all that’s needed. Registered user profiles would be stored on the home hub identity server, and face recognition with voiceprint authentication can be performed in the hub to automatically grant authorization to a smart lock. Unregistered users can request access through the smart hub message sent to a registered user’s handset. The TEE can protect identity, authentication, and authorization services on the hub.

These are just a few examples of the potential applications of TEE, and there are many more. When you have trust in a device, it makes it easier to move functions to the edge of the network – this can bring improved availability and resilience when the internet is unreachable. Let’s remember that internet outages still happen – how will your IoT cope? And is your social media team ready for the internet outrage when it does? It may not be your fault, but damage to the trust in your brand may already be done.

With this in mind, let’s remember to build security from the ground-up, and not as an afterthought. Here’s to a safer IoT.