Three Approaches to IoT Security: Part One

There is no single path to securing mobile devices and networks. This three-part series of articles will explore a trio of different security approaches that companies deploying Internet of Things technologies might consider as they develop IoT products and services.
By Mary Catherine O'Connor
Jul 29, 2015

(Read Part Two.) (Read Part Three.)

For all the talk about the importance of securing the Internet of Things, discussions often lack in specifics. But in recent weeks, IOT Journal has talked with three organizations that are developing different approaches to data security and privacy in the IoT. Today's article focuses on a new approach that was developed at Sandia National Laboratories, which is now seeking technology partners to help commercialize the approach in a way that could have broad IoT applications.

When Peter Choi, a principal member of Sandia National Laboratories' technical staff, began working on technological approaches that international agencies could use to ensure compliance with nuclear nonproliferation treaties, he never thought he would develop something that could also be utilized to improve the security of the Internet of Things, including smart cards and other radio frequency identification (RFID) devices.

Peter Choi
"Countries that deal with nuclear resources sign treaties saying, 'We're only using this for energy, not weapons,'" Choi explains. To help monitor the actions of these nations, the international community "has a pretty serious need for sensor devices that can be placed in other countries."

Most current approaches rely on RFID tags, Choi says, which are susceptible to tampering by those who could modify the information or change the tags' unique identifiers to conceal actions in violation of treaties. When looking for alternate technologies, Choi and his staff studied an approach to encryption called the physically unclonable function (PUF).

PUF can be implemented in multiple ways, but all approaches exploit very small variances (often measured in nanoscale) in chip manufacturing. For example, chipmakers use millions of transistors, and a very highly controlled process with the goal of producing integrated circuits so that each one is exactly alike the others. "But when you're soldering in these very small transistors, there is no manufacturing process that can control the amount of metal applied to the chip at the molecular level," Choi explains. "So there are nanoscale variants in producing the IC that gives rise to a very unique signature for each circuit." As a result, he says, every IC has a unique fingerprint.

But using PUF to authenticate devices has some drawbacks. For example, ambient temperature and a device's age can impact the signal propagation enough to result in changes to the PUF fingerprint. So after further study, Choi and his team created an approach that they called the physically unclonable digital ID (PUDID). This is based on PUF, but uses fingerprinting at the macro instead of nanoscale. At the macroscale, a hacker might have the capability to reproduce the fingerprint, but that fingerprint would be so complex that it would be extremely onerous to hack.

Simply enter a question for our experts.
Sign up for the RFID Journal Newsletter
We will never sell or share your information
RFID Journal LIVE! RFID in Health Care LIVE! LatAm LIVE! Brasil LIVE! Europe RFID Connect Virtual Events RFID Journal Awards Webinars Presentations