The next layer to cover in my blog series on IoT Device Security Considerations and Security Layers is that of Encryption.
With the IoT expect to be collecting and storing masses of data, protecting the data is a key consideration for any system.
Encryption plays an important part on devices these days and it can be used/be part of a number of the layers in the IoT stack. End to end encryption should be considered in any IoT design.
There are numerous encryption standards currently available and product to help you secure your data. Some are now being tailored to IoT applications and solutions.
There are two main areas of consideration for encryption in an IoT design:
Data is about encrypting the data at rest (data on a storage device) to secure the information.
Communication is about encoding data as it is sent over a network.
The main issue with encryption though is the overhead of encrypting & decrypting and the impact on resources on the IoT device/system. This has been recognised by chip manufactures and application vendors as they work together to speed up this process. An example of this is Intel and McAfee. Other companies are doing the same.
In any case the use of encryption should be given considerable thought, especially on any network communications and back systems to protect the data. There have been many cases in the news illustrating what can happen if your data is not encrypted.
- Lightweight Cryptography for the Internet of Things
- Advanced Encryption Standard
- Cryptography Standards
- Data Encryption Standard