![<?echo $_SERVER['SERVER_NAME'];?>](/template/twentyseventeen/skin/images/header.jpg)
The Internet of Things has led the third information industry revolution. On the one hand, it presents the explosive development of full coverage of the industry. On the other hand, because it goes too deep into people's lives, security issues make users and manufacturers very worried, and the development of the Internet of Things is affected. Obstruction. The development of network information security has been for many years. How safe is the Internet of Things now?
The Internet of Things can be divided into the perception layer, network layer, and application layer from a large architecture. It consists of a large number of sensor devices and is interconnected through complex integrated networks such as Wi-Fi, Bluetooth, ZigBee, and 4G LTE, and finally from the cloud. The App side controls the application to provide services properly.
In the composition of the Internet of Things, the network layer contains a large number of network devices and involves various communication protocols. The computing infrastructure involves cloud computing, storage, and application scheduling. These aspects of security risks and security protection measures have experienced the Internet and mobile. After the development of the Internet, there has been a certain amount of security research. There are corresponding security architectures and numerous security products.
However, at the perception level of the Internet of things, the development of embedded systems has always been a relatively low-key and independent area. There is less integration with the Internet, and the dangers and risks of cyberspace are not touched or understood, and there are fewer security measures for development; On the other hand, because of the limitations on the hardware and software resources of the embedded system, the original Internet security measures are also difficult to directly migrate to the sensing layer.
Corresponding to the lack of security protection at the perception level, the perception layer, as an extension of the original network, becomes a new attack and risk point, and the danger of attack is increasing. How to implement safe and effective protection measures on a large number of perceptive devices, the rise of white-box password technology has received more and more attention. White-box cryptography overturns many limitations of traditional cryptography on the ability of attackers and is more in line with real-life security threats.
How to create a more secure Internet of Things and promote the rapid development of Internet of Things? Let's take a look at the five ways in which white-box password technology can change the Internet of Things:
1, greatly enhance safety
System security, data access, and information communication for IoT aware devices often require encryption protection. However, the sensing device is usually in an environment where a white box attack may occur. Traditional cryptographic algorithms cannot be safely used in a white box attack environment, and even become extremely fragile. The key becomes a single point of failure for any protection system using a cryptographic technology. In the current attack method, it is easy to obtain the password by disassembling and statically analyzing the binary file and controlling the operating environment by using CPU breakpoints, observation registers, and memory analysis. In the existing case, we have seen that in unprotected software, key extraction attacks can usually successfully extract the key code stored as a text data array within a few hours.
The white-box cryptography algorithm is a new cryptographic algorithm. The difference between it and traditional cryptographic algorithms is that it can resist attacks in a white-box attack environment. The white-box password makes the key information fully hidden and prevents snooping, thus ensuring the secure application of the original cryptosystem in the sensing device and greatly improving the security.
2, significantly reduce costs
The Internet of Things (EoC) emerged as an emerging market, giving the global downturn a transformation and breakthrough. However, the Internet of Things is more of a cost-sensitive consumer market, such as wearable devices, smart homes, health care, and smart transportation. For example, we have seen a fierce price war in the embedded Wi-Fi chip market. The price of traditional Wi-Fi solutions exceeded 40 yuan. It dropped to about 30 yuan at the beginning of 2014. In mid-2014, the price dropped to about 20 yuan, and later it retreated. Only 10 yuan up and down. It is expected that competition will further increase in 2016.
There are corresponding hardware solutions for protecting the security of the device and protecting the key security. However, in this competitive environment, the hardware solution will inevitably increase the cost burden of the manufacturer, and even lead to the neglect of security issues due to cost. White box password as a software solution, the corresponding hardware solution naturally has the advantage of low cost.
3, software-defined security
When Gartner released the ten strategic technologies and trends in 2014, it first proposed the software defined software (Software Defined Anything) as a strategic technology. This is not a concept, but an actual technological evolution.
