Published November 14, 2016 by Sequitur Labs
Isolating and separating critical information such as device and network credentials, functions and data has long been considered a security “best practice” and is an important pillar for achieving end-to-end trust. On ARM-based processors, ARM® TrustZone® provides this hardware-based isolation.
Also essential to achieving end-to-end trust is protecting data on the device or during transmission. Implementing encryption enables maintaining data confidentiality.
Finally, authentication of each device is necessary to ensure that communication occurs only between devices with the proper credentials. Typically, this is achieved via exchanging device keys and certificates. Care must be taken to NOT use the same key to authenticate all devices. Different key pairs should be used between devices in order to contain the impact of a potential breach.
In summary, end-to-end trust is achieved when the integrity of each device is ensured, when data is protected at rest and in transit, and when credentials of each device in a system are verifiable.
Achieving end-to-end trust required security to be designed in at the foundational level so it can be propagated throughtout the system.
© 2020 by Sequitur Labs Inc. All Right Reserved.