Managing Security in Wearables | Cypress Semiconductor
Managing Security in Wearables
IoT devices, such as portable health monitoring products and wearables, because they are connected to the Internet, are inherently susceptible to security hacks. Malicious attacks from a third-party can wreak havoc on unsuspecting individuals in a variety of ways, from using a device in a distributed denial-of-service (DDOS) attack to invading one’s privacy. As developers of IoT devices, you need to make sure that security is baked into your connected product from the beginning. You can’t afford to wait until a security breach harms your customers and destroys your brand and reputation. A recent study by the Internet Society found that “53 percent of consumers distrust connected devices to protect their privacy and handle information in a responsible manner.”
To be compliant with data protection rules such as GDPR and HIPPA, (and because it’s simply good business practice to do so), IoT device makers must protect user data and not share such information without consent. But designing security into your IoT device can be challenging. Not only do you have to worry about data privacy, but you also need to make sure that your device cannot be hacked and taken over by “bad actors.” Cypress’ PSoC 64 Secure MCUs feature application security with a hardware-based root-of-trust, secure key storage, hardware-accelerated cryptography, and a secure operating environment. This security combined with the ultra-low power, flexible processing, and small footprint enabled with the PSoC 6 architecture make it an ideal solution for wearables.
The definition of a secure system can be different, depending on the application. Some systems require that all access to the device is blocked, while others just need to verify that the firmware has not been tampered with or copied. Cypress brings together MCUs with programmable security levels, wireless connectivity, and firmware for a complete, secure embedded solution (Figure 1), and partners with leading cloud service providers to enable end-to-end privacy.
Figure 1. Cypress offers complete secure embedded solutions for IoT devices.
Levels of Security
Fitness trackers and smart watches can tell where you are at any moment, thanks to GPS technology installed on the connected smart phone or on the device itself. These products also store personal health information, such as heart rate, physical activity, and sleep patterns…information that your customers don’t want to have get into the wrong hands. This information is transmitted from watch to phone and often to the cloud, so security must be locked down at every level.
Last year, U.S. military troops overseas were ordered to disable GPS tracking services on their mobile devices after it was discovered that certain fitness tracking services were making heat maps of their users’ movements publicly available, potentially putting soldiers at risk.
While it’s true that most hackers are not interested in a user’s fitness levels, they can learn a lot by triangulating the various collected data points to understand when the user will likely be away from the office or home. In the case of the military, the concern was that non-military personnel would be able to use heat maps to monitor troop maneuvers or determine the layout of military bases. And, since many smart watches, can connect to the Internet via Wi-Fi, hackers today have greater flexibility to remotely hack into a user’s device to access email or other information.
Cypress solutions protect user data in a variety of ways, one of which is through positive identification. For most wearables, a fingerprint, face, or retinal scan is enough to authorize device access. But for applications where additional security is required, secure MCUs, like PSoC 64, can provide the wearable with protected cryptographic identity, known as “root-of-trust.” The root-of-trust provides the trust anchor to support the secure boot chain of trust, along with additional security services, such as mutual authentication, attestation, secure storage of cryptographic keys, and other functions.
For added security, Cypress’ IoT platform software includes fully integrated and validated cloud functions, such as MQTT, data collection, and device auditing. It also includes secure cloud functions such as Transport-Layer Security and Firmware-Over-the-Air Updates. Key architectural security features include isolated dual Arm® cores, hardware-accelerated cryptography, true random-number generation, nonvolatile memory, and encrypted external flash. What’s more, the PSoC 6 architecture provides an ultra-low power architecture with small-footprint packages and flexible processing which are all ideal features for wearables. Figure 2 below details the security features built into PSoC 64 Secure MCUs.
Figure 2. Security features of PSoC 64 Secure MCU family.
For more information about Cypress’ PSoC 64 Secure family of MCUs, please download our product brochure at: https://www.cypress.com/file/461301/download