So microchip technology and amazon.com have associated to create an add-on chip that is designed to make it easier to combat certain sorts of attack and of course, encourage the developers to utilize the cloud-based infrastructure from Amazon for the Internet of Things.
For instance, a smart light bulb may upload its state to a cloud based service operated by the light bulb maker, and that data would update the light bulb owner’s smartphone app the next time the app is opened. The owner could then utilize the app to alter the light bulb on or off as desired, sending the command through the cloud service.
The issue here is that this chain from device to owner and back again showcases a potential opening for spoofing attacks. It an attacker successfully fools the cloud service into believing that a fake stream of data is coming from the light bulb, then the owner could be fed false data, and the attacker may be able to exploit the entry point into the cloud service for even deeper attacks.
If the light bulb is able to fool into believing a false connection is coming from the cloud then the attacker not just has regulation of whether or not the light bulb is on or off but could also plant hostile malware within the owner’s network.
And unfortunately, IOT gadget manufacturers have been slow to address the issue, primarily, ‘because they are always highly sensitive about the cost of supplementing better security,” confirms Microchip engineer Eustace Asanghanwa. “And it is particularly true of manufacturers of items who do not see their items as crucial. For instance, if they are just making a light bulb it is not a crucial component.
If it fails, nobody is going to be troubled, but the reality is that if once the device is linked, it is not just the value of the gadget anymore that is at stake, but it is the value of what the device is linked to,” says Asanghanwa.
The AWS-ECC508 is planned end-to-end safety between the IOT device and the infrastructure of the cloud. It does this by introducing Amazon’s mutual authentication system that verifies the identity of the cloud service and the device before any information or commands are accepted. These identities are based on the cryptographic keys. Till now, planning such cryptographic identities depend on the original manufacturer.
Filed Under: News