Everyone knows that security is critical for IoT devices but how much is needed for various types of devices? Obviously control systems in a nuclear reactor need a higher level of security than that in a home toaster. But how does an engineer decide?
Icon Labs has worked with numerous customers, industry experts and analysts to develop guidelines to make this security design decision a little simpler. The four classes of devices in this whitepaper range from small, Class 1 (8 and 16 bit MCUs) devices that have very little room for additional security protocols to complex Class 4 devices running on embedded Linux, Android, or a full-featured RTOS supporting multiple networking protocols.
“Determining the details of security capabilities and features to be implemented for a given device depends upon the available memory, processing power of the core(s), interfaces, attack vectors, threat analysis, and ultimately, business trade-offs,” according to Icon Labs’ President and Co-Founder Alan Grau. “Companies need to have a consistent approach to security no matter the class of device. Using this framework allows a view of security that is rational and easily implemented.”
“Providing adequate security for Internet connected devices is extremely important,” says Steve Hoffenberg, director and industry analyst with VDC Research. “Many organisations deciding to build new connected devices can benefit from insights provided by experienced industry participants to improve upon the security capabilities of their existing products and technologies.”