Learn from our experts
Designing secure IoT products
Creating secure products with ease
The industry is coming together to create streamlined best practices, frameworks, and certifications. Nordic aligns withto provide a standardized approach to security that guides customers through their individual security journey. Below we have highlighted a few simplified steps, guiding you towards a successful result:
Analyze - Threat models & security analysis
Understand the critical assets that need to be protected in your product, and what threats that have the potential to compromise it, to identify the most effective security measures.
Architect - Hardware & firmware specifications
Once the analysis is concluded it needs to be translated into technical specifications.
Implement - Firmware Source code
The required features must be implemented in the firmware, based on high-level APIs that interface to the hardware root of trust.
Certify - Independently tested
The final step to confirm that all requirements have been satisfied and to establish the reliability of your product is an independent security assessment of your device.
Security goals and objectives
At Nordic we have a clear goal when it comes to security. Enable everyone to design and deploy secure products, by:
- Making the right choices from the start.
- Understanding the threats and value of security
- Protecting critical assets against common threats
Secure boot and secure update with anti-rollback
Security starts at boot time to ensure that only authorized software can be executed and updated on a device. Reinstating previous software versions should be prevented to ensure that fixed security issues don't become exposed.
Isolation between secure and non-secure environments
There must be separation between trusted and un-trusted services to avoid compromising the entire device. Un-trusted services should interact with trusted services through APIs that ensure functionality while keeping confidentiality of critical data and resources.
Secure storage
Critical assets must be uniquely bound to each device and protected from any intrusion, to ensure confidentiality and integrity.
Attestation and unique identification
Every device should be uniquely identifiable and attestable so that a trusted interaction can be established. See the nRF Cloud Security Services for more information.
Security Lifecycle
Device security must be defined through different product lifecycle phases, from initial assembly to decommissioning and every step in between. The nRF Cloud Security Services can simplify some of the lifecycle phases.
Cryptographic services
A secure product sits on top of a set of trusted cryptographic services to enable the implementation of all required security features.