Filter results by
How Samsung ARTIK approaches security
Security Challenges of IoT devices
IoT devices face three primary security challenges:
- Securely exchanging data with the cloud and other devices
- Executing software and getting updates only from authorized sources
- Securing data and software locally on the device
Securing communication with cloud and other devices
A typical IoT application will have IoT devices which will communicate to the Cloud through IoT gateways.
ARTIK devices communicate with ARTIK gateways using common IoT protocols such as Wi-Fi, Bluetooth Smart , ZigBee and Thread. These are open standards that have built in link layer security. ARTIK leverages this to secure device to gateway communication. In addition ARTIK also provides application level security by adding datagram transport level security (DTLS) when link layer security is not sufficient.
The gateways talk to the cloud using application layer security such as HTTPs (the same one that you see on your browser when you load secure pages). These protocols use certificates to exchange identity and authenticate themselves to the other party. Each ARTIK modules has a unique certificate loaded into it at manufacturing which it uses to establish its identity to the cloud. ARTIK modules also load their certificate in specialized hardware which makes it resistant to software hacking.
Also, most ARTIK modules give you an added advantage when communicating with ARTIK Cloud – since their built-in certificates are based on the same root of trust as ARTIK Cloud, they can authenticate each other. Not only can the ARTIK Cloud authenticate the ARTIK modules, ARTIK modules can authenticate the ARTIK Cloud, so the module can be sure it’s talking to the correct cloud!
Executing software and getting updates only from authorized sources
IoT applications are different from traditional devices as the IoT standards are still maturing. Devices need to have the ability to update their software as standards change or new features are added. The need to update software opens IoT devices to the risk that they may have their software replaced by malware if they accept software from unverified sources.
ARTIK modules have capability of secure boot: they run only software from authorized sources. This capability is set in the hardware during manufacturing which means that even if a hacker has access to the software, he cannot override it. A device manufacturer can create an authorized software by “signing” it. ARTIK provides customers with infrastructure to securely store keys and securely sign their software. This applies both to the software they load in their factory as well as any updates they send to devices in the field.
Securing data and software locally on the device
Some IoT applications need to secure sensitive data locally on the module. ARTIK provides a Secure OS as well as secure software to securely store data on the devices. ARTIK also provides software interface to enable many of the common security operations.
Where to go next…