Six Factors Your M2M Encryption Solution Should Include by Paul Sobel – Founder & Chief Technical Officer, MerlinCryption LLC. [April 2012]
In this article, Paul Sobel from MerlinCryption LLC (USA) shares his view on the key factors to consider by M2M developers when choosing an encryption solution.
With the $388 Billion Cybercrime business now as large as the international illegal drug trade, and coupled with reactive legislation for data privacy, encryption is no longer a choice for M2M developers.
Additionally, the advent of smart-phones, handhelds, vehicle-based, asset-attached sensors, and the cloud has changed the security landscape. Connectivity providers must carefully secure critical data at every segment of the M2M process. Developers must also protect from counterfeiting, cloning, and physical machine compromise.
Some encryption algorithms, such as RSA, DES, and SSL have been cracked, exposing risk for wire and wireless communications. M2M developers want to cover critical requirements to ensure their encryption adequately protects, as well as design for regulation.
There are many factors to consider. The following provides important points M2M developers want to review when choosing an encryption solution.
Authentication: Does the solution include authentication to identify who or what has machine access? Does the authentication offer dynamic factors and changing parameters to guard from counterfeiting and tampering?
Encryption Keys: How are encryption keys generated? Are keys variable in length and dynamic in value? Can the provider customize and control key parameters? Are keys erased from memory and disc after encryption, and then recreated on demand for decryption (and erased when complete)?
Password Protection: Is there a password option for an extra layer of security? How large is the password? Is it variable?
Encryption Engine: Is the encryption customizable so it is not interoperable with other providers and machines in the marketplace?
Types of Data to be Secured: Does the encryption solution secure data as it is created, viewed, edited, stored and moved across communications channels and through clouds between machines? Some encryptions do not cover data-in-use or data-in-change, exposing critical data on devices during use. What is required for the particular machine or market vertical at hand?
Compliance: Regulators increasingly require M2M entities to protect the integrity, security, and privacy of data. Does the encryption enable compliance for HIPAA, HITECH, FDA, and other appropriate regulatory bodies? Is the encryption approved for export in countries where the machine engages in business, or plans to in the future? Is it encryption provider OFAC compliant?
Other questions encompass the encryption’s easy portability, scalability, and its flexibility to evolve with new M2M technology.
Effectively embedding encryption circumvents the expense, time, and space consumed by additional software, hardware, and procedural steps for the developer. Strong and flexible encryption also leverages value in diverse M2M partner environments.
Whether serving as a senior scientist or special task force engineer, Paul “Prem” Sobel has dedicated a 40-year career to mission critical projects where protecting sensitive data is paramount. His security focus encompasses log management, NAC, super computer design, graphical and audio presentation of Big Data in eleven or more dimensions, and image processing. A CIT M.S.E.E. graduate, he has worked with IBM, NASA, Northrop, and Intel, before launching MerlinCryption LLC. His development of an exponentially stronger encryption with variable key length has established the Smart-World’s Smart-Encryption™.