资 源 简 介
用安全硬件保护物联网
物联网(物联网)需要得到保护,以防止各种形式的滥用。这些不仅包括熟悉的威胁,如金融欺诈和知识产权盗窃,而且破坏有形资产。许多的数十亿连接设备将加入物联网在未来几年会像交通信号或街道照明系统相关的工业控制,像发电的重要过程的安全机制、智能电网管理、家庭能源和安全,或连接车。攻击者可以尝试禁用或接管这样的设备,可能要引起广泛的破坏和不便,或造成尴尬的攻击特定的个人或组织,声誉损失甚至人身伤害。这样的攻击可以简单地用于娱乐,个人原因,商业利益,或出于政治目的和/或恐怖主义。
Security threats to IoT devices
IoT devices are designed to operate autonomously. Many are left unattended for long periods, and someTImes for their enTIre operaTIonal lifeTIme. Network connectivity leaves the devices vulnerable to remote attacks that can be launched quickly from almost any geographical location without having to overcome physical barriers such as a fence, a locked enclosure or a security guard. An attack can be directed towards the device itself, or to use it as a means to gain access to other assets connected to the same network, such as data storage containing account-holder information or intellectual property.
On the other hand, IoT endpoints are often required to be simple, low-cost, low-power devices, designed to accomplish their intended task using minimal resources. As such, the processing power and energy needed to implement sophisticated security is not available. Unlike the case with a machine such as a desktop computer, no human is routinely present to enter credentials such as a username and password as authentication allowing the device to start up and establish connections. However, the device must be able to resist various types of attacks, and to authenticate itself and present its credentials autonomously to other devices on the network.
