Rambus Brings Ease of Use to IoT Security

Days after a massive cyberattack crippled computer hardware around the world, Rambus Inc. is rolling out a service designed to bring a simple but powerful form of security to Internet of Things (IoT) applications.

Known as IoT Device Management, the service is said to provide a secure channel between IoT devices and their cloud servers, and do so in a way that requires little or no security expertise on the part of the equipment designer. The company is targeting it at all types of IoT applications, from smart appliances to factory floor machinery. “We’re providing end-to-end secure connectivity, and it’s all pre-integrated,” Asaf Ashkenazi, senior director of product marketing for Rambus, told Design News. “You don’t need to have security experts – not in the cloud or at the client.”

The solution is made up of software modules that are pre-integrated into the firmware of chipsets made by silicon vendors who manufacture microprocessors, microcontrollers and wireless devices. The technology is also pre-integrated into the platforms of cloud service providers. Rambus said it is working with Qualcomm Technologies, Inc., which makes wireless devices, but it has not yet named any other silicon vendors, or cloud service providers, who will incorporate its IoT Device Management system.

The company’s announcement comes at a time when cybersecurity is making headlines around the world. Last week, attackers spread malware to businesses in at least 74 countries, effectively hijacking their computer systems. Victims included Britain’s National Health Service, Nissan Motor Co., Renault SA, and FedEx Corp., along with hundreds of banks and gas stations.

Rambus aims to head off such attacks with a form of security that locks up all the IoT system’s Internet communication. Once a Rambus-supported device is powered up and connected to the Internet, it is automatically identified and authenticated by the IoT Device Management system. The device is then securely provisioned over the air, creating a secure communication channel. Data encryption and decryption, mutual authentication and key management is handled automatically by the software, the company said in a statement.

The service could potentially plug a gaping hole in IoT applications, the majority of which are woefully unsecured. A 2014 study by Hewlett-Packard revealed that 70% of IoT devices had security “holes,” with each having about 25 vulnerabilities, on average. Problems included insufficient authorization, lack of encryption, insecure web interfaces and inadequate software protection. In a particularly well-known case at Target Corp., thieves made off with 40 million credit card numbers after entering the company’s network through an Internet-connected air conditioning system.

“With many of these devices, anyone can connect to them,” Ashkenazi said. “They have no authentication, no encryption. You can connect to them from anywhere in the world and manipulate them. It’s really scary.”

Ashkenazi said IoT systems are particularly vulnerable, largely because they are at once simpler, yet more difficult and costly to protect. Moreover, developers of such systems tend to be less familiar with security, he told us.

“If I’m an engineer who has worked throughout my career on washing machines, I can put a wireless module on my product, but I may not know what to do for security,” Ashkenazi said.

Rambus said it designed its new service as a turnkey, fast-time-to-market solution for just such situations. Because the software modules are pre-integrated at both ends of the IoT wireless connection, design engineers don’t need to be security experts.

“In terms of security fundamentals, the IoT doesn’t need anything new,” Ashkenazi told us. “Those were invented a long time ago. We’re just making it easy to use.” 

Senior technical editor Chuck Murray has been writing about technology for 33 years. He joined Design News in 1987, and has covered electronics, automation, fluid power, and autos.