资 源 简 介
关键安全是物联网应用安全的基础
物联网设备是一种非常脆弱的目标不好的演员因为物理安全–最安全的政策–关键一般是不可能实现的物联网应用。由于工程师们希望锁定物联网设计,安全机制,如加密和身份验证通常得到的关注。然而,没有强大的密钥安全,即使是最全面的安全策略可能会成为妥协。使用设计技术和专用集成电路的安全密钥管理相结合,设计人员可以建立更大的安全为物联网应用程序的基础。
物联网设备甚至缺乏可疑的保护,得到传统的互联网应用。虽然基于Web的应用程序的资产可以依赖于与生产数据中心相关的物理安全的一些措施,物联网应用程序依赖于大量的物理设备的分散,往往在易访问的,未受保护的位置。因此,坏演员可以轻松地获得这些设备和工作在他们的休闲。
In fact, successful attacks on convenTIonal connected applicaTIons are less likely to come from direct penetraTIon and more likely to arise from social hacking or zero-day exploits such as Heartbleed. In contrast, IoT devices are less exposed to social-based exploits than tradiTIonal Web-based applications, but their physical exposure offers opportunities for more direct attacks.
Silicon manufacturers can protect devices from sophisticated attacks such as differential power analysis. In addition, manufacturers can implement hardware-based security measures that make the cost in time and resources of successful penetration outweigh the likely benefit. For the IoT, a greater threat vector lies in breakdowns in protection of cryptography keys arising from storing keys in unsecured memory, transferring key values across easily accessible hardware interfaces, or even deriving key values created using “random” number generators with predictable patterns.