White-box cryptography, as a software-defined security, has entered the bottom line of basic chip security. Contrasting hardware to provide security, white-box cryptography utilizes obfuscation techniques and various mathematical theories to continuously make breakthroughs and research. There is still great room for development in the future. At the same time, new types of attacks against the Internet of Things devices are emerging, and white-box passwords can be used as software. More flexible dynamic response, can integrate other security measures, update and upgrade is also more convenient and fast.
4, a more purely trusted relationship
The application of mobile payment as a financial field represents a higher level of security. Researching mobile payment security We have found that hardware SEs and TEEs are often used to preserve and execute more sensitive data and processes to ensure security. However, few people think that SE and TEE need to be managed as security components, such as the TSM platform, and the platform manager may be a third party, a chip manufacturer, a mobile phone manufacturer, etc.; and if the SDK provided by the TEE development is also often used by the Provided by the three parties; and they are shared as a security element, and above are generally running procedures of multiple financial institutions, of course, there is a security isolation mechanism. However, we still feel a lot of participants in an application, too long and complex trust relationship.
White box password applications do not require the participation of various types of providers and can be used exclusively for one application. Data and security can be better controlled by application developers. Currently, HCE cloud payment adopts a white box protection scheme. White box cryptography has built a simpler and more purely trusted relationship, both in management and technology.
5. Accelerate the development of the Internet of Things
The development of the Internet of Things is like a sci-fi movie being put on the stage. It goes beyond people's daily thinking, and in addition to constantly experiencing surprises and even learning to live. The Internet of Things covers various fields in life, such as cars, homes, medical care, finance, energy, transportation, and industrial production. In terms of technology implementation, each area involves the three-tier architecture of the Internet of Things, involving specific sensing devices, The realization of mobile APP, cloud, communication and security guarantee.
As a new security application technology, white-box passwords can be widely applied in various industrial fields and applied at various technical implementation levels. For example, HCE cloud payment, car networking, and key and sensitive data protection are implemented at the endpoint (mobile terminal, vehicle terminal) level; in cloud computing, white box passwords can be used for software on the cloud to ensure the sharing in the cloud. On the resource pool, information that the user needs to keep confidential during encryption and decryption operations is not leaked.
The Internet of Things can be divided into the perception layer, network layer, and application layer from a large architecture. It consists of a large number of sensor devices and is interconnected through complex integrated networks such as Wi-Fi, Bluetooth, ZigBee, and 4G LTE, and finally from the cloud. The App side controls the application to provide services properly.
In the composition of the Internet of Things, the network layer contains a large number of network devices and involves various communication protocols. The computing infrastructure involves cloud computing, storage, and application scheduling. These aspects of security risks and security protection measures have experienced the Internet and mobile. After the development of the Internet, there has been a certain amount of security research. There are corresponding security architectures and numerous security products.
However, at the perception level of the Internet of things, the development of embedded systems has always been a relatively low-key and independent area. There is less integration with the Internet, and the dangers and risks of cyberspace are not touched or understood, and there are fewer security measures for development; On the other hand, because of the limitations on the hardware and software resources of the embedded system, the original Internet security measures are also difficult to directly migrate to the sensing layer.
Corresponding to the lack of security protection at the perception level, the perception layer, as an extension of the original network, becomes a new attack and risk point, and the danger of attack is increasing. How to implement safe and effective protection measures on a large number of perceptive devices, the rise of white-box password technology has received more and more attention. White-box cryptography overturns many limitations of traditional cryptography on the ability of attackers and is more in line with real-life security threats.
How to create a more secure Internet of Things and promote the rapid development of Internet of Things? Let's take a look at the five ways in which white-box password technology can change the Internet of Things:
1, greatly enhance safety
System security, data access, and information communication for IoT aware devices often require encryption protection. However, the sensing device is usually in an environment where a white box attack may occur. Traditional cryptographic algorithms cannot be safely used in a white box attack environment, and even become extremely fragile. The key becomes a single point of failure for any protection system using a cryptographic technology. In the current attack method, it is easy to obtain the password by disassembling and statically analyzing the binary file and controlling the operating environment by using CPU breakpoints, observation registers, and memory analysis. In the existing case, we have seen that in unprotected software, key extraction attacks can usually successfully extract the key code stored as a text data array within a few hours.
