IoT Security: Q&A with Sanjay Bhal, Texas Instruments
System designers are addressing security issues for the IoT.
Our thanks to Sanjay Bhal of Texas Instruments (TI), who recently shared his insights concerning IoT security issues.
EECatalog: Would it be fair to say that Security has “outsider” status when it comes to the IoT? If it should have “insider” status, what are the approaches and technologies that can help bring this about?
Sanjay Bhal, Texas Instruments: In the overall IoT, we see growing awareness about security. In the near future, we at Texas Instruments do anticipate that security will gain increasing importance for the IoT, and we will become more involved in facilitating security.
We are working on a variety of innovative technology approaches that will enable system designers to address their security needs for the IoT using TI devices. Many find the new threats (e.g., privacy violation, IP theft, personal data breach buffer overflow, escalation of privilege level, etc.) brought about via connection to the Internet particularly worrisome. It’s certain that more IoT offerings and equipment manufacturers will likely need to include greater protections against these types of threats.
EECatalog: What are some of the latest methods and products available (or close to being available in production quantities) for helping something like an automotive infotainment system avoid becoming a security vulnerability?
Bhal, Texas Instruments: TI has a variety of measures available in our silicon solutions that can help manufacturers protect their end products against security vulnerability—starting from secure boot of the software and including some inbuilt cryptography accelerations. While the silicon acts as a building block, we also recognize that the software running on the silicon plays a big part in enabling product protection against security vulnerability. TI can work collaboratively with customers to help them put security mechanisms in place to enable the next level of protection for customer specific end equipment.
EECatalog: Should taking action on security be paired with something else to make spending money on it more palatable, e.g., upgrading legacy systems so that customers can harness cloud power and at the same time taking measures to introduce/improve security?
Bhal, Texas Instruments: Yes. I believe that customers will increasingly require that most of the next generation of embedded devices has better protection against security vulnerability. Many manufacturers of end equipment will take security into account when they plan major design changes.
We expect the need to update firmware in the field will also end up increasing, because security breaches will be found, and security patches will need to be installed in the field.
EECatalog: One individual whose firm is involved in security has indicated to me that in some cases the security for the IoT is at such a non-existent/infancy stage that ANYTHING would be better than what we have now.
Bhal, Texas Instruments: In my view, no security is better than bad security, because bad security gives a false feeling of security and reduces the awareness of the risk. It’s better for a customer to know that its product is not secure, than for the customer to assume it’s secure while it’s not.
EECatalog: Are we still very early in the process of hardware security and software security working together for embedded devices and how do you see the process going forward?
Bhal, Texas Instruments: So far, we’ve seen many customers making good progress in developing embedded products that effectively use hardware security in collaboration with software security. At TI, we will continue to work with customers so that they can better enable security for their end products. TI will also integrate more security features in our products to make designing for security easier for our customers.