IoT-Security and Product Piracy: Smart Key Management versus Secure Hardware

Christian Zenger, Mario Pietersz

embedded world 2018, Nuremberg, Germany, February 27th - March 1st, 2018


Abstract

The today’s fear to lose against competitors, manufacturers of physical products are urgently searching for solution to “smartify” their products, to establish new digital business models, and to offer new services. To them, digitalization means mainly the establishment of (Internet-) connectivity between their products and some digital service platform. However, many business models build on top of digitalization might lose its competitive advantage for the manufacturer if the data are not secured (available, authentic, confidential, and integer). We present a detailed overview what is arguably the most difficult part in the majority of security systems, namely device authentication and key establishment. We help answering a major question of decision makers: Which key establishment method and which (security) hardware solution reduces product piracy risk as well as cyber security risks sufficiently, is capable to start today with small charges and end up with a flexible longterm capable serial production, as well as provides a good cost-benefit ratio for new IoT products? In the present paper we focus on details to find an individual answer, while potential lock-in effects of suppliers and platform providers are out of scope.

tags: ad-hoc provisioning, key management, product piracy, supply chain