ARM, Symantec look to build digital trust with new IoT security standard

A new protocol developed by ARM, Symantec, Intercede and others will aim to address the security challenges of connected devices.

The Open Trust Protocol (OTrP) combines a secure architecture with code management, aiming to create an open interoperable standard to enable the management of trusted software by reusing the already-established security architecture of eCommerce.

This means it does not require a centralised database.

The protocol is used with Public Key Infrastructure (PKI) and Certificate Authority-based trust architectures. It works with security solutions such as ARM TrustZone-based Trusted Execution Environments.

The parties developed the protocol after assessing security challenges involved in the Internet of Things, which will involve billions of devices across the industrial, home, health services and transportation sectors. They concluded that any system could be compromised unless a system-level root of trust was established.

OTrP is available as an IETF informational, as a download from the IETF website, for prototyping and testing.

The plan is for the protocol to be developed further by a standards-defining organisation to encourage wider adoption as a standard.

Other members of the agreement include Solacia, Beanpod, Sequitur Labs, Sprint, Thundersoft, Trustkernel and Verimatrix.

“In an internet-connected world, it is imperative to establish trust between all devices and service providers,” said Marc Canel, vice president of security systems, ARM.

He said: “Operators need to trust devices their systems interact with and OTrP achieves this in a simple way. It brings e-commerce trust architectures together with a high-level protocol that can be easily integrated with any existing platform.”

“With new technologies come increased security risks,” said Brian Witten, Senior Director, Internet of Things (IoT) Security, Symantec.

“The Internet of Things and smart mobile technologies are moving into a range of diverse applications and it is important to create an open protocol to ease and accelerate adoption of hardware-backed security that is designed to protect on board encryption-keys.”