Any system, and that includes internet-connected devices of the IoT world, could be compromised unless a system-level root of trust was established.
This is a message sent by a group of technology security experts, including ARM, Intercede, Solacia and Symantec. The companies assessed the challenges of connecting billions of devices to the internet, and concluded that security sensitive software can be managed to an e-commerce standard.
But the companies aren't just pointing out the problem – they're also looking to be part of the solution, which is why they collaborated on the Open Trust Protocol (OTrP) to combine a secure architecture with trusted code management. Other members of the OTrP Joint Stakeholder Agreement are: Beanpod, Sequitur Labs, Sprint, Thundersoft, Trustkernel and Verimatrix.
Technologies which are in use in large scale banking, and sensitive data applications on mass-market devices have been used.
“In an internet-connected world, it is imperative to establish trust between all devices and service providers,” said Marc Canel, vice president of security systems at ARM.
“Operators need to trust devices their systems interact with and OTrP achieves this in a simple way. It brings e-commerce trust architectures together with a high-level protocol that can be easily integrated with any existing platform.”
OTrP is currently in an early development stage, but all those interested in the high level management protocol can head over to the IETF website and download it, for prototyping and testing. It is planned to be further developed by a standards defining organization.