Skip to main content
Loading ...

Your Country

Your Country

Change your address
Search

You are here

Security - the u-blox trusted domain

In industrial applications for the IoT, every attack surface must be secured in order to establish a chain of trust. Learn more about u‑blox's five pillars of security.

Why security?


Sign up here to view the complete security webinar

  • To avoid misuse of applications, secure data, and data transmission, system designs need to follow security principles
  • Exposed interfaces in applications can be used as attack surfaces
  • Any attack will cause harm, including: immediate cost, damages, consequential costs

     

An attacked system may be subject to:

  • Firmware attacks, in which changed code can modify behaviour or access secrets
  • Data attacks, which attempt to interfere with normal operation
  • Man in the middle attacks, in which interface I/O capture is used to change or replay the control or data to interfere with actual values

Read our blog post on Secure IoT identities

Areas of security

Confidentiality
Confidentiality System assets can be only used by authorized parties (secrecy)
Availability Assets are accessible for authorized parties for a limited time
Integrity
Integrity Measure of the trust in the information correctness provided by the system
Robustness
Robustness Systems are impervious to intentional or unintentional interference


 

Five principles of security that create the u‑blox Trusted Domain

Secure Boot The firmware is authentic, has not been modified and cannot be downgraded
secure boot and firmware
Secure Firmware Updates (FOTA) Only authenticated and validated updates can be applied
secure API
Secure Physical Interfaces and APIs
  • Only authorised users can gain debug access to a device and each access grant is unique
  • Blocks "development" back doors and ensures authorised usage of APIs
  • Data is authenticated and integrity protected in both directions - into and out from the module
Secure Transport Layer
Secure Transport Layer
  • The device can authenticate and sign or encrypt the communications with the server
  • No man‑in‑the‑middle attacks in device to server communication
Robustness, Spoofing/Jamming detection and active countermeasures
Robustness Spoofing/Jamming detection and active countermeasures
  • Security is also about software quality
  • Robustness against software attacks and detection of potential attacks on air interfaces