PKI

Protection concept. Protect mechanism, system privacy. Vector illustration

Spotlight: Deepika Chauhan of Digicert on the Challenges of Securing the Internet of Things

Podcast: Play in new window | Download (Duration: 25:57 — 29.7MB)Subscribe: Android | Email | Google Podcasts | RSSThere’s an epidemic of insecure Internet of Things devices. But why? And what is the shortest path to ending that epidemic? In this Spotlight Edition* of The Security Ledger Podcast, we speak with Deepika Chauhan, the Executive Vice President of Emerging Markets at DigiCert. Her job: forging new paths for the use of public key encryption to secure Internet of Things ecosystems.

Firmware used by BLU smart phones was observed transmitting sensitive data to a firm in China.

Experts Propose Standard for IoT Firmware Updates

Bleeping Computer reported that a new proposal submitted to the Internet Engineering Task Force (IETF) defines a secure framework for delivering firmware updates to Internet of Things (IoT) devices. Insecure software updates for embedded devices (aka ‘firmware’) have been a frequent source of security lapses on mobile and embedded devices like Internet connected webcams. Filed on October 30, the “IoT Firmware Update Architecture,” establishes security requirements for device makers to implement when designing firmware update mechanisms for connected devices. A familiar list of features The proposed rules include features that have long been recommended by security experts to permit safe handling of software updates. Among them the use of cryptographically signed updates and public key cryptography to provide end-to-end security and verify firmware images, as well as the ability to work with low-power and resource constrained IoT devices. Firmware has been the source of widespread security issues. For example, low-cost […]

Podcast: The Internet of Things’ Entropy Problem and why it matters

Podcast: The Internet of Things’ Entropy Problem and why it matters

In-brief: Governments may worry about the democratization of strong encryption. But a bigger problem may be that the encryption we think is strong really isn’t, says Richard Moulds of the firm Whitewood. In this podcast, we talk about the.growing difficulty of generating truly random numbers in cloud environments and on the Internet of Things and how ‘entropy as a service’ may be the answer.