Guaranteeing the authenticity of your IoT device software

Device protection and trusted code execution must be at the heart of a truly secure IoT solution. The Samsung ARTIK™ IoT platform’s key management system, code signing features, and hardware secure boot features defend connected devices by verifying software before installing and running it.

Cryptographic key management system (KMS): the first link in the Samsung ARTIK software trust chain

ARTIK code signing security relies on public-private key pairs. And public-private key security is only effective if the private key stays private. It must be kept safe and protected by business practices that store and control access to the private key. One major challenge for IoT solution providers is that hackers have access to secondary markets for stolen code-signing keys.

The ARTIK key management system provides customers and partners a secure, integrated code signing Web portal and private key management service. In parallel, the code verification key is securely installed within each ARTIK IoT system-on-module (SoM) to provide a hardware-based root of trust for the device’s secure boot processes.

Code signing

Code signing involves digitally signing executables and scripts using a cryptographic hash. Digital signatures, which are a standard element of most cryptographic protocols, are used to confirm that device software comes from a legitimate and intended source. In addition to verifying the software author, a digital signature can also assure that the code has not been altered or corrupted since it was signed.

Secure Boot

The ability to trust the software running on a hardware platform is one of the most fundamental principles of IoT security. Many attacks on connected devices and systems rely on the attackers’ ability to replace or modify software on the targeted platform. Developers need to sign their software to ensure authenticity and permit code execution on target devices.

artik device protection
Protecting device firmware and software against code manipulation with secure code signing and digital certificates from trusted certificate authorities

On Samsung ARTIK SoMs, the secure boot verification process starts when the system is brought up from a cold boot. A secure boot process consists of several bootloader stages. The first code executed by an ARTIK SoM when it’s powered on is stored in ROM. This assures device integrity and prevents hackers from injecting malware. Subsequent software loading stages are verified sequentially using cryptographic checks. Because each software stages calls the next one, a software secure boot stops automatically if any stage can’t be verified.

Protecting your IoT devices is just part of the integrated, edge-to-cloud security provided by the Samsung ARTIK IoT platform. Learn more about how ARTIK brings strong security to IoT.