Encrypting Data for Connected Systems
|出版商||VDC Research Group, Inc.||商品編碼||315704|
|出版日期||內容資訊||英文 29 Exhibits
This report discusses and analyzes methods used to encrypt data for connected systems in the Internet of Things. It also discusses key strategic issues, trends, and other factors impacting the market for encryption solutions. Market analysis and critical considerations are offered across technology types, product categories, and industry sectors. The report integrates selected findings from VDC's recent Authentication & Encryption survey of OEM embedded device engineers. (Full survey data is provided as a separate Excel spreadsheet.)
Encryption is an essential element of data security for embedded devices. It can be used for both data storage (data-at-rest) and data communications (data-in-motion). Many embedded devices require encryption to meet FIPS 140-2 regulatory requirements. The encryption process includes generation and storage of keys used to encrypt and decrypt the data, complicating embedded system design and communications to ensure that the keys remain secure. Encryption can be performed either in software or in dedicated hardware, but software implementations are more common. A variety of protocols are available to secure data communications over insecure channels.
[Data available in full report.]
Many factors contribute to the security of data in connected systems, but encryption is the most essential. Encryption is the process by which data is encoded such that, ideally, it can only be decoded and read by devices, systems, or people that are properly authorized to access it. The processes of authentication and authorization control which people or systems have permission to access the data, but without encryption, the data would readable by any system or person who manages to gain (authorized or unauthorized) access to it. And authentication, confirming the identity of a person or system seeking access, itself involves sophisticated encryption. Authentication is addressed separately in the preceding report, Authenticating Connected Systems, Topic 5 of this series.)
In practice, achieving full data protection-even with encryption-is a challenge for devices and systems connected to the Internet. Encryption is only as strong as the algorithms used in its encoding and decoding, and hackers have at their disposal enormous amounts of computing power as well as considerable patience. Encryption properly implemented using today's best practices is beyond the ability of brute-force methods to decrypt using today's computing technology, despite the propensity of popular movie and TV shows to portray data encryption cracking as trivial. (Cracking of usernames and passwords is a separate matter.) But computing technology is always improving, and the revolutionary prospect of quantum computing years from now could weaken or crack most of today's top encryption algorithms. More importantly, encryption relies on keys (lengthy strings of random or pseudo-random characters) that may be generated by insufficiently random techniques or may be misappropriated through theft. Encrypted data is only as secure as the degree to which its keys are protected. In systems where data security is critical, encryption keys can be generated in dedicated secure processors (e.g. hardware security modules) and/or stored in protected memory spaces only accessible by pre-defined (whitelisted) applications.
The details of various encryption algorithms are beyond the scope of this market report, but we'll highlight some findings related to choice of encryption algorithms from VDC's recent survey of 200 engineers at embedded device OEMs.
IoT embedded devices are most often thought of as sensors that collect or generate data to be encrypted. However, several classes of IoT devices, such as gaming systems and streaming video set top boxes, primarily decrypt content that has been encrypted elsewhere. In those cases, the content itself is of high value but not unique to an individual device.
Two general uses for encryption are common in IoT embedded devices and systems: encryption of stored data (data-at-rest); and encryption of data during communications (data-in-motion). A third use for encryption is also possible: encryption of data-in-use. Intuitively, data needs to be decrypted to be used, but various technologies and algorithms in development, such as homomorphic encryption, allow limited functions to be performed on data while it remains encrypted. Although encryption of data-in-use is currently rare, it is likely to become less rare in the future.
Requirement for FIPS 140-2 in Recent Embedded Projects