Cover Image


Encrypting Data for Connected Systems

出版商 VDC Research Group, Inc. 商品編碼 315704
出版日期 內容資訊 英文 29 Exhibits
商品交期: 最快1-2個工作天內
Back to Top
連網型系統的加密資料 Encrypting Data for Connected Systems
出版日期: 2014年10月02日 內容資訊: 英文 29 Exhibits

加密是內建式設備用資料安全的必需要素。加密能用於資料保存及通訊雙方。許多內建式設備需要符合FIPS 140-2法規必要條件的加密。加密雖可於軟體或專用硬體設備雙方執行,不過一般在軟體執行。




  • 加密硬體設備vs.sofutoweea
  • FIPS 140-2規格
    • 圖表:近幾年的內建式計劃的FIPS 140-2必要條件
  • 保存資料的加密
    • 圖表:保存資料加密的利用仍為內建式程式的少數派
    • 圖表:保存資料加密所採用的加密算法
    • 圖表:保存資料加密在應用層級中最常執行
  • 實行資料的加密
    • 圖表:實行資料的加密的利用
    • 圖表:SSL仍為執行資料保護時最常見的通訊協定




This report discusses and analyzes methods used to encrypt data for connected systems in the Internet of Things. It also discusses key strategic issues, trends, and other factors impacting the market for encryption solutions. Market analysis and critical considerations are offered across technology types, product categories, and industry sectors. The report integrates selected findings from VDC's recent Authentication & Encryption survey of OEM embedded device engineers. (Full survey data is provided as a separate Excel spreadsheet.)

What questions are addressed

  • How are digital signatures and encryption keys used to protect data stored on and transmitted by connected devices
  • What is driving the need for encryption technologies for connected devices
  • How are vendors incorporating the IPsec protocol within different types of encryption solutions What are the other leading cryptography protocols used to encrypt data
  • What are the unique encryption requirements inherent in hyper-sensitive networks such as those used by governments, hospitals, and financial institutions
  • Who are the leading vendors of encryption technologies, and how are they positioned relative to each other

Executive Summary

Encryption is an essential element of data security for embedded devices. It can be used for both data storage (data-at-rest) and data communications (data-in-motion). Many embedded devices require encryption to meet FIPS 140-2 regulatory requirements. The encryption process includes generation and storage of keys used to encrypt and decrypt the data, complicating embedded system design and communications to ensure that the keys remain secure. Encryption can be performed either in software or in dedicated hardware, but software implementations are more common. A variety of protocols are available to secure data communications over insecure channels.

[Data available in full report.]

Key Findings

  • Nearly one-third of embedded projects require FIPS 140-2 compliance.
  • Slightly more than one-third of embedded projects use encryption of data-at-rest, and a similar portion use encryption of data-in-motion.
  • About two-fifths of embedded devices that use encryption employ cryptographic hardware.
  • AES and 3DES are the most common symmetric encryption algorithms for data-at-rest in embedded devices.
  • SSL is still the most common protocol for securing data-in-motion.

Encrypting: An Essential Element of Data Security

Eccrypted data is only as secure as the degree to which its keys are protected

Many factors contribute to the security of data in connected systems, but encryption is the most essential. Encryption is the process by which data is encoded such that, ideally, it can only be decoded and read by devices, systems, or people that are properly authorized to access it. The processes of authentication and authorization control which people or systems have permission to access the data, but without encryption, the data would readable by any system or person who manages to gain (authorized or unauthorized) access to it. And authentication, confirming the identity of a person or system seeking access, itself involves sophisticated encryption. Authentication is addressed separately in the preceding report, Authenticating Connected Systems, Topic 5 of this series.)

In practice, achieving full data protection-even with encryption-is a challenge for devices and systems connected to the Internet. Encryption is only as strong as the algorithms used in its encoding and decoding, and hackers have at their disposal enormous amounts of computing power as well as considerable patience. Encryption properly implemented using today's best practices is beyond the ability of brute-force methods to decrypt using today's computing technology, despite the propensity of popular movie and TV shows to portray data encryption cracking as trivial. (Cracking of usernames and passwords is a separate matter.) But computing technology is always improving, and the revolutionary prospect of quantum computing years from now could weaken or crack most of today's top encryption algorithms. More importantly, encryption relies on keys (lengthy strings of random or pseudo-random characters) that may be generated by insufficiently random techniques or may be misappropriated through theft. Encrypted data is only as secure as the degree to which its keys are protected. In systems where data security is critical, encryption keys can be generated in dedicated secure processors (e.g. hardware security modules) and/or stored in protected memory spaces only accessible by pre-defined (whitelisted) applications.

The details of various encryption algorithms are beyond the scope of this market report, but we'll highlight some findings related to choice of encryption algorithms from VDC's recent survey of 200 engineers at embedded device OEMs.

IoT embedded devices are most often thought of as sensors that collect or generate data to be encrypted. However, several classes of IoT devices, such as gaming systems and streaming video set top boxes, primarily decrypt content that has been encrypted elsewhere. In those cases, the content itself is of high value but not unique to an individual device.

Two general uses for encryption are common in IoT embedded devices and systems: encryption of stored data (data-at-rest); and encryption of data during communications (data-in-motion). A third use for encryption is also possible: encryption of data-in-use. Intuitively, data needs to be decrypted to be used, but various technologies and algorithms in development, such as homomorphic encryption, allow limited functions to be performed on data while it remains encrypted. Although encryption of data-in-use is currently rare, it is likely to become less rare in the future.

Exhibit 1:
Requirement for FIPS 140-2 in Recent Embedded Projects

Table of Contents

Executive Summary

  • Key Findings

Encryption: An Essential Element of Data Security

  • Encryption Hardware vs. Software
  • FIPS 140-2 Standard
    • Exhibit 1: Requirement for FIPS 140-2 in Recent Embedded Projects
  • Encryption of Data-at-Rest
    • Exhibit 2: Use of Encryption of Data-at-Rest Still Only in the Minority of Embedded Projects
    • Exhibit 3: Cryptographic Algorithms Used for Encryption of Data-at-Rest
    • Exhibit 4: Encryption of Data-at-Rest Most Commonly Implemented in the Application Level
  • Encryption of Data-in-Motion
    • Exhibit 5: Use of Encryption of Data-in-Motion
    • Exhibit 6: SSL Still Most Popular Protocol for Securing Data-in-Motion

Ideas & Insights

Back to Top