The current security practice for IoT devices is limited to a controlled encryption focus between a given IoT device and the Cloud. IoT devices, and specifically integrating image sensors, generate very sensitive video image data stored and processed in the cloud and on mobile devices. Existing solutions do not address who and what can access and process sensitive data once it has reached the cloud. Typical implementations require complex manual password management to enable multiple applications, and disabling the application requires the resetting of multiple passwords to avoid unauthorized access to devices and the data generated by devices.
Coming to the table with a practical solution, the NICE ecosystem separates device, data and application securities, enabling each to be managed independently. For example, when a user enables an application to interact with the device, the application does not have access to the user’s account or device identity and passwords. The duration of the application’s access can be time-limited without requiring the user to update their passwords. The same approach can be applied when accessing a user’s data – an application can provide time-limited access to a given subset of data without requiring the user to change their personal or device passwords. NICE implements these security provisions using online cloud license authority to (i) bind the device with unique ID and security keys at manufacturing, (ii) secure the device to a particular user when it is being registered to the user and (iii) specify user permission for each application instance maintained by NICE License Authority.
“Riscure performed an independent security review of the NICE Alliance specifications, version 1.0.1. The goal was to provide objective feedback, and recommendations regarding the security measures defined by the specification, in accordance to their predefined threat model. We believe the actions taken by NICE Alliance positively contributes to a more trustworthy ecosystem for network cameras and IoT devices,” said Mr. Maarten Bron, Managing Director of Riscure, Inc.
The audit conducted by the Riscure focused on three main components of the specification:
- Device access management to control the device and receive data
- Data management within the cloud, including several stages of analytics
- Data privacy authority, particularly for personal and private images
The foundation for the secure operation of NICE is the safe handling of keys that are used to encrypt data and control access to IoT data and devices. Microsoft Azure Key Vault is complementary to NICE security and its secure cloud process and management. Azure Key Vault is fully certified in accordance to several international security standards, elevating the NICE ecosystem to a massive scale, while maintaining security and adhering to established industry security practices.
“NICE Alliance is pleased to have qualified a security audit from industry partner Riscure and further collaborate with Microsoft to bring a world-class security and data protection system for IoT Video Intelligence Solution globally,” said David D. Lee, CEO of Scenera, which plays an integral role in spearheading the key innovations in NICE Alliance.
Matt Fleckenstein, Senior Director for Azure Product Marketing at Microsoft Corp. said, “Microsoft is pleased to be supporting NICE achieve the highest levels of security for keys supervision in the cloud in a scalable and cost-effective manner. The success of IoT deployments ultimately relies on the security of device and data being generated and Microsoft is committed to enabling its customers the highest levels of security and data protection.”
NICE Alliance continues to develop its infrastructure and establish guidelines for the ecosystem, which will be open for all companies and interest groups who would like to participate in contributing and adopting the specifications. NICE Specification V1.0.1 can be found here: www.nicealliance.org/specs.
About NICE Alliance
Industry leading consumer electronics manufacturers and brands Foxconn, Nikon, Scenera, Sony Semiconductor Solutions and Wistron formed the NICE Alliance, an innovative ecosystem standard for smart camera and IoT markets, to provide an open data sharing platform based on image data and AI to enhance the synergistic effect of multi-brand, multi-camera and multi-service/apps. NICE Alliance believes that its specification will enable entire new classes of IoT applications including those where private media never leave the sensor, providing enhanced privacy and security.
About Riscure
Founded in 2001, Riscure is a leading global advisor on the security of connected and IoT devices, as well as a recognized vendor of advanced security tools and security training. Riscure helps customers around the world to build robust hardware and software solutions and to speed up the process of secure development and certification. Riscure serves Semiconductor, Mobile and Electronic Payment, Automotive and Premium Content industries as well as Government sector. Riscure is headquartered in Delft, The Netherlands with offices in San Francisco, USA, and Shanghai, China. Follow Riscure on Twitter @Riscure and LinkedIn.
About Scenera
Scenera is forging a new standard data platform for the IP cameras and IoT devices for efficient ways to manage and analyze the data. The visionary founders see the paradigm shift from simple streaming data to rich scene information that enables new and powerful analytical capabilities. Standard compliant devices generate abundant scene-based information for surveillance and monitoring applications for business and consumer users. Scenera’s goal is to align key industry players with the same vision to create an interoperable ecosystem that will bring a new generation of the smart edge devices. For more information, please visit www.scenera.net.