The white-box cryptography algorithm is a new cryptographic algorithm. The difference between it and traditional cryptographic algorithms is that it can resist attacks in a white-box attack environment. The white-box password makes the key information fully hidden and prevents snooping, thus ensuring the secure application of the original cryptosystem in the sensing device and greatly improving the security.
2, significantly reduce costs
The Internet of Things (EoC) emerged as an emerging market, giving the global downturn a transformation and breakthrough. However, the Internet of Things is more of a cost-sensitive consumer market, such as wearable devices, smart homes, health care, and smart transportation. For example, we have seen a fierce price war in the embedded Wi-Fi chip market. The price of traditional Wi-Fi solutions exceeded 40 yuan. It dropped to about 30 yuan at the beginning of 2014. In mid-2014, the price dropped to about 20 yuan, and later it retreated. Only 10 yuan up and down. It is expected that competition will further increase in 2016.
There are corresponding hardware solutions for protecting the security of the device and protecting the key security. However, in this competitive environment, the hardware solution will inevitably increase the cost burden of the manufacturer, and even lead to the neglect of security issues due to cost. White box password as a software solution, the corresponding hardware solution naturally has the advantage of low cost.
3, software-defined security
When Gartner released the ten strategic technologies and trends in 2014, it first proposed the software defined software (Software Defined Anything) as a strategic technology. This is not a concept, but an actual technological evolution.
White-box cryptography, as a software-defined security, has entered the bottom line of basic chip security. Contrasting hardware to provide security, white-box cryptography utilizes obfuscation techniques and various mathematical theories to continuously make breakthroughs and research. There is still great room for development in the future. At the same time, new types of attacks against the Internet of Things devices are emerging, and white-box passwords can be used as software. More flexible dynamic response, can integrate other security measures, update and upgrade is also more convenient and fast.
4, a more purely trusted relationship
The application of mobile payment as a financial field represents a higher level of security. Researching mobile payment security We have found that hardware SEs and TEEs are often used to preserve and execute more sensitive data and processes to ensure security. However, few people think that SE and TEE need to be managed as security components, such as the TSM platform, and the platform manager may be a third party, a chip manufacturer, a mobile phone manufacturer, etc.; and if the SDK provided by the TEE development is also often used by the Provided by the three parties; and they are shared as a security element, and above are generally running procedures of multiple financial institutions, of course, there is a security isolation mechanism. However, we still feel a lot of participants in an application, too long and complex trust relationship.
White box password applications do not require the participation of various types of providers and can be used exclusively for one application. Data and security can be better controlled by application developers. Currently, HCE cloud payment adopts a white box protection scheme. White box cryptography has built a simpler and more purely trusted relationship, both in management and technology.
5. Accelerate the development of the Internet of Things
The development of the Internet of Things is like a sci-fi movie being put on the stage. It goes beyond people's daily thinking, and in addition to constantly experiencing surprises and even learning to live. The Internet of Things covers various fields in life, such as cars, homes, medical care, finance, energy, transportation, and industrial production. In terms of technology implementation, each area involves the three-tier architecture of the Internet of Things, involving specific sensing devices, The realization of mobile APP, cloud, communication and security guarantee.
As a new security application technology, white-box passwords can be widely applied in various industrial fields and applied at various technical implementation levels. For example, HCE cloud payment, car networking, and key and sensitive data protection are implemented at the endpoint (mobile terminal, vehicle terminal) level; in cloud computing, white box passwords can be used for software on the cloud to ensure the sharing in the cloud. On the resource pool, information that the user needs to keep confidential during encryption and decryption operations is not leaked.
Serpentine Belts,Serpentine V Belt,Poly Ribbed Serpentine Ribbed V Belt,Serpentine Belt
Zhoushan Aosheng Auto Transmission Belt Manufacturing Co., Ltd. , https://www.aoshengbelt.com