IoTopia builds on GlobalPlatform’s previous work to secure the IoT and is intended to provide a blueprint for device makers to secure IoT devices and services across all markets and geographies.
This proposed common framework advocates standardising the design, certification, deployment and management of IoT devices.
IoTopia device security will be testable and meet vertical and geographical market requirements by building upon four foundational pillars:
- Security by Design: capabilities and features that go beyond best practice and define how secure components and APIs can be used with existing secure by design standards.
- Device Intent: IoTopia leverages IETF’s manufacturer usage descriptions (MUD) and uniform resource identifier (URI) to effectively manage device permissions and access on networks.
- Autonomous, Scalable, Secure Device Onboarding (SDO): IoTopia will offer an open, standards-based secure onboarding process to streamline network administration.
- Device Lifecycle Management: a range of features and capabilities to manage devices throughout their entire lifecycle, including updates and maintenance to services, in line with international regulations.
“The IoT ecosystem needs to get serious about cybersecurity. Many of today’s connected objects do more than simply provide information at your fingertips – they make use of sensitive data, gather information and even impact the physical world, in many cases in critical ways,” commented Kevin Gillick, executive director, GlobalPlatform. “In light of this, there is a need for ubiquitous and standardised end-point and network security to prevent devices from becoming an entry point into a network or a platform for attacks. These are serious security concerns that need to be addressed to realise the market potential of IoT – which is why we have launched IoTopia.”
This approach is intended to bring trust to the IoT ecosystem, as well as ensuring that compliance with baseline requirements incurs low to no additional costs for device makers.