ARM And Symantec Team Up For Open Trust Protocol IoT Security Standard

A number of companies have grouped together to develop the Open Trust Protocol (OtrP), in order to tackle the security implications posed by the increasing growth of the Internet of Things (IoT).

Those involved include British chip designer ARM, security firm Symantec, as well as
digital identity specialist Intercede, and telecom and mobile security specialist Solacia.

Other firms such Sprint, Beanpod, Sequitur Labs, Thundersoft, Trustkernel and Verimatrix are also involved.

Open Protocol

The Open Trust Protocol (OtrP) is an open interoperable standard that allows for the root installation, updating, and deletion of applications in a trusted environment.

Essentially it seeks to establish a system-level root of trust for device makers.

It uses a secure architecture “with trusted code management, using technologies proven in large scale banking and sensitive data applications on mass-market devices such as smartphones and tablets,” said the firms in a statement.

The idea is that IoT providers will be able to incorporate the protocol into their IoT devices, so that the devices are protected without having to provide full access to the underlying operating system. The development of the protocol comes amid growing awareness of the security challenges of connecting billions of devices across multiple sectors

“In an internet-connected world, it is imperative to establish trust between all devices and service providers,” said Marc Canel, vice president of security systems, ARM. “Operators need to trust devices their systems interact with and OTrP achieves this in a simple way. It brings e-commerce trust architectures together with a high-level protocol that can be easily integrated with any existing platform.”

The protocol is available for download from the IETF website for prototyping and testing.

“With new technologies come increased security risks,” added Brian Witten, senior director, Internet of Things (IoT) security at Symantec. “The Internet of Things and smart mobile technologies are moving into a range of diverse applications and it is important to create an open protocol to ease and accelerate adoption of hardware-backed security that is designed to protect on board encryption-keys.”

IoT Security

Only last month the security threat posed by IoT was starkly illustrated when researchers at security firm Sucuri uncovered an unusual botnet made up entirely of Internet-connected CCTV cameras.

That incident recalled a similar case last autumn in which a computer security firm found a botnet made up of 900 CCTV cameras was launching an attack on an unnamed cloud services provider. But in this case the attack network was much larger, launching malicious data from more than 25,000 unique Internet addresses.

Meanwhile a study last year found that up to 68 percent of IT professionals believe business efficiency requirements are forcing their organisations to adopt IoT devices in spite of the security risks.

Think you know all about Internet of Things? Try our quiz!