Entropy and Time are paramount to any true security system. PriVerify is uniquely positioned to provide these with only a couple of clicks for existing Linux server instances. But when dealing with IoT devices, there must also be a tailored security component included at the time of manufacturing to make effective minimization of vulnerabilities, current and future. And these must be tailored to the device - considering bit/byte order, different CPU instructions, different ways of booting... even differences optional hardware secure elements and other optional hardware mean that the security approach taken for a device must be unique to work.
Yet this is not happening. There is a notable and alarming absence of upstream attempts at IoT security at the manufacturing phase which leave IoT devices falling short in their security posture and therefore exposed to vulnerabilities.
Take for example the Raspberry Pi... The Raspberry Pi Foundation produces the Raspbian distribution for download as just a single version compatible with the half dozen different hardware models. Albeit, there is no security impact (at least not that we are suggesting by using this example of model diversity), the 3 different CPUs have differing capabilities. For example, the Raspberry Pi 3B and 3B+ are capable of running in 64-bit mode, but Raspbian is only available built for 32-bit mode to be compatible across all models.
The bottom line? IoT Security is not one size fits all. Considerations related to Entropy and Time, and a device's unique attributes, must be made at the manufacturing development phase in order to ensure true security.The PriVerify Solution
Foundation First. Instead of leaving the biggest challenges to afterthought, PriVerify already has built its Simple Extensible Comprehensive Foundation (SECF) and is delivering service to a number of platforms, already in its 3rd production release.
A number of IoT platforms are available, with the ability to purchase pre-personalized, fully assembled, fully secured, and fully managed devices throughout their lifecylce. In other words, we can deliver fully operational devices which, based on your needs, will require little to no development or operational costs outside of the neatly, and efficiently packaged NRC/MRC per device.
PriVerify is built for enterprises and businesses who use IoT and Linux in general (cloud or on-prem) who value the integrity of their data. Learn more or contact the experts directly.