Every day, thousands of new devices are given internet connectivity - called the Internet of Things (IoT). Figure 1 displays IoT devices attacked worldwide in 2015. Most of the internet connected devices are inherently insecure and hackers realize this as an easy opportunity. Even though home routers were the most targeted devices, others weren’t spared.
This whitepaper provides a framework on system security design and the security software needed to achieve a system’s security goal. Four software models are examined and critiqued, with recommended strategies for choosing vendors within those differing models.
Modern technology is all about buzz words. Unless you have been trapped in the phantom zone for the past few years, you must have heard of quantum computers and blockchains. Some say that quantum computers are the next generation of computers, and blockchains are the next generation of the Internet. What will the next generation look like when we have both quantum computers and blockchains in a same room? A quantum apocalypse.
There are four primary use cases for implementing trusted computing with a Trusted Platform Module (TPM), the cryptographic module standardized by the Trusted Computing Group. This blog will give a brief overview of those use cases, which can be combined to create more complex and powerful solutions.
There are two worlds of computer security - high-end systems and then everything else. Both high- and low-end systems typically employ “top-down” defenses to harden their attack surfaces. These are “software-only” security techniques.
OnBoard Security’s Chief Technology Officer, Dr. William Whyte, has been involved in Vehicle-to-Everything (V2X) communications security for nearly 20 years. He is the editor of the IEEE 1609.2 security standard and has consulted for numerous automaker, the US Dept. of Transportation (DOT) and transportation organizations around the world. He is frequently asked to explain V2X security and give insights on potential vulnerabilities in the system.
At the Automated Vehicles Symposium (AVS) 2017, I addressed a plenary talk to the ~1,500 attendees, stating that even though it is unanimously considered as paramount, cybersecurity is still an after-thought. Or at least it still feels like it. Indeed, for the last two AVS editions, the cybersecurity breakout session reported similar open challenges, but no real changes have been seen since. In order to move the security needle, we took a different approach and didn't organize a cybersecurity breakout session. Instead, we identified that the missing components were the lack of inputs coming from the community of experts. To be able to build a more resilient system, cybersecurity experts should know about the limitations of each subsystem, and possible "nightmare scenarios".