Even before the days when the IoT was just a twinkle in some marketing person’s eye, internet security was, is, and always will be an ongoing concern. Better put, it will always be an ongoing battle. That’s because with each new security technology or patch, there’s a group of digital vandals out there in cyberspace finding ways around, over, under, and through them.
In the “old days” of the internet, hacking was not as sophisticated as it is now. The effects ranged from mildly annoying to socially and/or financially crippling for some individuals and organizations. Today, with the multiplication of devices connecting to the web occurring by the minute, hackers have a wealth of targets, a cyber smorgasbord if you will. Everything from one’s personal photos to financial and medical info is up for grabs by invisible villains lurking across the worldwide web. Can you say security is not a major issue?
Almost everyone is familiar with the security protocols dubbed Transport Layer Security (TLS) and Secure Sockets Layer (SSL), if just from configuring email accounts with various versions of Microsoft Outlook and similar email apps. These cryptographic protocols have provided, to greater and sometimes lesser degrees, security over networks.
According to Wikipedia, the TLS protocol aims primarily to provide privacy and data integrity between two or more communicating computer applications. When secured by TLS, connections between a client and a server have one or more properties:
- The connection is private or secure because symmetric cryptography is used to encrypt the data transmitted.
- The identity of the communicating parties can be authenticated using public-key cryptography. This authentication can be made optional but is generally required for at least one of the parties, typically the server.
- The connection is reliable because each message transmitted includes a message integrity check using a message authentication code to prevent undetected loss or alteration of the data during transmission.
It’s one thing to read about these security strategies and realize their necessity, and another to get an expert look at how they work to protect your enterprise as well as how to implement the best security measures for your needs. And there is one very simple thing you can do to garner greater illumination and effectiveness in this area.
On Tuesday morning, October 16, 2018 at 10 AM at Sensors Midwest in Rosemont, IL, the presentation titled “An Overview of TLS 1.3” will give attendees the information and tools necessary to secure their IoT applications now while offering strategies for the future. The presentation, given by Chris Conlon, Engineering Manager at wolfSSL, an Open Source Internet security company focused primarily on SSL/TLS and cryptography, will give attendees an overview of changes in TLS 1.3, how the protocol works, and what advantages it offers for resource-constrained devices.
One of the predominant protocols for connected sensors and industrial device security is SSL/TLS. Over the last several years, the new up-and-coming TLS 1.3 specification has been in development. Nearing standardization, TLS 1.3 makes substantial changes to the TLS protocol to allow for better security and performance.
Chris Conlon is an Engineering Manager at wolfSSL,. Chris has worked closely with the wolfSSL TLS library, wolfCrypt cryptography library, and the tech community to help secure connected applications and smart devices worldwide. Chris currently resides in Bozeman, MT.
To get on top of these protocol changes as well as future security issues, a simple two-step dance is required:
And while you’re at it, check the conference schedule for some of the other highly informative and educational sessions available. Also, peruse the list of exhibitors who will keep you abreast of all the latest products and trends in the sensor universe.