The world is becoming an increasingly networked place, and this trend is being accompanied by a growth in the number of threats we face from data manipulation and theft, attacks from criminal hackers, and even state intelligence services. This affects companies, infrastructures and private users alike. According to the latest surveys, half of all Internet users do not regard their data as secure on the Internet - an alarming statistic. For businesses, customer trust is just as much a foundation of their business models as it is for the digital communication and transactions engaged in by citizens. The use of encryption and other protective mechanisms is vital to guaranteeing network security. In this sphere companies have a high degree of responsibility for ensuring that such technologies are available to everybody in readily usable form.

As a technology developer with several years of expertise in the secure connections market, NXP is advocating a change of perspective in this environment: one which places data protection and the security of end customers and users at the heart of the networked world.

  • Comprehensive privacy protection
    The open network within which people and things communicate is highly vulnerable. The data created and exchanged can always be linked with people as users and with their identities. If this personal data falls into the wrong hands, or if it is falsified or damaged, what arises are threats such as the invasion of personal privacy and violation of informational self-determination, the creation of user profiles, data espionage, and the manipulation of data for fraudulent purposes or in order to launch attacks.
    What effective security concepts for today's networked world need to do is make both data and the anonymity of end customers and users a top priority. To achieve this, the integrity of data from the networked world - of the devices, things and sensors with which people exchange information - must be guaranteed at all times. Whatever method is chosen, however, protecting user rights (in the form of informational self-determination, data sovereignty and privacy) requires 'human' identities to be kept separate from device identities. An example of anonymization technology can be found in the IEEE 1609 standard applied in vehicle communication (V2X): in line with this, vehicles constantly use new 'pseudo-identities' during communication processes, making it impossible to track a driver's route on the basis of an unchanging vehicle identity.
  • Safeguarding data sovereignty In the extensively networked environment that is the Internet of Things, protection against undesired flows of data is particularly crucial. People and companies must themselves have complete sovereignty over who is able to retrieve data from the devices they use, and what kind of data this is. This requires absolute certainty in knowing which other (external) device wishes to access internal data - so a person controlling their smart home from a smartphone, for example, must be sure that there is no way for third parties to gain access to their data and devices too.
  • Data security and data protection go hand in hand
     Networked devices must observe the principles of 'Security by Design'; in other words, they must be designed in a way that either rules out manipulation of their integrity or, at the very least, makes this as difficult as possible. It is also essential to ensure that a digital device identity protects the user's anonymity, something which requires the use of available Privacy-by-Design technology in order to anonymize the user and protect their privacy (e.g. multiple keys, anonymous attestation and zero-knowledge protocols).
  • Verifiable security standards
     Verifiable minimum security standard are essential to achieving maximum commitment in the efforts to apply the security mechanisms referred to here in the Internet of Things. An independent security assessment institute may be the way to ensure that standards are implemented and adhered to on this basis. Not only would this be to the benefit of security in the IoT, it would also enhance companies' and users' trust in the used technology.

NXP continually engages with representatives from science, industry, politics, associations and organizations in publicly discussing its proposals for regulations to protect users and their data in the Internet of Things. As part of this engagement, NXP has created the communications platform 'Me&My Smarter World'. The most recent example of this series was the panel discussion Smart and Secure - How to protect Drivers and their Data, which took place at this year's IAA motor show in Frankfurt. Here, NXP discussed data security with Andy Greenberg, writer of the Wired article on the Chrysler Jeep hack; Dr Tobias Miethaner, Head of the Digital Society Department at the German Federal Ministry of Transport and Digital Infrastructure; plus other representatives from business, industry and specialist media.

distributed by