Skip to main content
Loading ...

Your Country

Your Country

Change your address
Search

You are here

Security - the u-blox trusted domain

In industrial applications for the IoT, every attack surface must be secured in order to establish a chain of trust. Learn more about u‑blox's five pillars of security.

Why security?


Sign up here to view the complete security webinar

  • To avoid misuse of applications, secure data, and data transmission, system designs need to follow security principles
  • Exposed interfaces in applications can be used as attack surfaces
  • Any attack will cause harm, including: immediate cost, damages, consequential costs

     

An attacked system may be subject to:

  • Firmware attacks, in which changed code can modify behaviour or access secrets
  • Data attacks, which attempt to interfere with normal operation
  • Man in the middle attacks, in which interface I/O capture is used to change or replay the control or data to interfere with actual values

Read our blog post on Secure IoT identities

Areas of security

Confidentiality Integrity Robustness
Confidentiality
System assets can be only used by authorized parties (secrecy)
Availability
Assets are accessible for authorized parties for a limited time
Integrity
Measure of the trust in the information correctness provided by the system
Robustness
Systems are impervious to intentional or unintentional interference


 

 

Five principles of security that create the u‑blox Trusted Domain

 

Secure Boot

The firmware is authentic, has not been modified and cannot be downgraded

     

Secure Firmware Updates (FOTA)

Only authenticated and validated updates can be applied

  secure boot and firmware
     
secure API   Secure Physical Interfaces and APIs
  • Only authorised users can gain debug access to a device and each access grant is unique
  • Blocks "development" back doors and ensures authorised usage of APIs
  • Data is authenticated and integrity protected in both directions - into and out from the module
      

Secure Transport Layer

  • The device can authenticate and sign or encrypt the communications with the server
  • No man‑in‑the‑middle attacks in device to server communication
  Secure Transport Layer
      
Robustness, Spoofing/Jamming detection and active countermeasures  

Robustness
Spoofing/Jamming detection and active countermeasures

  • Security is also about software quality
  • Robustness against software attacks and detection of potential attacks on air interfaces