Crypto-Agility for the Internet of Things

Deployments of Internet-of-Things (IoT) devices have grown exponentially in recent years, being installed in connected vehicles, medical equipment, utility companies, schools, homes, surveillance cameras and almost unlimited other use cases.

Securing The Supply Chain

Gartner predicts that there will be around 25 billion IoT connected devices in the field by the end of 2021.
As with zero trust networks, cryptography plays a fundamental role in achieving protection, authentication and security within and across connected machines and devices.

This becomes even more significant with increasing adoption of Edge computing: processing and analyzing data that emanates from data rich connected devices in multi-local cloud environments.

Given that cryptography is the backbone of digital trust across connected IoT devices, securing these devices begins with managing the full cryptographic lifecycle of the embedded chip – from manufacturing to deployment.

Current approaches outdated.

The identity and character of the IoT device resides at the chip level, which ensures all data loaded into the chip can be monitored. By associating chip identification with cryptography assets, such as certificates, keys and encryption, assessing the cyber security readiness of the IoT ecosystem becomes possible.

Given their life span, IoT devices must be designed and built to handle sensitive transactions for long periods of time (10+ years), and will have to be continuously updated to accommodate changing regulations and cryptographic standards.

But the current manual, static, and fragmented approach to discovering and remediating cryptography is sorely outdated.

InfoSec Global offers a transformative approach.

InfoSec Global delivers a unified, dynamic approach to discovering, protecting and controlling the management of cryptographic assets across IoT devices and entire digital ecosystems.
Our transformative Crypto-Agility Management Platform allows users to replace cryptographic assets across all IoT devices – from portable devices to connected vehicles –  with minimal impact to operations and service levels.

The AgileSec Crypto-Agility Management Platform

To achieve cryptographic agility, the AgileSec Crypto-Agility Management Platform provides the capability to move from a legacy, static model to a unified, dynamic approach – providing IoT managers with several key agile capabilities:
Deploy Crypto-Agility architectures
Enables sensitive applications with agile cryptographic architecture to enable the decoupling of underlying cryptographic algorithms.
Define crypto policy
Defines the cryptographic functions that should be used to protect sensitive information independently from the development team. With a cryptographic policy, security teams are in control of their cryptography.
Swap out vulnerable algorithms
Dynamically removes obsolete algorithms and deploys new ones without source code modifications. The application can leverage cryptographic mechanisms that were not initially planned when it was released.
Support “Bring Your Own Crypto”
Enables applications with any type of cryptographic capabilities, including post-quantum or sovereign algorithms, while ensuring interoperability with international standards.

A Platform for All Stakeholders

With the AgileSec Crypto-Agility Management Platform from InfoSec Global, discovering potential vulnerabilities, protecting digital systems by making changes quickly on-the-fly, and automating the management of cryptographic assets across all IoT devices and digital systems, all the time, becomes possible for all stakeholders across the supply chain.
IoT and embedded systems providers
Build IoT devices that will handle sensitive transactions for long periods of time, and continuously update to changing regulations and cryptographic standards.
Semiconductor companies
Provide security chipsets to OEMs (mobile, automotive, etc.) that have to comply with evolving threat landscapes, regulations and standards.

ISG supports semiconductor companies focusing on markets subject to specific cryptographic regulations to enable them to seamlessly address the upcoming requirements of their end-customers.
Technology companies
Build systems to comply with complex cryptographic requirements from regulations, standards and customers.
Download crypto-agility white paper