With the increasing demand for IoT (Internet of Things) devices and services, network protection, security, and privacy become even more relevant to end-users and manufactures. While existing technologies like IEEE 802.15.4 provide certain security measures, still some functionality and features are missing – at least in the IEEE standardization. A flexible and reliable KMP (key Management Protocol) is required for security configuration of IoT devices and networks.

What is addressed

acticom has developed a security and authentication framework for IEEE networks since 2001, deployed for WiFi devices and chipsets, and is developing required modules for the application of a KMP to IoT based on IEEE 802.15.4, like Zigbee.
Recently, new security flaws in the design of ZigBee have been discovered (http://cognosec.com/zigbee_exploited_8F_Ca9.pdf), mainly caused by preconfigured / default keys and thus a secure and strong adaptation of proven KMP and configuration policies is required.

Software Protocol Stack Modules

With the acticom protocol stack software modules for authentication, authorization, key-management, and encryption configuration, IoT devices and networks benefit from proven and reliable mechanisms in wireless telecommunication networks.
Adoption and use of IoT devices requires trust at the end-users side: Strong authentication and authorization schemes, along with strong encryption are mandatory. The OWASP top 10 for IoT lists transport security, authentication, and authorization as key parameters. From a technical perspective, mutual authentication and authorization of network and devices are not less important: Unknown devices must be prevented from joining an IoT network before authentication; and vice versa, an iOT network shall not trust any IoT device and allow access to network and services.

Conclusion

While solutions for IoT offer and address security in the application layer, addressed by SSL encrypted transport, web interfaces, and application passwords, acticom addresses the lower layer security aspects for IoT chips, devices, protocol stacks and thus the iOT networks.