The lack of a cohesive cybersecurity standard around the Internet of Things and connected devices could result in highly-damaging security breaches that could compromise any industrial, corporate, or home network.
Now companies including ARM, Intercede, Solacia, and Symantec have developed the Open Trust Protocol (OTrP), designed to provide secure architecture and code management to protect connected devices. The architecture uses technologies deployed in banking and for handling sensitive data on smartphones and tablets.
"In an internet-connected world, it is imperative to establish trust between all devices and service providers," said Marc Canel, vice president of security systems, ARM. "Operators need to trust devices their systems interact with and OTrP achieves this in a simple way. It brings e-commerce trust architectures together with a high-level protocol that can be easily integrated with any existing platform."
OTrP is a high-level management protocol that works with security products, such as ARM's TrustZone-based Trusted Execution Environments, which are designed to protect mobile computing devices from malicious attack. OTrP can be used with public key infrastructure-based systems to allow service providers, app developers, and hardware maker to use their own keys to authenticate and manage trusted software and assets. The group said OTrP can be easily added to existing Trusted Execution Environments or to microcontroller-based platforms capable of RSA cryptography.
The group of companies hope that the protocol paves the way for an open standard to enable to management of trusted software without the need for a centralised database - much like established method of security architecture in e-commerce.
With new technologies come increased security risks," said Brian Witten, Senior Director, Internet of Things Security, Symantec. "The Internet of Things and smart mobile technologies are moving into a range of diverse applications and it is important to create an open protocol to ease and accelerate adoption of hardware-backed security that is designed to protect on board encryption-keys."
The full group of companies who've worked together on OTrP consists of Intercede, Solacia, Symantec, Beanpod, Sequitur Labs, Sprint, Thundersoft, Trustkernel, Verimatrix and ARM.