What is “Secure by Design”?
In simple terms, building security by design means accepting that a system is only as secure as its weakest link. This means that at every stage of product development security needs to be a priority and must be reinforced, lest that security is compromised.
And when I say ‘every stage of development, I mean it.
Secure by design means addressing security across the entire development cycle, from initial conception through to product release and then post-release, with every update and every patch as security-focused as the last. It’s not about bolting on security later or addressing security as a single step in a development process; it’s a commitment to security from day zero.
When I am architecting systems or contributing to the development of a new product, I adopt a secure by design approach that starts at the beginning with the definition of the product requirements. Even when we are still collecting market and customer inputs, studying industry trends, and defining what the product should be, security is always top of mind.
IoT Device Security and processors like i.MX8 families
A recent security-focused article from Microsoft highlighted seven properties of highly secure devices, and first and foremost is the hardware. With this in mind, an early focus of an engineer like myself is the hardware in general and supporting the OEM in their software choices in particular.
An OEM might already have their own prototype hardware built, for example, offer us access to the device-level open-source software and the associated documentation. Our team of knowledgeable experts can help implement the security components to their system.
We continue this engagement with the OEM and their hardware choices throughout the development of the product. We are there when the OEM is prototyping with the right security enablement and support, and beyond prototyping, we’ll help the OEM to implement a completely secure system across the entire lifecycle of the product.
Another concept that is useful to keep in mind here is automated renewable security. Automated renewable security enables continual device-level security upgrades during the life of the product. When the product is out in the field and as new security threats are identified, the product is constantly updated. For IoT products with long lifespans out to 10 years and under constant security threat, this consistent focus on security is enormously important.
And it is here that the NXP i.MX 8 really shines.
Security Features on the i.MX 8
The NXP i.MX 8 is the perfect hardware choice for secure by design IoT. Among the security features of the i.MX 8 are:
- Secure Boot: If a device is infected with malware, that malware might take control of the boot sequence and impact sensitive data, services, and even the network. The Secure Boot capacity of the i.MX 8 relies on digital signatures to prevent any unauthorized software execution during the boot sequence.
- TrustZone: Unauthorized software that is executed on a device can put sensitive data, as well as the security of the device, at risk. The i.MX 8 leverages the ARM TrustZone security hardware to ensure that only authorized software is allowed to run on the IoT device.
- Secure Cloud to Edge: With processing happening on the edge and in the cloud, networks need to be secure from the device itself through to the cloud with Azure Sphere. The i.MX 8 has a broad ecosystem to protect devices, report in real time that a device is authentic and approved.
- Intelligent Power Tracking: Attacks on a device or network can sometimes be detected by shifts in power transitions and power states. The i.MX 8 has the capacity to intelligently track and manage power transitions and states and minimize the attack surfaces available to bed actors.