The Edge is a place, removed from central IT systems, where commercial and private transactions take place on tiny, resource-constrained devices. It is a place where smart sensors control our living and work environments, RFID tags ensure the optimal flow of goods and where armies of microprocessors lend computational intelligence to everyday objects such as coffee makers and dish washers. The underlying concepts and ideas have many names at the moment such as Internet of Things or Web2. At Revere Security, we simply call it the Edge because we do not care much for buzz words.

What is clear by now is that these new Edge capabilities will change our lives in many ways. Appliances can notify their own manufacturer when they need a service, cars can pre-program the navigation system after synchronizing meeting locations with our calendars and energy consumption can be optimized through the smarter use of electricity that generates savings for each household and contributes to the greater good as well. All of these new capabilities make our lives more pleasant and automate what we do. Yet, they open up threats to our privacy and safety as well.

On one hand, we might well become more transparent and more predictable. On the other, automation opens up the ability to disrupt our lives in substantial ways. As with all new technologies, the key to success lies in walking a fine line between enriching our lives and protecting them at the same time. We have already begun to witness a new class of threats on industrial control systems, the Smart Grid, in-vehicle automotive systems and RFID, to name a few examples. In our opinion, these threats will continue to grow and thrive mainly because Edge devices are among the least protected components in information systems today.

An instructive example is an attack on a nuclear facility in which IBM researcher Scott Lunsford was able to tunnel into the control system by hacking an industrial device. Luckily this was a friendly attack. According to the scientist, it would have been “… as simple as closing a valve” [1] to shut down a large part of the power supply for the State in question. An attacker, whether commercially or politically motivated, will always choose the easiest path into a target. As long as industrial controllers use four-digit passwords and, in one case, the same password on nearly all devices world-wide, it will be too easy to overlook the opportunity.

To remedy this situation, we need sound security that protects the microcontrollers of Edge devices as well as their wireless communication to backend systems. The required technology has to encrypt data, authenticate the parties in a communication and ensure that data has not been tampered with. In addition, key management systems need to evolve from managing thousands to potentially handling many millions of keys in a short period of time. In essence, Edge devices need to be protected in very much the same way that large, central IT systems are, yet through algorithms and technologies that are much more efficient than what we are accustomed to from traditional cryptographic solutions.

At Revere Security, we focus exclusively on Edge Security and have developed a cryptographic suite of products that includes symmetric and asymmetric key algorithms for small, resource-constrained devices, database key lookup technologies that can handle hundreds of millions of keys per second, a key management approach for highly secure key distribution and microchip designs that allows a fast and efficient implementation of the algorithms on Edge devices. All of these products are available for deployment today. In addition, they are deeply integrated into the Sophos /Utimaco HSM product line.

If you would like to find out more, please visit us at www.reveresecurity.com or register for our joint Sophos/Revere Edge Security workshop featuring our Revere Security Chief Cryptographer Dr. Whitfield Diffie at http://hsm.utimaco.com/company/utimaco-workshop/. Dr. Diffie will speak on Edge Security and sign his book for participants during the event. Attendance is limited to 35 participants.

[1] Greenberg, A.: America’s Hackable Backbone, Forbes.com, August 2007