ARM and Symantec create open security protocol for IoT devices

ARM and Symantec create open security protocol for IoT devices

With the number of connected devices constantly growing, security challenges are becoming more complex and hackers see IoT data as lucrative.

Despite the threats, there’s been a lack of standards for tackling these risks – up until now. A number of tech companies, including ARM and Symantec, have teamed up to create an open trust IoT protocol.

Other firms working on the protocol include Intercede, Solacia, Symantec, Beanpod, Sequitur Labs, Sprint, Thundersoft, Trustkernel, Verimatrix and ARM.

Open for all

Developed as an open architecture, its aim is to create a level of trust for device makers. IoT companies and developers can use it for root installation, updating and deleting applications.

The management protocol has been designed for use with security software to protect connected devices and apps from malicious attacks and threats. It’s available for testing and prototyping.

Related: Internet of Things security spending to reach $348 million in 2016

Working with security products

It can work with a variety of security products and services that protect mobile devices from attacks, including ARM’s TrustZone-based Trusted Execution Environments package.

Because it’s an open architecture, vendors, developers and hardware makers can set their own keys to manage different software and technologies. It’ll also work with existing trusted execution environments and platforms.

In a joint statement, the firms explained that the secure protocol also uses “trusted code management, using technologies proven in large scale banking and sensitive data applications on mass-market devices such as smartphones and tablets”.

They envisage IoT providers building devices based on the protocol so they’re always protected and threats are kept at the very minimum. Full access to device operating systems will only be provided to trusted sources.

Trust is imperative

Marc Canel, vice president of security systems at ARM, said: “In an internet-connected world, it is imperative to establish trust between all devices and service providers. Operators need to trust devices their systems interact with and OTrP achieves this in a simple way.

“It brings e-commerce trust architectures together with a high-level protocol that can be easily integrated with any existing platform.”

Risks are increasing with IoT

Brian Witten, senior director of Internet of Things security at Symantec, added: “With new technologies come increased security risks. The Internet of Things and smart mobile technologies are moving into a range of diverse applications.

“It is important to create an open protocol to ease and accelerate adoption of hardware-backed security that is designed to protect on board encryption-keys.”

Related: Security top concern for Internet of Things developers